-
Notifications
You must be signed in to change notification settings - Fork 539
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Privacy Manifest #546
Comments
I don’t know that a privacy manifest is needed for Swifter. I don’t think the library hits any privacy issues (unlike those on Apple’s list of SDKs requiring privacy manifests; linked in the original comment). SDKs with privacy issues (therefore requiring a privacy manifest) are those that take any user data, or define any tokens tied to a user, or track users’ activity (such as website visits). Swifter does none of that. Our apps using Swifter may or may not hit privacy issues, depending on what we have them do, but Swifter itself does not (as far as I’m aware). |
According to the apple docs, specifically the Reason API:
Swifter does use the stat timestamp system api here: swifter/Xcode/Sources/String+File.swift Line 101 in 1e4f51c
I believe this requires a privacy manifest file from my understanding which will bubble up to the main project's privacy manifest. |
The function with that code is: public func directory() throws -> Bool {
return try self.withStat {
if let stat = $0 {
return stat.st_mode & S_IFMT == S_IFDIR
}
return false
}
} Which calls through to: private func withStat<T>(_ closure: ((stat?) throws -> T)) throws -> T {
return try self.withCString({
var statBuffer = stat()
if stat($0, &statBuffer) == 0 {
return try closure(statBuffer)
}
if errno == ENOENT {
return try closure(nil)
}
throw FileError.error(errno)
})
} The public func directoryBrowser(_ dir: String) -> ((HttpRequest) -> HttpResponse) {
return { request in
guard let (_, value) = request.params.first else {
return HttpResponse.notFound
}
let filePath = dir + String.pathSeparator + value
do {
guard try filePath.exists() else {
return .notFound
}
if try filePath.directory() { // ⬅️ ⭐️ CALL TO directory()
var files = try filePath.files()
files.sort(by: {$0.lowercased() < $1.lowercased()})
return scopes {
html {
body {
table(files) { file in
tr {
td {
a {
href = request.path + "/" + file
inner = file
}
}
}
}
}
}
}(request)
} else {
guard let file = try? filePath.openForReading() else {
return .notFound
}
return .raw(200, "OK", [:], { writer in
try? writer.write(file)
file.close()
})
}
} catch {
return HttpResponse.internalServerError
}
}
} If I am correct that it’s just checking that the directory is readable, then perhaps an alternative approach may be taken that doesn’t call the |
Good stuff, I believe it would easier to just add the privacy manifest and keep the |
I attempted to create a PR: #550 |
+1 on this |
From Apple docs:
Could you please add a privacy manifest for this library?
The text was updated successfully, but these errors were encountered: