You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If an archive has two frameworks with the same name but different platform (e.g., iOS vs. watchOS), these end up in the same IR folder, despite being separate frameworks and fully supported by Xcode.
Example (based on a true story)
An iOS app (MyApp) has an embedded watchOS app. Both need functionality provided by Foo.framework, but some iOS-specific APIs are called in Foo, so we have two targets: Foo and Foo_watchOS, both of which are configured to build to a Foo.framework. Since these are separate platforms, Xcode keeps everything separate (e.g., in Debug-iphoneos and Debug-watchos derived data folders), and they end up in separate folders in the xcarchive like:
Products/Applications/MyApp.app/Frameworks/Foo.framework <-- the iOS version
Products/Applications/MyApp.app/Watch/MyWatchApp.app/Frameworks/Foo.framework <-- the watchOS version
Note that these are not the same framework! They're based on the same code, but have slight differences based on the SDK and any conditional compilation needed to support the different platforms.
However, after running gen-ir, only a single IR/Foo.framework folder exists. From the logs, it looks like gen-ir is properly picking up the separate targets and running the compiler commands, but bitcode from both are being dumped into the same output directory!
Impact
We don't get both platform versions to scan. The "Review Modules" page in Veracode shows most frameworks as iOS, but a few as watchOS:
So it looks like whether or not a framework ends up being watchOS or iOS is "random". Furthermore, it doesn't show the other platform version as "missing".
Suggested Fix
Unclear. It seems like the IR folder structure doesn't account for two distinct frameworks with the same name, which are otherwise valid in the xcarchive and project due to having different platforms.
The text was updated successfully, but these errors were encountered:
Thanks for the report @kjcjohnson! I have recently been looking into how we can restructure the IR directory to better reflect the archive layout and this is a great example. I'll take a look to see what can be done here.
If an archive has two frameworks with the same name but different platform (e.g., iOS vs. watchOS), these end up in the same IR folder, despite being separate frameworks and fully supported by Xcode.
Example (based on a true story)
An iOS app (MyApp) has an embedded watchOS app. Both need functionality provided by
Foo.framework
, but some iOS-specific APIs are called in Foo, so we have two targets:Foo
andFoo_watchOS
, both of which are configured to build to aFoo.framework
. Since these are separate platforms, Xcode keeps everything separate (e.g., in Debug-iphoneos and Debug-watchos derived data folders), and they end up in separate folders in the xcarchive like:Note that these are not the same framework! They're based on the same code, but have slight differences based on the SDK and any conditional compilation needed to support the different platforms.
However, after running
gen-ir
, only a singleIR/Foo.framework
folder exists. From the logs, it looks likegen-ir
is properly picking up the separate targets and running the compiler commands, but bitcode from both are being dumped into the same output directory!Impact
We don't get both platform versions to scan. The "Review Modules" page in Veracode shows most frameworks as iOS, but a few as watchOS:
So it looks like whether or not a framework ends up being watchOS or iOS is "random". Furthermore, it doesn't show the other platform version as "missing".
Suggested Fix
Unclear. It seems like the
IR
folder structure doesn't account for two distinct frameworks with the same name, which are otherwise valid in the xcarchive and project due to having different platforms.The text was updated successfully, but these errors were encountered: