Re: Class name as NSString and problem with NSLog?
You¹ll get more mileage out of that in Radar (they don¹t "officially² do
Apple-isms), and you might want to add to your bug that the
format-recognizer NS_FORMAT_FUNCTION (see NSString.h) should be extended
for predicate formats or a new one, NS_PREDICATE_FORMAT_FUNCTION, should
be added for such extensions, and that it should be applied to the
appropriate methods in NSPredicate.h.
--
Gary L. Wade
http://www.garywade.com/
On 3/19/2014, 2:13 PM, "Sean McBride" wrote:
>On Thu, 6 Mar 2014 15:47:08 -0800, Greg Parker said:
>
I remember the ³Month Of Apple Bugs²** that a hacker group ran in
2007,
where they published a new app or OS security vulnerability every day
for month. A lot of them were caused by format-string vulnerabilities.
Soon thereafter the compiler team at Apple added that format-string
security warning :)
>>>
>>> Though it still doesn't work for NSPredicate APIs:, all these years
>>later, ex:
>>>
>>> ---
>>> #import
>>>
>>> int main (void)
>>> {
>>> NSPredicate* predicate = [NSPredicate predicateWithFormat:@"foo ==
>>>%d"];
>>>
>>> return !!predicate;
>>> }
>>> ---
>>>
>>> "clang -Weverything -fsyntax-only ~/test.m" gives nothing!
>>>
>>> Dupes welcome. :)
>>
>>The problem is that +predicateWithFormat: accepts conversions that are
>>not part of NSString's format string syntax. Adding format string
>>warnings for new format string syntaxes requires compiler changes.
>
>Incase anyone wants to cc themselves, I created this bug:
>
>
>
>Cheers,
>
>--
>
>Sean McBride, B. Eng s...@rogue-research.com
>Rogue Researchwww.rogue-research.com
>Mac Software Developer Montréal, Québec, Canada
>
>___
>
>Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
>
>Please do not post admin requests or moderator comments to the list.
>Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
>Help/Unsubscribe/Update your Subscription:
>https://lists.apple.com/mailman/options/cocoa-dev/garywade%40desisoftsyste
>ms.com
>
>This email sent to garyw...@desisoftsystems.com
___
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
Re: Class name as NSString and problem with NSLog?
On Thu, 6 Mar 2014 15:47:08 -0800, Greg Parker said:
>>> I remember the “Month Of Apple Bugs”** that a hacker group ran in 2007,
>>> where they published a new app or OS security vulnerability every day
>>> for month. A lot of them were caused by format-string vulnerabilities.
>>> Soon thereafter the compiler team at Apple added that format-string
>>> security warning :)
>>
>> Though it still doesn't work for NSPredicate APIs:, all these years
>later, ex:
>>
>> ---
>> #import
>>
>> int main (void)
>> {
>> NSPredicate* predicate = [NSPredicate predicateWithFormat:@"foo == %d"];
>>
>> return !!predicate;
>> }
>> ---
>>
>> "clang -Weverything -fsyntax-only ~/test.m" gives nothing!
>>
>> Dupes welcome. :)
>
>The problem is that +predicateWithFormat: accepts conversions that are
>not part of NSString's format string syntax. Adding format string
>warnings for new format string syntaxes requires compiler changes.
Incase anyone wants to cc themselves, I created this bug:
Cheers,
--
Sean McBride, B. Eng s...@rogue-research.com
Rogue Researchwww.rogue-research.com
Mac Software Developer Montréal, Québec, Canada
___
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
Re: Class name as NSString and problem with NSLog?
On Mar 6, 2014, at 3:37 PM, Sean McBride wrote:
> On Thu, 6 Mar 2014 15:15:49 -0800, Jens Alfke said:
>> I remember the “Month Of Apple Bugs”** that a hacker group ran in 2007,
>> where they published a new app or OS security vulnerability every day
>> for month. A lot of them were caused by format-string vulnerabilities.
>> Soon thereafter the compiler team at Apple added that format-string
>> security warning :)
>
> Though it still doesn't work for NSPredicate APIs:, all these years later, ex:
>
> ---
> #import
>
> int main (void)
> {
> NSPredicate* predicate = [NSPredicate predicateWithFormat:@"foo == %d"];
>
> return !!predicate;
> }
> ---
>
> "clang -Weverything -fsyntax-only ~/test.m" gives nothing!
>
> Dupes welcome. :)
The problem is that +predicateWithFormat: accepts conversions that are not part
of NSString's format string syntax. Adding format string warnings for new
format string syntaxes requires compiler changes.
--
Greg Parker gpar...@apple.com Runtime Wrangler
___
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
Re: Class name as NSString and problem with NSLog?
On Thu, 6 Mar 2014 15:15:49 -0800, Jens Alfke said:
>I remember the “Month Of Apple Bugs”** that a hacker group ran in 2007,
>where they published a new app or OS security vulnerability every day
>for month. A lot of them were caused by format-string vulnerabilities.
>Soon thereafter the compiler team at Apple added that format-string
>security warning :)
Though it still doesn't work for NSPredicate APIs:, all these years later, ex:
---
#import
int main (void)
{
NSPredicate* predicate = [NSPredicate predicateWithFormat:@"foo == %d"];
return !!predicate;
}
---
"clang -Weverything -fsyntax-only ~/test.m" gives nothing!
Dupes welcome. :)
Cheers,
--
Sean McBride, B. Eng s...@rogue-research.com
Rogue Researchwww.rogue-research.com
Mac Software Developer Montréal, Québec, Canada
___
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
Re: Class name as NSString and problem with NSLog?
On Mar 6, 2014, at 10:21 AM, William Squires wrote: > Also, when I do this (using a literal NSString constant for myClassName > above), Xcode marks the line with NSLog with a yellow triangle, and > disclosing it says something about passing an NSString instance as being > "unsecure". Can this warning be turned off? It seems silly to do: > NSLog(@"%@", fooText); > just to avoid this warning. No, this is a very important warning. The format string in a printf-type call should _always_ be a constant. Otherwise the code can be vulnerable to a format string attack*. In your specific case, the string you pass as the format isn’t going to be unsafe, but the compiler doesn’t know that. The really bad scenarios happen when the value of the format string can be controlled by user or network input; then an attacker can craft special strings containing % characters that can crash the app or possibly even make it run malicious code. I remember the “Month Of Apple Bugs”** that a hacker group ran in 2007, where they published a new app or OS security vulnerability every day for month. A lot of them were caused by format-string vulnerabilities. Soon thereafter the compiler team at Apple added that format-string security warning :) —Jens * http://en.wikipedia.org/wiki/Format_string_attack ** http://projects.info-pull.com/moab/ ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Class name as NSString and problem with NSLog?
On Mar 6, 2014, at 10:21 AM, William Squires wrote: > Also, when I do this (using a literal NSString constant for myClassName > above), Xcode marks the line with NSLog with a yellow triangle, and > disclosing it says something about passing an NSString instance as being > "unsecure". Can this warning be turned off? It seems silly to do: > > NSLog(@"%@", fooText); > > just to avoid this warning. Some class names have '%' in them. If you called NSLog() without using the "silly" format string, you'd print nonsense or just crash. -- Greg Parker gpar...@apple.com Runtime Wrangler ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Class name as NSString and problem with NSLog?
On Mar 6, 2014, at 10:21 AM, William Squires wrote: > > > > Also, when I do this (using a literal NSString constant for myClassName > above), Xcode marks the line with NSLog with a yellow triangle, and > disclosing it says something about passing an NSString instance as being > "unsecure". Can this warning be turned off? It seems silly to do: > > NSLog(@"%@", fooText); > > just to avoid this warning. > You won't think it's silly when fooText contains something you don't expect. ___ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Class name as NSString and problem with NSLog?
Even further you can get the current command by using
NSStringFromSelector(_cmd); _cmd is the current selector.
You can also use NSLog(@“%s”, _PRETTY_FUNCTION”) which will give you the class
name and current selector.
Do a google search also for NSLog replacements there are ones that do a lot of
work of prepending all NSlog calls with class, function, line number and you
custom message. Like the answer here:
http://stackoverflow.com/questions/969130/how-to-print-out-the-method-name-and-line-number-and-conditionally-disable-nslog
Scott
On Mar 6, 2014, at 10:21 AM, William Squires wrote:
> Given an object, and a method within, is there some way to get the name of
> the class of the object as an NSString?
> For that matter, what I want to do is something like this:
>
> Class MyClass
> "MyClass.h"
> #import
>
> @interface MyClass : NSObject
>
> ...
>
> -(void)myMethod;
>
> @end
>
> "MyClass.m"
> #import "MyClass.h"
>
> @implementation MyClass
>
> ...
> -(void)myMethod
> {
> NSString *myClassName = ???; // What can I put here besides a literal
> @"MyClass"?
>
> NSString *fooText = [NSString stringWithFormat:@"<%@> -(void)myMethod",
> myClassName];
> NSLog(fooText); // Yellow triangle on this line
> }
> ...
> @end
>
> so that when the myMethod message is sent to an object of MyClass, the output
> should be:
>
> <>: -(void)myMethod
>
> on the output pane when debugging - "<>" just comes from the NSLog
> call.
>
> Also, when I do this (using a literal NSString constant for myClassName
> above), Xcode marks the line with NSLog with a yellow triangle, and
> disclosing it says something about passing an NSString instance as being
> "unsecure". Can this warning be turned off? It seems silly to do:
>
> NSLog(@"%@", fooText);
>
> just to avoid this warning.
> By using this strategy, if several classes implement the same message, I can
> tell which instance received the message during debugging; this is handy when
> iterating over containers (such as NSArray), and passing the same message to
> multiple objects, or when passing messages to objects of subclasses that
> override the behavior of their super.
> TIA!
>
>
>
> ___
>
> Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/cocoa-dev/scottandrew%40roadrunner.com
>
> This email sent to scottand...@roadrunner.com
smime.p7s
Description: S/MIME cryptographic signature
___
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
Re: Class name as NSString and problem with NSLog?
On Mar 6, 2014, at 12:21 PM, William Squires wrote:
> Given an object, and a method within, is there some way to get the name of
> the class of the object as an NSString?
Well, you could do NSStringFromClass([self class]) but that gives the name of
the object's dynamic class, which is not necessarily the same as the class in
which the method is implemented.
> For that matter, what I want to do is something like this:
> -(void)myMethod
> {
> NSString *myClassName = ???; // What can I put here besides a literal
> @"MyClass"?
>
> NSString *fooText = [NSString stringWithFormat:@"<%@> -(void)myMethod",
> myClassName];
> NSLog(fooText); // Yellow triangle on this line
> }
Are you aware of the __func__ (or __PRETTY_FUNCTION__) compiler-defined
variable? It is a C string whose content is "-[MyClass myMethod]". (In a
function, it will be the function name rather than the method name.)
So, you could do:
NSLog(@"%s", __func__);
> Also, when I do this (using a literal NSString constant for myClassName
> above), Xcode marks the line with NSLog with a yellow triangle, and
> disclosing it says something about passing an NSString instance as being
> "unsecure". Can this warning be turned off? It seems silly to do:
>
> NSLog(@"%@", fooText);
>
> just to avoid this warning.
It almost certainly can be turned off. Usually, the warning line from the
compiler explains which warning option enabled the particular warning and you
can turn it off by insert "no" in a compiler option. However: 1) it's a
valuable warning, and 2) you're already using a format string to construct
fooText. Why not just put that format string into the NSLog() call and
eliminate the fooText temporary variable?
Regards,
Ken
___
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
Re: Class name as NSString and problem with NSLog?
> On Mar 6, 2014, at 10:21 AM, William Squires wrote:
>
> Given an object, and a method within, is there some way to get the name of
> the class of the object as an NSString?
> For that matter, what I want to do is something like this:
>
> Class MyClass
> "MyClass.h"
> #import
>
> @interface MyClass : NSObject
>
> ...
>
> -(void)myMethod;
>
> @end
>
> "MyClass.m"
> #import "MyClass.h"
>
> @implementation MyClass
>
> ...
> -(void)myMethod
> {
> NSString *myClassName = ???; // What can I put here besides a literal
> @"MyClass"?
NSStringFromClass([self class])
>
> NSString *fooText = [NSString stringWithFormat:@"<%@> -(void)myMethod",
> myClassName];
> NSLog(fooText); // Yellow triangle on this line
You should learn about __PRETTY_FUNCTION__, which is a preprocessor macro that
expands to a C string literal containing the name of the current
function/method (including class).
--Kyle Sluder
> }
> ...
> @end
>
> so that when the myMethod message is sent to an object of MyClass, the output
> should be:
>
> <>: -(void)myMethod
>
> on the output pane when debugging - "<>" just comes from the NSLog
> call.
>
> Also, when I do this (using a literal NSString constant for myClassName
> above), Xcode marks the line with NSLog with a yellow triangle, and
> disclosing it says something about passing an NSString instance as being
> "unsecure". Can this warning be turned off? It seems silly to do:
>
> NSLog(@"%@", fooText);
>
> just to avoid this warning.
Yes, passing dynamic strings as the first argument to NSLog, etc. has been the
cause of many buffer overruns (and security vulnerabilities) in the past. Apple
fixed a whole bunch of them a few OS revs back.
--Kyle Sluder
___
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
Re: Class name as NSString and problem with NSLog?
First off, you don't need to build the string ahead of time; NSLog()
supports vararg formatting:
NSLog(@"<%@> -(void)myMethod", myClassName);
Off the top of my head, I can't recall whether Class objects get formatted
as the class name automatically:
NSLog(@"<%@> -(void)myMethod", [self class]); // works??
But you can certainly convert to a string with the name of the class
explicitly with NSStringFromClass():
NSLog(@"<%@> -(void)myMethod", NSStringFromClass([self class));
On Thu, Mar 6, 2014 at 11:21 AM, William Squires wrote:
> Given an object, and a method within, is there some way to get the name
> of the class of the object as an NSString?
> For that matter, what I want to do is something like this:
>
> Class MyClass
> "MyClass.h"
> #import
>
> @interface MyClass : NSObject
>
> ...
>
> -(void)myMethod;
>
> @end
>
> "MyClass.m"
> #import "MyClass.h"
>
> @implementation MyClass
>
> ...
> -(void)myMethod
> {
> NSString *myClassName = ???; // What can I put here besides a literal
> @"MyClass"?
>
> NSString *fooText = [NSString stringWithFormat:@"<%@> -(void)myMethod",
> myClassName];
> NSLog(fooText); // Yellow triangle on this line
> }
> ...
> @end
>
> so that when the myMethod message is sent to an object of MyClass, the
> output should be:
>
> <>: -(void)myMethod
>
> on the output pane when debugging - "<>" just comes from the
> NSLog call.
>
> Also, when I do this (using a literal NSString constant for myClassName
> above), Xcode marks the line with NSLog with a yellow triangle, and
> disclosing it says something about passing an NSString instance as being
> "unsecure". Can this warning be turned off? It seems silly to do:
>
> NSLog(@"%@", fooText);
>
> just to avoid this warning.
> By using this strategy, if several classes implement the same message, I
> can tell which instance received the message during debugging; this is
> handy when iterating over containers (such as NSArray), and passing the
> same message to multiple objects, or when passing messages to objects of
> subclasses that override the behavior of their super.
> TIA!
>
>
>
> ___
>
> Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
>
> Please do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
> https://lists.apple.com/mailman/options/cocoa-dev/himself%40sfko.com
>
> This email sent to hims...@sfko.com
___
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
Class name as NSString and problem with NSLog?
Given an object, and a method within, is there some way to get the name of
the class of the object as an NSString?
For that matter, what I want to do is something like this:
Class MyClass
"MyClass.h"
#import
@interface MyClass : NSObject
...
-(void)myMethod;
@end
"MyClass.m"
#import "MyClass.h"
@implementation MyClass
...
-(void)myMethod
{
NSString *myClassName = ???; // What can I put here besides a literal
@"MyClass"?
NSString *fooText = [NSString stringWithFormat:@"<%@> -(void)myMethod",
myClassName];
NSLog(fooText); // Yellow triangle on this line
}
...
@end
so that when the myMethod message is sent to an object of MyClass, the output
should be:
<>: -(void)myMethod
on the output pane when debugging - "<>" just comes from the NSLog
call.
Also, when I do this (using a literal NSString constant for myClassName
above), Xcode marks the line with NSLog with a yellow triangle, and disclosing
it says something about passing an NSString instance as being "unsecure". Can
this warning be turned off? It seems silly to do:
NSLog(@"%@", fooText);
just to avoid this warning.
By using this strategy, if several classes implement the same message, I can
tell which instance received the message during debugging; this is handy when
iterating over containers (such as NSArray), and passing the same message to
multiple objects, or when passing messages to objects of subclasses that
override the behavior of their super.
TIA!
___
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
