CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
        • Biometrics-and-auth
        • Commoncrypto
        • Cryptoswift
        • Insecure-communication
        • Lang
          • Background
          • Clipboard
          • Crypto
          • Forbidden
          • Ns
            • Keyedarchiver
            • Nscoding
              • Swift nscoding
            • Nspredicate-injection
          • Storage
          • Storage
          • String
          • Xml
        • Pathtraversal
        • Sql
        • Sqllite
        • Webview
        • Webview
      • Terraform
      • Typescript
      • Yaml
    Nscoding

    Swift nscoding

    The application was found to use nscoding, which is not considered secure. When decoding serialized objects, it is not possible to determine what they are, until post-decoding. NSSecureCoding should be used in place of nscoding, and secure serialization and deserialization should be used in all cases where such functionality is required.
    Likelihood: LOW
    Confidence: HIGH
    CWE:
    - CWE-502: Deserialization of Untrusted Data
    OWASP:
    - A08:2017 - Insecure Deserialization
    - A08:2021 - Software and Data Integrity Failures

    Swift keyedarchiverSwift predicate injection
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.