From a7f17863725101cbb4fc9601feb82abf65e7a4e1 Mon Sep 17 00:00:00 2001 From: garvitkaushik-123 Date: Tue, 30 Jun 2026 19:26:02 +0530 Subject: [PATCH] fix: replace deprecated NSKeyedArchiver/NSKeyedUnarchiver APIs with modern equivalents The deprecated `+[NSKeyedUnarchiver unarchiveObjectWithData:]` and `+[NSKeyedArchiver archivedDataWithRootObject:]` methods are flagged as unsafe by security scanners (CWE-676). Replace them with instance-based `NSKeyedUnarchiver` and `archivedDataWithRootObject:requiringSecureCoding:error:` which are available since iOS 11.0 (the SDK minimum deployment target). Resolves #919 --- .../OneSignalCore/Source/OneSignalUserDefaults.m | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/iOS_SDK/OneSignalSDK/OneSignalCore/Source/OneSignalUserDefaults.m b/iOS_SDK/OneSignalSDK/OneSignalCore/Source/OneSignalUserDefaults.m index fb48bacf5..bf64ae066 100644 --- a/iOS_SDK/OneSignalSDK/OneSignalCore/Source/OneSignalUserDefaults.m +++ b/iOS_SDK/OneSignalSDK/OneSignalCore/Source/OneSignalUserDefaults.m @@ -152,14 +152,21 @@ - (void)saveObjectForKey:(NSString * _Nonnull)key withValue:(id _Nullable)object } - (id _Nullable)getSavedCodeableDataForKey:(NSString * _Nonnull)key defaultValue:(id _Nullable)value { - if ([self keyExists:key]) - return [NSKeyedUnarchiver unarchiveObjectWithData:[self.userDefaults objectForKey:key]]; - + if ([self keyExists:key]) { + NSData *data = [self.userDefaults objectForKey:key]; + NSKeyedUnarchiver *unarchiver = [[NSKeyedUnarchiver alloc] initForReadingFromData:data error:nil]; + unarchiver.requiresSecureCoding = NO; + id result = [unarchiver decodeTopLevelObjectAndReturnError:nil]; + [unarchiver finishDecoding]; + return result; + } + return value; } - (void)saveCodeableDataForKey:(NSString * _Nonnull)key withValue:(id _Nullable)value { - [self.userDefaults setObject:[NSKeyedArchiver archivedDataWithRootObject:value] forKey:key]; + NSData *data = [NSKeyedArchiver archivedDataWithRootObject:value requiringSecureCoding:NO error:nil]; + [self.userDefaults setObject:data forKey:key]; [self.userDefaults synchronize]; }