Objective-C Scan rules
Contrast Scan supports these rules for Objective-C.
Severity | Contrast rule | Engine rule ID | Description |
|---|---|---|---|
Critical | Avoid SQL Injection | OPT.OBJECTIVEC.AvoidSqlInjection | AvoidSqlInjection: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
Critical | Code Injection | OPT.OBJECTIVEC.CodeInjection | CodeInjection: Improper Control of Generation of Code ('Code Injection') |
Critical | Cross Site Scripting | OPT.OBJECTIVEC.CrossSiteScripting | CrossSiteScripting: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
Critical | DoS Regular Expression | OPT.OBJECTIVEC.DoSRegularExpression | DoSRegularExpression: Prevent denial of service attack through malicious regular expression |
Critical | Format String Vulnerability | OPT.OBJECTIVEC.FormatStringVulnerability | FormatStringVulnerability: Exclude unsanitized user input from format strings |
Critical | JSON Injection | OPT.OBJECTIVEC.JSONInjection | JSONInjection: Avoid using non-neutralized user-controlled input into JSON entities - JSON Injection |
Critical | Open Redirect | OPT.OBJECTIVEC.OpenRedirect | OpenRedirect: URL Redirection to Untrusted Site ('Open Redirect') |
Critical | XML Entity Injection | OPT.OBJECTIVEC.XMLEntityInjection | XMLEntityInjection: XML entity injection |
Critical | XPath Injection | OPT.OBJECTIVEC.XPathInjection | XPathInjection: Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
Critical | Command Injection Rule | OPT.OBJECTIVEC.SECURITY.CommandInjectionRule | CommandInjectionRule: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
Critical | Connection String Parameter Pollution | OPT.OBJECTIVEC.SECURITY.ConnectionStringParameterPollution | ConnectionStringParameterPollution: Connection string polluted with untrusted input |
Critical | Http Splitting Rule | OPT.OBJECTIVEC.SECURITY.HttpSplittingRule | HttpSplittingRule: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
Critical | Mail Command Injection | OPT.OBJECTIVEC.SECURITY.MailCommandInjection | MailCommandInjection: Mail Command Injection |
Critical | No SQL Injection | OPT.OBJECTIVEC.SECURITY.NoSQLInjection | NoSQLInjection: Improper neutralization of special elements in data query logic (NoSQL injection) |
Critical | Avoid Confusing User Id Calls | OPT.OBJECTIVEC.AvoidConfusingUserIdCalls | AvoidConfusingUserIdCalls: Avoid setuid() / setreuid() / setgid() / setregid() to change program privilege levels |
Critical | Avoid Empty Catch Blocks | OPT.OBJECTIVEC.AvoidEmptyCatchBlocks | AvoidEmptyCatchBlocks: Avoid empty @catch blocks |
Critical | Avoid Large Methods | OPT.OBJECTIVEC.AvoidLargeMethods | AvoidLargeMethods: Avoid methods with excessive number of lines |
Critical | Avoid Loop With Empty Body | OPT.OBJECTIVEC.AvoidLoopWithEmptyBody | AvoidLoopWithEmptyBody: Avoid loops (while, do/while, for) with empty body |
Critical | Avoid Sudo | OPT.OBJECTIVEC.AvoidSudo | AvoidSudo: Avoid using sudo programmatically |
Critical | Avoid Throwing Exceptions | OPT.OBJECTIVEC.AvoidThrowingExceptions | AvoidThrowingExceptions: Avoid throwing exceptions |
Critical | Nil In Literals | OPT.OBJECTIVEC.NilInLiterals | NilInLiterals: Do not use nil in NSArray or NSDictionary literals |
Critical | No Update Loop Vars In For Body | OPT.OBJECTIVEC.NoUpdateLoopVarsInForBody | NoUpdateLoopVarsInForBody: Do not update control vars in 'for' loop body |
Critical | Override Draw Rect U IView Subclasses | OPT.OBJECTIVEC.OverrideDrawRectUIViewSubclasses | OverrideDrawRectUIViewSubclasses: Call super when overriding drawRect: and superclass is a UIView subclass |
Critical | Override Is Equal And Hash | OPT.OBJECTIVEC.OverrideIsEqualAndHash | OverrideIsEqualAndHash: Override hash method when overriding isEqual: method |
Critical | Override U IView Controller Methods | OPT.OBJECTIVEC.OverrideUIViewControllerMethods | OverrideUIViewControllerMethods: Call super when overriding some of UIViewController methods |
Critical | Override U IView Methods | OPT.OBJECTIVEC.OverrideUIViewMethods | OverrideUIViewMethods: Call super when overriding some of UIView methods |
Critical | Path Manipulation Vulnerability | OPT.OBJECTIVEC.PathManipulationVulnerability | PathManipulationVulnerability: Avoid non-neutralized user-controlled input to be part of a pathname (file or directory) used in I/O operations |
Critical | Replace With Less Secure Func | OPT.OBJECTIVEC.ReplaceWithLessSecureFunc | ReplaceWithLessSecureFunc: Do not replace secure functions with less secure functions |
Critical | Reuse Annotation Views | OPT.OBJECTIVEC.ReuseAnnotationViews | ReuseAnnotationViews: Reuse annotation views in maps |
Critical | Reuse Table View Cells | OPT.OBJECTIVEC.ReuseTableViewCells | ReuseTableViewCells: Reuse cells in table views |
Critical | Missing Password Field Masking | OPT.OBJECTIVEC.SECURITY.MissingPasswordFieldMasking | MissingPasswordFieldMasking: Password input field is not masked |
Critical | Certificate Verify Failed Bypass | OPT.OBJECTIVEC.CertificateVerifyFailedBypass | CertificateVerifyFailedBypass: Do not bypass certificate validation fails |
Critical | Hardcoded Crypto Key | OPT.OBJECTIVEC.SECURITY.HardcodedCryptoKey | HardcodedCryptoKey: Hardcoded cryptographic keys |
Critical | Weak Key Derivation Iteration | OPT.OBJECTIVEC.SECURITY.WeakKeyDerivationIteration | WeakKeyDerivationIteration: Too weak iteration count on key derivation |
Critical | Weak Key Derivation Password | OPT.OBJECTIVEC.SECURITY.WeakKeyDerivationPassword | WeakKeyDerivationPassword: Empty or nil password used in key derivation |
High | Do Not Use System | OPT.OBJECTIVEC.DoNotUseSystem | DoNotUseSystem: Do not call system() if you do not need a command processor |
High | Perform Selector With Untrusted Data | OPT.OBJECTIVEC.PerformSelectorWithUntrustedData | PerformSelectorWithUntrustedData: Avoid external control over performSelector |
High | URL Schemes Handling | OPT.OBJECTIVEC.URLSchemesHandling | URLSchemesHandling: Verify invoker application identity |
High | Http Parameter Pollution Rule | OPT.OBJECTIVEC.SECURITY.HttpParameterPollutionRule | HttpParameterPollutionRule: HTTP parameter pollution (HPP) |
High | Log Forging | OPT.OBJECTIVEC.SECURITY.LogForging | LogForging: Improper Output Neutralization for Logs |
High | Resource Injection | OPT.OBJECTIVEC.SECURITY.ResourceInjection | ResourceInjection: Improper control of resource identifiers ("Resource Injection") |
High | URL Scheme Hijacking | OPT.OBJECTIVEC.SECURITY.URLSchemeHijacking | URLSchemeHijacking: URL scheme hijacking though user input |
High | XML Injection | OPT.OBJECTIVEC.SECURITY.XMLInjection | XMLInjection: XML Injection (aka Blind XPath Injection) |
High | Assign Init Result To Self | OPT.OBJECTIVEC.AssignInitResultToSelf | AssignInitResultToSelf: Assign the result of [super init] to self in init methods and check for nil |
High | Avoid Conditional Operator | OPT.OBJECTIVEC.AvoidConditionalOperator | AvoidConditionalOperator: Do not use ? ternary operator to evaluate conditions |
High | Avoid Empty Draw Rect | OPT.OBJECTIVEC.AvoidEmptyDrawRect | AvoidEmptyDrawRect: Avoid empty drawRect: implementations |
High | Avoid Insecure C String Functions | OPT.OBJECTIVEC.AvoidInsecureCStringFunctions | AvoidInsecureCStringFunctions: Avoid C library functions that do not check for bounds |
High | Avoid Maximum Location Accuracy When Possible | OPT.OBJECTIVEC.AvoidMaximumLocationAccuracyWhenPossible | AvoidMaximumLocationAccuracyWhenPossible: Avoid using by default the best location accuracy |
High | Balance Custom Getters And Setters | OPT.OBJECTIVEC.BalanceCustomGettersAndSetters | BalanceCustomGettersAndSetters: Always write a custom getter for a property where you have a custom setter, and viceversa |
High | Boolean In Comparisons | OPT.OBJECTIVEC.BooleanInComparisons | BooleanInComparisons: Avoid using nil/NO or YES in comparisons |
High | Cache N S Date Formatters | OPT.OBJECTIVEC.CacheNSDateFormatters | CacheNSDateFormatters: Cache a single instance from NSDateFormatter types instead of creating multiple instances |
High | Claim Ownership Core Foundation Objects | OPT.OBJECTIVEC.ClaimOwnershipCoreFoundationObjects | ClaimOwnershipCoreFoundationObjects: Claim ownership of Core Foundation objects received from Core Foundation Get functions |
High | Class Cyclomatic Complexity | OPT.OBJECTIVEC.ClassCyclomaticComplexity | ClassCyclomaticComplexity: Avoid using classes with high cyclomatic complexity values |
High | Clear Frame Buffers Before Drawing | OPT.OBJECTIVEC.ClearFrameBuffersBeforeDrawing | ClearFrameBuffersBeforeDrawing: Call glClear function before drawing |
High | Comment Top Level Declarations | OPT.OBJECTIVEC.CommentTopLevelDeclarations | CommentTopLevelDeclarations: Interfaces, categories and protocols should have an accompanying comment |
High | Create Autorelease Pool In Thread | OPT.OBJECTIVEC.CreateAutoreleasePoolInThread | CreateAutoreleasePoolInThread: Create an autorelease pool in each thread |
High | Deallocation Of Objects Removed From Collections | OPT.OBJECTIVEC.DeallocationOfObjectsRemovedFromCollections | DeallocationOfObjectsRemovedFromCollections: Avoid deallocation of objects removed from fundamental collection classes (NSMutableArray, NSMutableDictionary) that you are going to use |
High | Dealloc Method | OPT.OBJECTIVEC.DeallocMethod | DeallocMethod: Not invoke to the superclass's implementation at the end of the dealloc implementation |
High | Default Clause Switch Statements | OPT.OBJECTIVEC.DefaultClauseSwitchStatements | DefaultClauseSwitchStatements: All switch statements must have a default statement |
High | Designated Initializer | OPT.OBJECTIVEC.DesignatedInitializer | DesignatedInitializer: Every public class must have at least one designated initializer |
High | Distance From Main Sequence | OPT.OBJECTIVEC.DistanceFromMainSequence | DistanceFromMainSequence: Project should not be too far from main sequence |
High | Do Not Instantiate Temporal Objects Loops | OPT.OBJECTIVEC.DoNotInstantiateTemporalObjectsLoops | DoNotInstantiateTemporalObjectsLoops: Avoid instantiating temporal objects in loop bodies |
High | Fork Followed By Exec | OPT.OBJECTIVEC.ForkFollowedByExec | ForkFollowedByExec: A call to fork must be followed by a call to exec or a similar function |
High | Handle Memory Warnings | OPT.OBJECTIVEC.HandleMemoryWarnings | HandleMemoryWarnings: Respond to low-memory warnings |
High | Many Cases | OPT.OBJECTIVEC.ManyCases | ManyCases: Avoid too many choices in switch structures |
High | Method Cyclomatic Complexity | OPT.OBJECTIVEC.MethodCyclomaticComplexity | MethodCyclomaticComplexity: Avoid using methods with high cyclomatic complexity values |
High | Minimize Bluetooth Interaction | OPT.OBJECTIVEC.MinimizeBluetoothInteraction | MinimizeBluetoothInteraction: Avoid using CBCentralManagerScanOptionAllowDuplicatesKey constant as a scan option |
High | Nested If Statements | OPT.OBJECTIVEC.NestedIfStatements | NestedIfStatements: Avoid a high level of if statement nesting |
High | Notify Deallocation Weak References | OPT.OBJECTIVEC.NotifyDeallocationWeakReferences | NotifyDeallocationWeakReferences: Notify deallocation in weak-referenced objects |
High | Low Cohesion Within Object | OPT.OBJECTIVEC.LowCohesionWithinObject | LowCohesionWithinObject: Avoid classes with a low degree of cohesion |
High | Parenthesize Macro Args | OPT.OBJECTIVEC.ParenthesizeMacroArgs | ParenthesizeMacroArgs: Macro replacement lists should be parenthesized |
High | Property Data Member | OPT.OBJECTIVEC.PropertyDataMember | PropertyDataMember: Create a property for each data member and never access instance variables directly |
High | Release Core Foundation Objects | OPT.OBJECTIVEC.ReleaseCoreFoundationObjects | ReleaseCoreFoundationObjects: Relinquish ownership of owned Core Foundation objects |
High | Release Ivars Dealloc | OPT.OBJECTIVEC.ReleaseIvarsDealloc | ReleaseIvarsDealloc: Release ivars for retained/copied properties in dealloc method |
High | Release Owned Objects | OPT.OBJECTIVEC.ReleaseOwnedObjects | ReleaseOwnedObjects: Release owned objects in MRR |
High | Sizeof Pointer Instead Array | OPT.OBJECTIVEC.SizeofPointerInsteadArray | SizeofPointerInsteadArray: Do not apply the sizeof operator to a pointer when taking the size of an array |
High | Specify Path For Shadows | OPT.OBJECTIVEC.SpecifyPathForShadows | SpecifyPathForShadows: Specify shadowPath property of layer when drawing a shadow |
High | Subviews In Standard Controls | OPT.OBJECTIVEC.SubviewsInStandardControls | SubviewsInStandardControls: Do not add subviews to standard system controls |
High | Unstructured Branching Statements | OPT.OBJECTIVEC.UnstructuredBranchingStatements | UnstructuredBranchingStatements: Avoid using unstructured branching statements |
High | Unused Local Var | OPT.OBJECTIVEC.UnusedLocalVar | UnusedLocalVar: Avoid unused local variable |
High | Unused Method Parameter | OPT.OBJECTIVEC.UnusedMethodParameter | UnusedMethodParameter: Avoid unused method parameters |
High | Use Automatic Reference Counting | OPT.OBJECTIVEC.UseAutomaticReferenceCounting | UseAutomaticReferenceCounting: Code must obey transition to ARC rules |
High | Use Block Based Animation | OPT.OBJECTIVEC.UseBlockBasedAnimation | UseBlockBasedAnimation: Use block-based animations |
High | Use Setter For Property | OPT.OBJECTIVEC.UseSetterForProperty | UseSetterForProperty: When setting property values, use setter method |
High | User Controlled SQL Primary Key | OPT.OBJECTIVEC.SECURITY.UserControlledSQLPrimaryKey | UserControlledSQLPrimaryKey: Avoid using an user controlled Primary Key into a query |
High | Insecure Transport Layer | OPT.OBJECTIVEC.InsecureTransportLayer | InsecureTransportLayer: Avoid using HTTP instead of HTTPS |
High | Hardcoded Ip | OPT.OBJECTIVEC.SECURITY.HardcodedIp | HardcodedIp: Do not write IP address in source code |
High | Weak Cryptographic Hash | OPT.OBJECTIVEC.WeakCryptographicHash | WeakCryptographicHash: Weak cryptographic hashes cannot guarantee data integrity |
High | Weak Encryption | OPT.OBJECTIVEC.WeakEncryption | WeakEncryption: Weak encryption algorithm |
Low | Avoid C GContext Flush | OPT.OBJECTIVEC.AvoidCGContextFlush | AvoidCGContextFlush: Avoid calling CGContextFlush |
Low | Avoid Exposing Instance Vars | OPT.OBJECTIVEC.AvoidExposingInstanceVars | AvoidExposingInstanceVars: Instance variables should be properly hidden |
Low | Avoid Function Like Macros | OPT.OBJECTIVEC.AvoidFunctionLikeMacros | AvoidFunctionLikeMacros: AvoidFunctionLikeMacros: Prefer inline or static functions to function-like macros |
Low | Avoid Locks | OPT.OBJECTIVEC.AvoidLocks | AvoidLocks: Avoid using locks |
Low | Avoid Single Word Titles In Alerts | OPT.OBJECTIVEC.AvoidSingleWordTitlesInAlerts | AvoidSingleWordTitlesInAlerts: Avoid 'Alert' elements with little explanatory title |
Low | Category In Framework Class Name Conventions | OPT.OBJECTIVEC.CategoryInFrameworkClassNameConventions | CategoryInFrameworkClassNameConventions: Naming convention for category methods in framework classes |
Low | Dead Code | OPT.OBJECTIVEC.DeadCode | DeadCode: Avoid unreachable code |
Low | Declare Subviews As Opaque | OPT.OBJECTIVEC.DeclareSubviewsAsOpaque | DeclareSubviewsAsOpaque: Declare subviews as opaque |
Low | Reference From Parent To Child Class | OPT.OBJECTIVEC.ReferenceFromParentToChildClass | ReferenceFromParentToChildClass: Parent class does not reference any of its child classes |
Low | Password In Comment Rule | OPT.OBJECTIVEC.SECURITY.PasswordInCommentRule | PasswordInCommentRule: Storing passwords or password details in plaintext anywhere in the system or system code can compromise system security |
Medium | Plaintext Storage In A Cookie Rule | OPT.OBJECTIVEC.SECURITY.PlaintextStorageInACookieRule | PlaintextStorageInACookieRule: Cleartext Storage of Sensitive Information in a Cookie |
Medium | Unsafe Cookie | OPT.OBJECTIVEC.SECURITY.UnsafeCookie | UnsafeCookie: Generate server-side cookies with adequate security properties |
Medium | Serialization Injection | OPT.OBJECTIVEC.SECURITY.SerializationInjection | SerializationInjection: Deserialization of untrusted data |
Medium | Avoid Comparing Float Numbers | OPT.OBJECTIVEC.AvoidComparingFloatNumbers | AvoidComparingFloatNumbers: Avoid comparing floating point with Code Quality [] {} |
Medium | Avoid Magic Numbers | OPT.OBJECTIVEC.AvoidMagicNumbers | AvoidMagicNumbers: Avoid using numeric constants |
Medium | Avoid N S Log | OPT.OBJECTIVEC.AvoidNSLog | AvoidNSLog: Avoid the use of NSLog except in mode DEGUB |
Medium | Avoid Querying State Open G L E S | OPT.OBJECTIVEC.AvoidQueryingStateOpenGLES | AvoidQueryingStateOpenGLES: Avoid calls to glGet*() to preserve parallelism |
Medium | Avoid Super In Load View | OPT.OBJECTIVEC.AvoidSuperInLoadView | AvoidSuperInLoadView: Avoid calling super when overriding loadView |
Medium | Avoid Too Deep Class Hierarchies | OPT.OBJECTIVEC.AvoidTooDeepClassHierarchies | AvoidTooDeepClassHierarchies: Avoid too deep hierarchy classes |
Medium | Avoid Unsafe File Functions | OPT.OBJECTIVEC.AvoidUnsafeFileFunctions | AvoidUnsafeFileFunctions: Use safe file access POSIX functions |
Medium | Background Apps Open G L E S Commands | OPT.OBJECTIVEC.BackgroundAppsOpenGLESCommands | BackgroundAppsOpenGLESCommands: Avoid submitting OpenGL ES commands when your app is in background |
Medium | Be Aware Of Location Errors | OPT.OBJECTIVEC.BeAwareOfLocationErrors | BeAwareOfLocationErrors: Be aware of location errors |
Medium | Break Non Empty Switch Clauses | OPT.OBJECTIVEC.BreakNonEmptySwitchClauses | BreakNonEmptySwitchClauses: Non empty case sentences must end with a break sentence |
Medium | Check Parameter Number In Method | OPT.OBJECTIVEC.CheckParameterNumberInMethod | CheckParameterNumberInMethod: Too many parameters in method |
Medium | Class Factory Methods Name Convention | OPT.OBJECTIVEC.ClassFactoryMethodsNameConvention | ClassFactoryMethodsNameConvention: Naming convention for class factory methods |
Medium | Copy Immutable Objects | OPT.OBJECTIVEC.CopyImmutableObjects | CopyImmutableObjects: Always use the (copy) storage class for properties that receive objects that have mutable subclasses |
Medium | Density Of Comments | OPT.OBJECTIVEC.DensityOfComments | DensityOfComments: Source code must be properly commented |
Medium | Font Size | OPT.OBJECTIVEC.FontSize | FontSize: Avoid using fonts smaller than 11 points |
Medium | High Coupling Between Objects | OPT.OBJECTIVEC.HighCouplingBetweenObjects | HighCouplingBetweenObjects: Classes internally strongly coupled must be avoided |
Medium | Maximum Number Of Methods | OPT.OBJECTIVEC.MaximumNumberOfMethods | MaximumNumberOfMethods: Number of methods in an interface or protocol not should exceed a threshold |
Medium | Misuse Embeding In Scroll View | OPT.OBJECTIVEC.MisuseEmbedingInScrollView | MisuseEmbedingInScrollView: Avoid embedding an UIWebView or UITableView in a UIScrollView |
Medium | One Statement Per Line | OPT.OBJECTIVEC.OneStatementPerLine | OneStatementPerLine: Use only one statement per line |
Medium | Replace Enum By Ns Enum Or Ns Option | OPT.OBJECTIVEC.ReplaceEnumByNsEnumOrNsOption | ReplaceEnumByNsEnumOrNsOption: Replace the enum declarations by uses of NS_ENUM and NS_OPTIONS macros |
Medium | Too Many Buttons In Action Sheet | OPT.OBJECTIVEC.TooManyButtonsInActionSheet | TooManyButtonsInActionSheet: Avoid defining to many buttons in an Action Sheet |
Medium | Too Many Dots In Page Control | OPT.OBJECTIVEC.TooManyDotsInPageControl | TooManyDotsInPageControl: Avoid too many opened views in Page Control |
Medium | Touch Controls Size | OPT.OBJECTIVEC.TouchControlsSize | TouchControlsSize: Touch controls must should have at least a 44 x 44 pixels dimension |
Medium | Use Instancetype Instead Of Id | OPT.OBJECTIVEC.UseInstancetypeInsteadOfId | UseInstancetypeInsteadOfId: Alloc, init and class factory methods must return instancetype instead of id |
Medium | Use Modern File A P I | OPT.OBJECTIVEC.UseModernFileAPI | UseModernFileAPI: Use modern file APIs |
Medium | Use Nonatomic Attribute | OPT.OBJECTIVEC.UseNonatomicAttribute | UseNonatomicAttribute: Always use the "nonatomic" attribute on your properties |
Medium | Wrap Macro Statements In Do While | OPT.OBJECTIVEC.WrapMacroStatementsInDoWhile | WrapMacroStatementsInDoWhile: Wrap multistatement macros in a do-while loop |
Medium | Avoid S M S | OPT.OBJECTIVEC.SECURITY.AvoidSMS | AvoidSMS: Avoid performing SMS-related operations |
Medium | Biometric Without Message | OPT.OBJECTIVEC.SECURITY.BiometricWithoutMessage | BiometricWithoutMessage: User is asked for fingerprints without reason |
Medium | Execution After Redirect | OPT.OBJECTIVEC.SECURITY.ExecutionAfterRedirect | ExecutionAfterRedirect: Execution After Redirect (EAR) |
Medium | Missing Content Validation | OPT.OBJECTIVEC.SECURITY.MissingContentValidation | MissingContentValidation: Missing Content Validation |
Medium | Potential Infinite Loop | OPT.OBJECTIVEC.SECURITY.PotentialInfiniteLoop | PotentialInfiniteLoop: Loop with Unreachable Exit Condition ('Infinite Loop') |
Medium | Server Trust Credential Check | OPT.OBJECTIVEC.SECURITY.ServerTrustCredentialCheck | ServerTrustCredentialCheck: Evaluate server certificate trust chain |
Medium | Unchecked Input In Loop Condition | OPT.OBJECTIVEC.SECURITY.UncheckedInputInLoopCondition | UncheckedInputInLoopCondition: Unchecked input in loop condition |
Medium | Cookie Without SSL | OPT.OBJECTIVEC.CookieWithoutSSL | CookieWithoutSSL: Avoid creating cookies without security attributes |
Medium | Hardcoded Username Password | OPT.OBJECTIVEC.SECURITY.HardcodedUsernamePassword | HardcodedUsernamePassword: Use of Hard-coded Credentials |
Medium | Http Response Caching Leak | OPT.OBJECTIVEC.SECURITY.HttpResponseCachingLeak | HttpResponseCachingLeak: HTTP sensitive responses being cached |
Medium | Information Exposure Through Error Message | OPT.OBJECTIVEC.SECURITY.InformationExposureThroughErrorMessage | InformationExposureThroughErrorMessage: Avoid sensitive information exposure through error messages |
Medium | Insecure Temporary File | OPT.OBJECTIVEC.SECURITY.InsecureTemporaryFile | InsecureTemporaryFile: Creating and using insecure temporary files can leave application and system data vulnerable to attack. |
Medium | Keyboard Caching Leak | OPT.OBJECTIVEC.SECURITY.KeyboardCachingLeak | KeyboardCachingLeak: Sensitive data leaked through keyboard cache |
Medium | Password In Configuration File | OPT.OBJECTIVEC.SECURITY.PasswordInConfigurationFile | PasswordInConfigurationFile: Use of credentials into configuration file |
Medium | Pasteboard Caching Leak | OPT.OBJECTIVEC.SECURITY.PasteboardCachingLeak | PasteboardCachingLeak: Sensitive data leaked through the pasteboard caching mechanism |
Medium | Privacy Violation | OPT.OBJECTIVEC.SECURITY.PrivacyViolation | PrivacyViolation: Exposure of Private Information ('Privacy Violation') |
Medium | Screen Caching Leak | OPT.OBJECTIVEC.SECURITY.ScreenCachingLeak | ScreenCachingLeak: Sensitive data leaked through the screen caching mechanism when app is backgrounded |
Medium | Sensitive Core Data | OPT.OBJECTIVEC.SECURITY.SensitiveCoreData | SensitiveCoreData: Sensitive data stored into CoreData('Privacy Violation') |
Medium | Sensitive Data Accessed From Itunes | OPT.OBJECTIVEC.SECURITY.SensitiveDataAccessedFromItunes | SensitiveDataAccessedFromItunes: Sensitive data accessed from Itunes ('Privacy Violation') |
Medium | Sensitive No SQL | OPT.OBJECTIVEC.SECURITY.SensitiveNoSQL | SensitiveNoSQL: Sensitive data stored into a NoSQL database('Privacy Violation') |
Medium | Sensitive SQL | OPT.OBJECTIVEC.SECURITY.SensitiveSQL | SensitiveSQL: Sensitive data stored into a SQL database('Privacy Violation') |
Medium | Sensitive User Defaults | OPT.OBJECTIVEC.SECURITY.SensitiveUserDefaults | SensitiveUserDefaults: Sensitive data stored into NSUserDefaults('Privacy Violation') |
Medium | Serializable Class Containing Sensitive Data | OPT.OBJECTIVEC.SECURITY.SerializableClassContainingSensitiveData | SerializableClassContainingSensitiveData: Serializable Class Containing Sensitive Data |
Medium | Third Party Keyboard Allowed | OPT.OBJECTIVEC.SECURITY.ThirdPartyKeyboardAllowed | ThirdPartyKeyboardAllowed: Avoid exposing sensitive data to third party keyboards. |