objective-c - 如何将 NSSecureCoding 与 id 对象一起使用

Question

我正在创建一个链接列表并使用容器对对象、下一个和上一个属性进行分组。与 Foundation 集合一样，我希望它能够实现 NSSecureCoding。这是声明:

@interface ListContainer : NSObject <NSCopying, NSSecureCoding>

@property (readonly, nonatomic) id object;
@property (nonatomic) ListContainer * next;
@property (nonatomic) ListContainer * previous;

@end

在实现 - initWithCoder: 方法时，我突然意识到我不知道该对象使用哪个类:

- (instancetype)initWithCoder:(NSCoder *)aDecoder
{
    self = [super init];

    if (self) {

        _object = [aDecoder decodeObjectOfClass:<#(__unsafe_unretained Class)#> forKey:@"object"];

        BOOL nextIsNil = [aDecoder decodeBoolForKey:@"nextIsNil"];

        if (!nextIsNil) {

            // Decode next
            _next = [aDecoder decodeObjectOfClass:[ListContainer class] forKey:@"next"];

            if (_next == nil) {
                return nil;
            }

            // Link the nodes manually to prevent infinite recursion
            self.next.previous = self;
        }
    }

    return self;
}

我应该改用 -decodeObjectForKey: 吗？它仍然是安全编码吗？

Answer 1

我最终将同样的问题发布到 Cocoa 的邮件列表，并且发生了最有趣的讨论。一些亮点:

[...] Make an NSArray of normal stuff, like NSString, NSNumber, encode it, decode it with decodeObjectForClasses, with no classes. You’ll fail on the array. Add the NSArray to the list of allowed classes and .. it works. So, you think, NSArray will blindly decode anything so it’s no-longer secure.

Add an object of a custom class which implements secure coding into the array, and it will start failing again. NSArray, and the other collection types, allow elements of known secure system types, like NSString, but fail at anything outside that. [...]

此时我了解到 NSArray 的行为与我预期的不同。安全编码似乎不再那么安全:

This seems far from ideal [...] The fact that it decodes a set of classes known to implement NSSecureCoding is wrong, IMO, for two reasons [...]

1) The fact that the contained class implements NSSecureCoding does not mean that I'm expecting it. [...]

2) It limits the classes which can be stored. [...]

在替换攻击中得到一个我不期望的类尤其可怕。显然 Cocoa 的 promise 是不同的:

[...] if you use NSArray() or other collection classes directly in your coding, you need to check what you got back. They are ‘securely’ decoded to the extent that Apple believes decoding them will not result in a buffer overflow etc, that’s all you get by default. [...]

所以，不，NSSecureCoding 不保证容器的安全编码，或者至少不保证类型检查，您必须自己做。甚至不像我最初假设的那样在 Cocoa 的 native 数据结构中(有理由，我仍然这么认为)。

所有的努力都归功于 Roland King。你可以看到完整的对话here .