Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Frameworks with same name but different platform end up in the same directory #60

Open
kjcjohnson opened this issue Mar 15, 2024 · 1 comment
Open

Frameworks with same name but different platform end up in the same directory #60

kjcjohnson opened this issue Mar 15, 2024 · 1 comment
Assignees
@bmxav

Comments

@kjcjohnson
Copy link

If an archive has two frameworks with the same name but different platform (e.g., iOS vs. watchOS), these end up in the same IR folder, despite being separate frameworks and fully supported by Xcode.

Example (based on a true story)
An iOS app (MyApp) has an embedded watchOS app. Both need functionality provided by Foo.framework, but some iOS-specific APIs are called in Foo, so we have two targets: Foo and Foo_watchOS, both of which are configured to build to a Foo.framework. Since these are separate platforms, Xcode keeps everything separate (e.g., in Debug-iphoneos and Debug-watchos derived data folders), and they end up in separate folders in the xcarchive like:

Products/Applications/MyApp.app/Frameworks/Foo.framework                       <-- the iOS version
Products/Applications/MyApp.app/Watch/MyWatchApp.app/Frameworks/Foo.framework  <-- the watchOS version

Note that these are not the same framework! They're based on the same code, but have slight differences based on the SDK and any conditional compilation needed to support the different platforms.

However, after running gen-ir, only a single IR/Foo.framework folder exists. From the logs, it looks like gen-ir is properly picking up the separate targets and running the compiler commands, but bitcode from both are being dumped into the same output directory!

Impact
We don't get both platform versions to scan. The "Review Modules" page in Veracode shows most frameworks as iOS, but a few as watchOS:

Screenshot 2024-03-15 at 3 33 28 PM

So it looks like whether or not a framework ends up being watchOS or iOS is "random". Furthermore, it doesn't show the other platform version as "missing".

Suggested Fix
Unclear. It seems like the IR folder structure doesn't account for two distinct frameworks with the same name, which are otherwise valid in the xcarchive and project due to having different platforms.
@bmxav bmxav self-assigned this Sep 10, 2024
@bmxav
Copy link
Contributor

bmxav commented Sep 10, 2024

Thanks for the report @kjcjohnson! I have recently been looking into how we can restructure the IR directory to better reflect the archive layout and this is a great example. I'll take a look to see what can be done here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bmxav bmxav

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kjcjohnson @bmxav