iOS Binary Make Use Of Insecure APIs

[waligoraj]

The iOS binary makes use of several APIs that are insecure. These functions are dangerous because
they might lead to memory corruption and should not be used. The following binaries were
discovered being used:
_malloc
_fopen
_stat
_memcpy
_strncpy
_sscanf
_strlen
_srand
_random

[brodycj]

Thanks but these API functions are used by SQLite which is very well tested as described here: https://sqlite.org/testing.html

I would consider this issue to be invalid and will likely close it unless there are some very, very strong arguments forthcoming.

[waligoraj]

Brody,

Thanks for you quick response. I am trying to get clarification for our security team, and an explanation as to why this plugin is secure and what would be driving these "false positive" security vulnerabilities. In other words, can you explain why these functions listed above, cannot lead to memory corruption? Any and all response will be extremely useful in explaining to my security department why we don't have to be concerned about this plugin.

Thanks,
Joseph Waligora

[brodycj]

Hello I am still not yet convinced that we should keep this issue open.

It would be extremely helpful if you could give me an idea of what tool is reporting the use of "insecure" or "dangerous" API functions.

Yes the C functions listed in the description do have to be used very carefully.

As I tried to explain before:

• these C functions are only used by SQLite and not directly by the Objective-C code in this plugin
• SQLite itself is extremely well tested

By "extremely well tested" I mean that SQLite has been tested with 100% code and branch coverage for years and has been considered safe for aviation as well:

• https://corecursive.com/066-sqlite-with-richard-hipp/
• https://sqlite.org/lts.html
• https://sqlite.org/testing.html

At the risk of sounding promotional I will also say that SQLite is known as the most widely used database engine:

• https://www.sqlite.org/mostdeployed.html
• https://thenewstack.io/the-origin-story-of-sqlite-the-worlds-most-widely-used-database-software/

One more thing is that in terms of this plugin:

• the iOS implementation was originally made by someone else in 2011 (~10 years ago)
• I have been maintaining various versions of this plugin for both Android and iOS since 2012 (~9 years ago)
• I have not seen any reports of memory corruption on iOS in this plugin

I did receive some reports of intermittent database file corruption back in 2017 (3-4 years ago) and applied some build updates in response to these reports: storesafe/cordova-sqlite-storage-help#34 ... I have not seen any more reports of database file corruption since 2018 when I applied these updates.

Given the points above, I would consider this plugin to be very safe against memory corruption.

Does this mean that we can absolutely guarantee that the use of these functions can never lead to memory corruption? Not necessarily, but I think it can and should be plenty good enough. Thanks.