Insecure Storage: HTTP Response Cache Leak

[Sneha0523]

Summary - On line 47 of FIRCLSFABNetworkClient.m, the method initWithSessionConfiguration:queue:() performs a URL request without configuring the URL loading system to prevent the caching of HTTP(S) responses.The identified method performs a URL request without configuring the URL loading system to prevent the caching of HTTP(S) responses. On line 117 of GDTCCTUploadOperation.m, the method uploaderSessionCreateIfNeeded() performs a URL request without configuring the URL loading system to prevent the caching of HTTP(S) responses. On line 149 of GULNetworkURLSession.m, the method sessionIDFromAsyncPOSTRequest:completionHandler:() performs a URL request without configuring the URL loading system to prevent the caching of HTTP(S) responses. On line 157 of GULNetworkURLSession.m, the method sessionIDFromAsyncPOSTRequest:completionHandler:() performs a URL request without configuring the URL loading system to prevent the caching of HTTP(S) responses. On line 210 of GULNetworkURLSession.m, the method sessionIDFromAsyncGETRequest:completionHandler:() performs a URL request without configuring the URL loading system to prevent the caching of HTTP(S) responses On line 58 of SettingsDownloadClient.swift, the method lambda { (Result<[String : Any], SettingsDownloaderError>) -> Void }() performs a URL request without configuring the URL loading system to prevent the caching of HTTP(S) responses.

Explanation - The HTTP(S) responses may contain sensitive data such as session cookies and API tokens. The URL loading system will cache all the HTTP(S) responses for performance reasons, storing them unencrypted in the {app ID}/Library/Caches/com.mycompany.myapp/Cache.db* files.