Skip to content

Commit 05aa65f

Browse files
ethanndicksonethanndickson
committed
runCommand -> removeQuarantine
1 parent 7cc0e67 commit 05aa65f

File tree

3 files changed

+24
-4
lines changed

3 files changed

+24
-4
lines changed

Coder-Desktop/Coder-DesktopHelper/HelperXPCProtocol.swift

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
import Foundation
22

33
@objc protocol HelperXPCProtocol {
4-
func runCommand(command: String, withReply reply: @escaping (Int32, String) -> Void)
4+
func removeQuarantine(path: String, withReply reply: @escaping (Int32, String) -> Void)
55
}

Coder-Desktop/Coder-DesktopHelper/main.swift

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,19 +22,25 @@ class HelperToolDelegate: NSObject, NSXPCListenerDelegate, HelperXPCProtocol {
2222
return true
2323
}
2424

25-
func runCommand(command: String, withReply reply: @escaping (Int32, String) -> Void) {
25+
func removeQuarantine(path: String, withReply reply: @escaping (Int32, String) -> Void) {
26+
guard isCoderDesktopDylib(at: path) else {
27+
reply(1, "Path is not to a Coder Desktop dylib: \(path)")
28+
return
29+
}
30+
2631
let task = Process()
2732
let pipe = Pipe()
2833

2934
task.standardOutput = pipe
3035
task.standardError = pipe
31-
task.arguments = ["-c", command]
36+
task.arguments = ["-c", "xattr -d com.apple.quarantine '\(path)'"]
3237
task.executableURL = URL(fileURLWithPath: "/bin/bash")
3338

3439
do {
3540
try task.run()
3641
} catch {
3742
reply(1, "Failed to start command: \(error)")
43+
return
3844
}
3945

4046
let data = pipe.fileHandleForReading.readDataToEndOfFile()
@@ -45,6 +51,20 @@ class HelperToolDelegate: NSObject, NSXPCListenerDelegate, HelperXPCProtocol {
4551
}
4652
}
4753

54+
func isCoderDesktopDylib(at rawPath: String) -> Bool {
55+
let url = URL(fileURLWithPath: rawPath)
56+
.standardizedFileURL
57+
.resolvingSymlinksInPath()
58+
59+
// *Must* be within the Coder Desktop System Extension sandbox
60+
let requiredPrefix = ["/", "var", "root", "Library", "Containers",
61+
"com.coder.Coder-Desktop.VPN"]
62+
guard url.pathComponents.starts(with: requiredPrefix) else { return false }
63+
guard url.pathExtension.lowercased() == "dylib" else { return false }
64+
guard FileManager.default.fileExists(atPath: url.path) else { return false }
65+
return true
66+
}
67+
4868
let delegate = HelperToolDelegate()
4969
let listener = NSXPCListener(machServiceName: "4399GN35BJ.com.coder.Coder-Desktop.Helper")
5070
listener.delegate = delegate

Coder-Desktop/VPN/HelperXPCSpeaker.swift

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ final class HelperXPCSpeaker: @unchecked Sendable {
1616
continuation.resume(returning: false)
1717
return
1818
}
19-
proxy.runCommand(command: "xattr -d com.apple.quarantine \(path)") { status, output in
19+
proxy.removeQuarantine(path: path) { status, output in
2020
if status == 0 {
2121
self.logger.info("Successfully removed quarantine for \(path)")
2222
continuation.resume(returning: true)

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy