swift - 从安全分析中获得警告“删除编译器选项 -rpath 以删除 @rpath”

问题描述

我已经为我的 IOS 应用程序进行了质量扫描分析。我收到以下警告：

The binary has Runpath Search Path (@rpath) set. In certain cases an attacker can abuse this feature to run arbitrary executable for code execution and privilege escalation. Remove the compiler option -rpath to remove @rpath.  

我在我发现的代码和下面的代码中搜索@rpath并找到了：pod-framework.sh

# Embed linked Swift runtime libraries. No longer necessary as of Xcode 7.
  if [ "${XCODE_VERSION_MAJOR}" -lt 7 ]; then
    local swift_runtime_libs
    swift_runtime_libs=$(xcrun otool -LX "$binary" | grep --color=never @rpath/libswift | sed -E s/@rpath\\/\(.+dylib\).*/\\1/g | uniq -u)
    for lib in $swift_runtime_libs; do
      echo "rsync -auv \"${SWIFT_STDLIB_PATH}/${lib}\" \"${destination}\""
      rsync -auv "${SWIFT_STDLIB_PATH}/${lib}" "${destination}"
      code_sign_if_enabled "${destination}/${lib}"
    done
  fi  

那么我可以删除此代码吗？会影响我的项目吗？

提前致谢。

标签： swiftcocoapodsios14xcode12