Closed
Description
Description
This PR addressed most of the requirements to support NSSecureCoding. In order to take advantage of this, all instances of [ decodeObjectForKey:] should be replaced with [ decodeObjectOfClass: forKey:] or its cohorts, and
- requiresSecureCoding should be implemented and respond with YES (Apple documentation).
FIRMessagingAPNSInfo.m and FIRMessagingTokenInfo.m both are currently using [ decodeObjectForKey:] with subsequent checks to make sure they got what they were expecting. While this is a start at preventing object substitution attacks, potentially bad objects are still decoded, and any security code scan still spots the insecure
[ decodeObjectForKey:] statements.
Firebase SDK Version
10.21
Xcode Version
15.1
Installation Method
CocoaPods
Firebase Product(s)
Messaging
Targeted Platforms
iOS