Frameworks with same name but different platform end up in the same directory #60
Description
If an archive has two frameworks with the same name but different platform (e.g., iOS vs. watchOS), these end up in the same IR folder, despite being separate frameworks and fully supported by Xcode.
Example (based on a true story)
An iOS app (MyApp) has an embedded watchOS app. Both need functionality provided by Foo.framework, but some iOS-specific APIs are called in Foo, so we have two targets: Foo and Foo_watchOS, both of which are configured to build to a Foo.framework. Since these are separate platforms, Xcode keeps everything separate (e.g., in Debug-iphoneos and Debug-watchos derived data folders), and they end up in separate folders in the xcarchive like:
Products/Applications/MyApp.app/Frameworks/Foo.framework <-- the iOS version
Products/Applications/MyApp.app/Watch/MyWatchApp.app/Frameworks/Foo.framework <-- the watchOS version
Note that these are not the same framework! They're based on the same code, but have slight differences based on the SDK and any conditional compilation needed to support the different platforms.
However, after running gen-ir, only a single IR/Foo.framework folder exists. From the logs, it looks like gen-ir is properly picking up the separate targets and running the compiler commands, but bitcode from both are being dumped into the same output directory!
Impact
We don't get both platform versions to scan. The "Review Modules" page in Veracode shows most frameworks as iOS, but a few as watchOS:
So it looks like whether or not a framework ends up being watchOS or iOS is "random". Furthermore, it doesn't show the other platform version as "missing".
Suggested Fix
Unclear. It seems like the IR folder structure doesn't account for two distinct frameworks with the same name, which are otherwise valid in the xcarchive and project due to having different platforms.