From 6c8efa18b489308d434088cdf68f1880821de76d Mon Sep 17 00:00:00 2001
From: davide-bergamini-sevenit
 <86651476+davide-bergamini-sevenit@users.noreply.github.com>
Date: Wed, 29 Apr 2026 12:30:30 +0200
Subject: [PATCH] fix(ios): migrate unsafe NSLog logger to CAPLog

Replace raw NSLog usage in afLogger with Capacitor CAPLog.print.

The current logger receives deep-link and universal-link URLs, then passes the interpolated message directly to NSLog. Since NSLog treats the first argument as a format string, percent sequences in normal percent-encoded URLs can cause crashes during regular app usage.

This also has security relevance: custom scheme and universal-link URLs often contain sensitive values such as tokens or one-time parameters, and this plugin-level logging is currently not tied to the AppsFlyer SDK isDebug setting. In addition, externally controlled URL input can trigger the logging path, which makes crafted deep links a potential crash / denial-of-service vector.

Using CAPLog.print treats the message as log data instead of an NSLog format string, routes output through Capacitor's logging path, and follows the style used by official Capacitor iOS plugins.
---
 ios/Plugin/AppsFlyerPlugin.swift | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ios/Plugin/AppsFlyerPlugin.swift b/ios/Plugin/AppsFlyerPlugin.swift
index a58485a..a4d93cb 100644
--- a/ios/Plugin/AppsFlyerPlugin.swift
+++ b/ios/Plugin/AppsFlyerPlugin.swift
@@ -950,8 +950,8 @@ extension AppsFlyerPlugin : DeepLinkDelegate{
     
 }
 
-extension AppsFlyerPlugin{
-    private func afLogger(msg : String){
-        NSLog ("AppsFlyer [Debug][Capacitor]: \(msg)");
+extension AppsFlyerPlugin {
+    private func afLogger(msg: String) {
+        CAPLog.print("⚡️ ", self.pluginId, "-", msg)
     }
 }