# Background The purpose of this epic is to track the development of Objective-C support for Advanced SAST. # Requirements The following is a list of the most important, SAST-relevant, CWEs to support as part of this effort in priority order: 1. CWE-321: Hardcoded crypto keys 2. CWE-327/328/329: Broken crypto algorithms, weak hash, predictable IV 3. CWE-312/922: Unencrypted storage (NSUserDefaults, unprotected file writes) 4. CWE-295: Disabled cert validation 5. CWE-319: Hardcoded HTTP URLs, cleartext transmission calls 6. CWE-532: Hardcoded log statements with sensitive data 7. CWE-311: Missing encryption entirely (no Data Protection class, missing Keychain flags) 8. CWE-326: Insufficient key length 9. CWE-89: SQL injection via string concatenation 10. CWE-20/116: Input validation 11. CWE-502: Unsafe deserialization