安全部門提供的檢測：The binary has Runpath Search Path (@rpath) set. In certain cases an attacker can abuse this feature to run arbitrary executable for code execution and privilege escalation. Remove the compiler option -rpath to remove @rpath.

自己使用命令行檢測：otool -L? + .app 包的路徑(IPA包解壓) +包名，確實(shí)存在@rpath的路徑

比如：yang.yang@yangyang ~ % otool -L /Users/yang.yang/Library/Developer/Xcode/DerivedData/acqmkdlhqnoswfftcltfnewtpzib/Build/Products/Debug-iphoneos/aaaa.app/aaaa

然后開始解決，可能每個人遇到的問題會有點(diǎn)區(qū)別，有的只需要刪除run path即可解決，但我遇到的問題跟網(wǎng)上的不太一樣，首先需要說明的是我們項(xiàng)目使用的是Swift語言+OC的混合開發(fā)

移除前檢測

第一次移除：通過在Podfile文件最后添加

post_install do |installer|

? installer.pods_project.targets.each do |target|

? ? target.build_configurations.each do |config|

? ? ? config.build_settings['DYLIB_INSTALL_NAME_BASE'] = '@executable_path/Frameworks'

? ? end

? end

end

重新執(zhí)行pod install 命令檢測，仍然還有

第二次移除，網(wǎng)上另外針對系統(tǒng)庫的移除方法：

The?Runpath Search Path?instructs the dynamic linker to search for a dynamic library (dylib) on an ordered list of paths, sort of like how Unix looks for binaries on $PATH.

If your application uses the?Swift Package Manager, in order to compile the libraries without rpath you need to use some hidden build flags. On your local command line run:

Note the swift compiler option no-stdlib-rpath which disables rpath entries during compilation. Configure your build settings so that the application is built with this configuration flag,?e.g.: swift build -c release -Xswiftc -no-toolchain-stdlib-rpath.

上面方法我試了好像無效，然后我發(fā)現(xiàn)了下面的問題

第三次移除，最最重要的一點(diǎn)是，經(jīng)過大量排查和實(shí)踐項(xiàng)目工程必須最低支持iOS版本為12.2才能完全被移除，看截圖

最后一步：第四次移除在build settings搜索Runpath Search Paths，全部刪除

參考

https://inesmartins.github.io/mobsf-ipa-binary-analysis-step-by-step/index.html

https://stackoverflow.com/questions/66048178/mobsf-solve-rpath-violation