Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privacy Manifest #546

Open
sashabaranov opened this issue Dec 11, 2023 · 6 comments
Open

Privacy Manifest #546

sashabaranov opened this issue Dec 11, 2023 · 6 comments

Comments

@sashabaranov
Copy link

sashabaranov commented Dec 11, 2023
edited
Loading

From Apple docs:

Starting in spring 2024, you must include the privacy manifest for any SDK listed below when you submit new apps in App Store Connect that include those SDKs, or when you submit an app update that adds one of the listed SDKs as part of the update. Signatures are also required in these cases where the listed SDKs are used as binary dependencies.

Could you please add a privacy manifest for this library?
@grantneufeld
Copy link

I don’t know that a privacy manifest is needed for Swifter. I don’t think the library hits any privacy issues (unlike those on Apple’s list of SDKs requiring privacy manifests; linked in the original comment).

SDKs with privacy issues (therefore requiring a privacy manifest) are those that take any user data, or define any tokens tied to a user, or track users’ activity (such as website visits). Swifter does none of that. Our apps using Swifter may or may not hit privacy issues, depending on what we have them do, but Swifter itself does not (as far as I’m aware).

@haniewais
Copy link

According to the apple docs, specifically the Reason API:

Some APIs that your app uses to deliver its core functionality — in code you write or included in a third-party SDK — have the potential of being misused to access device signals to try to identify the device or user, also known as fingerprinting. Regardless of whether a user gives your app permission to track, fingerprinting is not allowed. Describe the reasons your app or third-party SDK on iOS, iPadOS, tvOS, visionOS, or watchOS uses these APIs, and check that your app or third-party SDK only uses the APIs for the expected reasons.

Swifter does use the stat timestamp system api here:

swifter/Xcode/Sources/String+File.swift

Line 101 in 1e4f51c

return stat.st_mode & S_IFMT == S_IFDIR

I believe this requires a privacy manifest file from my understanding which will bubble up to the main project's privacy manifest.

@grantneufeld
Copy link

The function with that code is:

public func directory() throws -> Bool {
    return try self.withStat {
        if let stat = $0 {
            return stat.st_mode & S_IFMT == S_IFDIR
        }
        return false
    }
}

Which calls through to:

private func withStat<T>(_ closure: ((stat?) throws -> T)) throws -> T {
    return try self.withCString({
        var statBuffer = stat()
        if stat($0, &statBuffer) == 0 {
            return try closure(statBuffer)
        }
        if errno == ENOENT {
            return try closure(nil)
        }
        throw FileError.error(errno)
    })
}

The directory() function seems to only be used in one place, Sources/Files.swift: directoryBrowser(). It’s not entirely clear to me, but that one usage seems to be just checking if the filepath is a readable directory?

public func directoryBrowser(_ dir: String) -> ((HttpRequest) -> HttpResponse) {
    return { request in
        guard let (_, value) = request.params.first else {
            return HttpResponse.notFound
        }
        let filePath = dir + String.pathSeparator + value
        do {
            guard try filePath.exists() else {
                return .notFound
            }
            if try filePath.directory() { // ⬅️ ⭐️ CALL TO directory()
                var files = try filePath.files()
                files.sort(by: {$0.lowercased() < $1.lowercased()})
                return scopes {
                    html {
                        body {
                            table(files) { file in
                                tr {
                                    td {
                                        a {
                                            href = request.path + "/" + file
                                            inner = file
                                        }
                                    }
                                }
                            }
                        }
                    }
                    }(request)
            } else {
                guard let file = try? filePath.openForReading() else {
                    return .notFound
                }
                return .raw(200, "OK", [:], { writer in
                    try? writer.write(file)
                    file.close()
                })
            }
        } catch {
            return HttpResponse.internalServerError
        }
    }
}

If I am correct that it’s just checking that the directory is readable, then perhaps an alternative approach may be taken that doesn’t call the stat function that seems to be triggering Apple’s privacy restrictions?

@haniewais
Copy link

Good stuff, I believe it would easier to just add the privacy manifest and keep the stat call, not sure how else to check if the directory exists without a system API call.

@haniewais
Copy link

I attempted to create a PR: #550

@EvanMasterson
Copy link

+1 on this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@grantneufeld @sashabaranov @EvanMasterson @haniewais