Comments (6)
grantneufeld
commented on July 29, 2024
I don’t know that a privacy manifest is needed for Swifter. I don’t think the library hits any privacy issues (unlike those on Apple’s list of SDKs requiring privacy manifests; linked in the original comment).
SDKs with privacy issues (therefore requiring a privacy manifest) are those that take any user data, or define any tokens tied to a user, or track users’ activity (such as website visits). Swifter does none of that. Our apps using Swifter may or may not hit privacy issues, depending on what we have them do, but Swifter itself does not (as far as I’m aware).
from swifter.
haniewais
commented on July 29, 2024
According to the apple docs, specifically the Reason API:
Some APIs that your app uses to deliver its core functionality — in code you write or included in a third-party SDK — have the potential of being misused to access device signals to try to identify the device or user, also known as fingerprinting. Regardless of whether a user gives your app permission to track, fingerprinting is not allowed. Describe the reasons your app or third-party SDK on iOS, iPadOS, tvOS, visionOS, or watchOS uses these APIs, and check that your app or third-party SDK only uses the APIs for the expected reasons.
Swifter does use the stat timestamp system api here:
swifter/Xcode/Sources/String+File.swift
Line 101 in 1e4f51c
I believe this requires a privacy manifest file from my understanding which will bubble up to the main project's privacy manifest.
from swifter.
grantneufeld
commented on July 29, 2024
The function with that code is:
public func directory() throws -> Bool {
return try self.withStat {
if let stat = $0 {
return stat.st_mode & S_IFMT == S_IFDIR
}
return false
}
}Which calls through to:
private func withStat<T>(_ closure: ((stat?) throws -> T)) throws -> T {
return try self.withCString({
var statBuffer = stat()
if stat($0, &statBuffer) == 0 {
return try closure(statBuffer)
}
if errno == ENOENT {
return try closure(nil)
}
throw FileError.error(errno)
})
}The directory() function seems to only be used in one place, Sources/Files.swift: directoryBrowser(). It’s not entirely clear to me, but that one usage seems to be just checking if the filepath is a readable directory?
public func directoryBrowser(_ dir: String) -> ((HttpRequest) -> HttpResponse) {
return { request in
guard let (_, value) = request.params.first else {
return HttpResponse.notFound
}
let filePath = dir + String.pathSeparator + value
do {
guard try filePath.exists() else {
return .notFound
}
if try filePath.directory() { // ⬅️ ⭐️ CALL TO directory()
var files = try filePath.files()
files.sort(by: {$0.lowercased() < $1.lowercased()})
return scopes {
html {
body {
table(files) { file in
tr {
td {
a {
href = request.path + "/" + file
inner = file
}
}
}
}
}
}
}(request)
} else {
guard let file = try? filePath.openForReading() else {
return .notFound
}
return .raw(200, "OK", [:], { writer in
try? writer.write(file)
file.close()
})
}
} catch {
return HttpResponse.internalServerError
}
}
}If I am correct that it’s just checking that the directory is readable, then perhaps an alternative approach may be taken that doesn’t call the stat function that seems to be triggering Apple’s privacy restrictions?
from swifter.
haniewais
commented on July 29, 2024
Good stuff, I believe it would easier to just add the privacy manifest and keep the stat call, not sure how else to check if the directory exists without a system API call.
from swifter.
haniewais
commented on July 29, 2024
I attempted to create a PR: #550
from swifter.
EvanMasterson
commented on July 29, 2024
+1 on this
from swifter.
Related Issues (20)
- LICENSE file contains placeholder text.
- usleep degrades when using Swifter
- Unable to connect to server HOT 1
- tvOS 16 Beta 2 Unable to override the Stub that has same url
- Builds fails when trying to use `Swifter` in XCUITest HOT 3
- 404 Not Found HOT 1
- Building release is extremely slow
- Enhancement request: Swifter to label .wasm files as "application/wasm" when it serves them
- Can the development on this package be sponsored?
- IOS 16.4problem: Restricted network ports are not allowed HOT 3
- How to get post parameters ?
- How to set multiple responses for one endpoint?
- Question for loading index.html + subdirrectories HOT 1
- Support regular expression
- Bind operation not permitted - MacOS - UITests
- HttpServer does not support for multicast
- Release new version from stable branch (Cocoapods)
- How to use the ssl HOT 1
- Does this lib work in iOS for moblie ? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from swifter.