logentriescommunity / le_ios Goto Github PK

We have noticed that every once in a while, le_poke() will deadlock. Are there any gremlins we should be working around, or is this a known issue?

Thanks!

It would be nice to support cocoapods

An existing podspec can be found at
sagmor@56dc81d

Does the library use port 20000 when LOGENTRIES_USE_TLS is set to true?

It looks like it isn't, judging by the source code, unless I'm missing something as I can't test it

Hi,

I am getting security threat in below code for lecore.m class https://github.com/LogentriesCommunity/le_ios/blob/master/lelib/lecore.m

occurrences of "malloc()" method which is an insecure function acc to security tool.

char local_buffer = malloc(length + 1);*

Below is the issue description and reference links from security team.

Issue description : Use of insecure functions/potential dangerous functions
Reference link: https://cwe.mitre.org/data/definitions/676.html
This would explain why SECURITY TEAM is recommending the change of these functions.

Please provide solution for this as soon as possible as it is very urgent.

Hi,

I am getting security threat in below code for LogFile.m class

• (void)markPosition:(NSInteger)position
  {
  NSString* markString = [NSString stringWithFormat:@"%ld", (long)position];
  NSString* markPath = [self markPath];
  NSError* error = nil;
  BOOL r = [markString writeToFile:markPath atomically:YES encoding:NSASCIIStringEncoding error:&error];
  if (!r) {
  LE_DEBUG(@"Error marking read position to file '%@'", error);
  }
  self.bytesProcessed = position;
  }

Below is the issue description and some suggestions from security tool.

Issue : The call to writeToFile:atomically:encoding:error:() at LogFile.m line 229 uses methods which write to temporary files before writing to the targeted file.

Recommendations- To avoid this problem, work with file descriptors instead of file paths. Initialize an NSFileHandle object with the file descriptor and use NSFileHandle methods to write to the file.

Thanks and Regards,
Usman Ansari

I would like to be able to log a message with attached context. I don't see a way to do that right now. It seems like I can only log a string without any JSON context.

Hello,

Could you please provide a demo app in Swift that handles crashes. I couldn't figure it out. There is no main() in swift. I tried le_handle_crashes() with no luck. Any quick help would be appreciated.

Hi,

I am getting security threat in below code for lecore.m class
https://github.com/LogentriesCommunity/le_ios/blob/master/lelib/LEBackgroundThread.m

There are 1 occurrences of "fopen()" method which is an insecure function acc to security tool.
self.inputFile = fopen([path cStringUsingEncoding:NSUTF8StringEncoding], "r");

Below is the issue description and reference links from security team.

Issue description : Use of insecure functions/potential dangerous functions
Reference link: https://cwe.mitre.org/data/definitions/676.html
This would explain why SECURITY TEAM is recommending the change of these functions.

Please provide solution for this as soon as possible as it is very urgent.

Thanks and Regards

Hi Team,

I would like to draw your attention towards a very serious issue of this library. My project is in objective-c/Swift and I got to know that this library is not reporting fatal error issues. I raised this issue in logentries website as well and based on their response, I am reporting this here. Please look into this and let me know if you guys have also experienced the same issue.

Does LE support macOS?

When setting a proxy (either on device or simulator via Mac) the stream does not open, trying to reopen after the retry timeout.

Neither

CFDictionaryRef proxySettings = CFNetworkCopySystemProxySettings();
CFWriteStreamSetProperty(writeStream, kCFStreamPropertyHTTPProxy, proxySettings);

nor

[self.outputSocketStream setProperty:(__bridge id)proxySettings forKey:(__bridge id)kCFStreamPropertyHTTPProxy];

in LELog.m:52 initNetworkCommunication help

my builds are now failing, returning to 0.39.0 of cocoapods fixes the issue.

after upgrading we now get a
'lelib.h' file not found

Hi,

I am getting security threat in below code for lecore.m class https://github.com/LogentriesCommunity/le_ios/blob/master/lelib/lecore.m

There are 3 occurrences of "memcpy()" method which is an insecure function acc to security tool.

In void le_log(const char message)* method, there are 2 occurences-

1. memcpy(buffer, le_token, token_length);
2. memcpy(buffer + token_length + 1, message, length);

In void le_write_string(NSString string)* method , there is a line
3. memcpy(buffer, le_token, token_length);

Below is the issue description and reference links from security team.

Issue description : Use of insecure functions/potential dangerous functions
Reference link: https://cwe.mitre.org/data/definitions/676.html
This would explain why SECURITY TEAM is recommending the change of these functions.

Please provide solution for this as soon as possible as it is very urgent.

Thanks and Regards,
Priya Mehndiratta

Hi,

just to clarify, since you use the BSD license which says that reproductions in binary form must include the author's copyright info in the documentation - I'm assuming you don't actually require any such attribution in apps? (You might consider switching to MIT which only requires keeping the copyright info with the code.)

is there a way to sync the logs only via wifi? or to syn when the files are full?

Does the library do batching of log messages before sending to the cloud? Also can we add our own context to each logs, like user information, some ids?

Currently users must change the library code to turn off Verbose logging.

@jlnbuiles suggests the following

The easiest way (IMO) would probably be to allow developers to set the variable outside of the library’s code base (maybe in the <app name>-prefix.h file?). This prevents developers from having to modify your libraries after updates.

This is how CocoaLumberjack (a logging library) accomplishes it.

ex: 
#if DEBUG 
static const int logLevel = LOG_LEVEL_VERBOSE; 
#else 
static const int logLevel = LOG_LEVEL_WARNING; 
#endif

In LeNetworkStatus

---- addr.sin_family = AF_INET; // addr.sin_family = AF_INET6; <- to support IPV6.
Apple rejects app for not enabling IPV6

Is there cocoapods support for this? I tried the name specified in the podspec ('le') and it fails. Maybe the name is too short?

Currently LogEntries handles crashes by default:

lecore.m file

int le_init()
{
    ...        
    NSSetUncaughtExceptionHandler(&le_exception_handler);
    ...
}

this is very inconvenient when you use another crash handler, like Crashlytics. Because it leads to kind of race -- only the one, who sets exception handler last, will handle crashes.

I suggest to disable exception handling by default, remove setting handler from init method and to add additional method for enabling, like this

void le_handle_crashes() {
    NSSetUncaughtExceptionHandler(&le_exception_handler);
}

OR to add define macro and check it in le_init

#define LE_HANDLE_CRASHES 1

then le_init could look like

int le_init()
{
    ...     
#if  LE_HANDLE_CRASHES
    NSSetUncaughtExceptionHandler(&le_exception_handler);
#endif
    ...
}

Logger initialization for those who use another crash reporting tool, will look like this:

#define LE_HANDLE_CRASHES 0
le_init();
le_set_token("..");

Hi,

Is it possible to release a 1.2 release with the last patchs, including the one which hide SDK logs ?
Moreover, it will be better to rename your pod, « le » is too short and not very descriptive.
Thank you

Hi,

All the fatal errors are not reported. For example:
fatal error: unexpectedly found nil while unwrapping an Optional value

Hi Team,

We are getting old redundant logs on Logentries when session starts from iOS App. Every time I launch iOS App there is increment old logs observed on Logentries. which is causing redundancy for any event. Old event is being logged on every App launch(every session start). Due to this issue we are unable to track any event's exact frequency in the system. Could you please let us know what could be the best way to encounter this problem. Is this something cache issue?

1.When iOS App is relaunched, logs from previous session(previous launch) that are already being sent are being logged again. I tries relaunching my App many time and every time it is sending old logs due to this there is lots of logs duplicity.

2.On production We saw with new App update that there is lots of logs spike in single go having since 6 months logs. Due to this there is 20 times more huge spike in logs in production with in two days.

I have attached screen shot and log file for the reference.

IkeaAlphaIos_2020-01-30_183000_2020-01-31_104537.log

The following screen for setting up an iOS project has a broken link to a ZIP file on github (see screenshot attached):

(I didn't include the URL bar because it seemed to have information private to my account encoded in the query string.)

The commit 4fb38f1 breaks the link on the above screen.

I realize this is probably not the best place to put this feedback, but it's quick and easy for me and will probably end up on the right desk.

I have tried the following ways to add logs from my Objective C application.
[self.logger log:@"Testing using instance"];
or
[LELog log:@"Testing using class"];

But both didn't made any logs in the logentries.com account.

Reference Logs:
Testing using instance
Checking status
Retry timer active

Retry timer fired
Checking status
Stream not open yet
Socket event NSStreamEventErrorOccurred, scheduling retry timer

Any recommendations on capturing stderr to the logger?

fileManager createDirectoryAtPath:::: takes a dictionary containing the attributes, LogeFiles.m passes in NO.
Fix is to change LogFiles.m:128 from:

BOOL created = [fileManager createDirectoryAtPath:path withIntermediateDirectories:NO attributes:NO error:&error];

to

BOOL created = [fileManager createDirectoryAtPath:path withIntermediateDirectories:NO attributes:nil error:&error];

Let me know if you'd prefer this as a PR.

Hi,

I am getting security threat in below code for lecore.m class https://github.com/LogentriesCommunity/le_ios/blob/master/lelib/lecore.m

There are 2 occurrences of "strlen()" method which is an insecure function acc to security tool.

In void le_log(const char message)* method, there is a line -
size_t length = strlen(message);

In bool is_valid_token(const char * token,size_t token_length)* method , there is a line
length = strlen(token);

Below is the issue description and reference links from security team.

Issue description : Use of insecure functions/potential dangerous functions
Reference link: https://cwe.mitre.org/data/definitions/676.html
This would explain why SECURITY TEAM is recommending the change of these functions.

Please provide solution for this as soon as possible as it is very urgent.

Thanks and Regards,
Priya Mehndiratta