Hi Below are the fortify issues that are raise on the KeychainItemWrapper class.
1.Insecure Storage: Unspecified Keychain Access Policy
On line 282 of KeychainItemWrapper.m, the method writeToKeychain() stores data in the Keychain without specifying an accessibility level.
result = SecItemAdd((__bridge CFDictionaryRef)[self dictionaryToSecItemFormat:keychainItemData], NULL);
2.Insecure Storage: Externally Available Keychain
On line 282 of KeychainItemWrapper.m, the method writeToKeychain() stores data in the Keychain with an accessibility level that allows the item to be backed up to iCloud and unencrypted iTunes backups.
result = SecItemAdd((__bridge CFDictionaryRef)[self dictionaryToSecItemFormat:keychainItemData], NULL);
3.Insecure Storage: Passcode Policy Unenforced
On line 282 of KeychainItemWrapper.m, the method writeToKeychain() stores data in the Keychain without enforcing the user to set a passcode for his device.
result = SecItemAdd((__bridge CFDictionaryRef)[self dictionaryToSecItemFormat:keychainItemData], NULL);
Dead Code
4.Line 97 in KeychainItemWrapper.m will never be executed. It is dead code.
[genericPasswordQuery setObject:accessGroup forKey:(id)kSecAttrAccessGroup];
5.Dead Code Line 130 in KeychainItemWrapper.m will never be executed. It is dead code.
[keychainItemData setObject:accessGroup forKey:(id)kSecAttrAccessGroup];
Thanks and Regards,
Usman Ansari