- Notifications
You must be signed in to change notification settings - Fork5
fix: add code signing requirements to xpc connections#206
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
+132 −124
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
MemberAuthor
ethanndickson commentedJul 24, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
This stack of pull requests is managed byGraphite. Learn more aboutstacking. |
This was referencedJul 24, 2025
c7dbde8 toef8832aCompareea87f52 to5bf788fCompare5bf788f to547fd97Compareef8832a toe32d7deComparedeansheather approved these changesJul 30, 2025
Uh oh!
There was an error while loading.Please reload this page.
547fd97 to6687411Compareeebf562 to291e5a1Compare6687411 toef370dbCompare291e5a1 tob0c196fCompareef370db to55319f4Compareb0c196f tob81afc9Compare55319f4 to8670f11Compareb81afc9 toe96075eComparebe347a8 toe6a3578Comparea4b58e5 tobd905aeComparee6a3578 toa1864f6Comparebd905ae to33931d6Comparea1864f6 to8b4c8cdCompare8b4c8cd to78fd6c0Compare33931d6 to0999089Compare78fd6c0 toa5d5337Compare0999089 to1453e77Comparea5d5337 toc450bd4Compare1453e77 tod09250bCompareThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Pull Request Overview
This PR enhances security by adding code signing requirements to XPC connections to prevent unauthorized binaries from connecting to the Helper service. The changes implement validation that ensures only binaries signed by the Coder Apple development team can establish XPC connections.
Key changes:
- Refactored validation logic from
Download.swiftinto a dedicatedValidate.swiftfile - Added
xpcPeerRequirementproperty to enforce code signing requirements on XPC connections - Applied code signing validation to all XPC connection points in the application
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| Coder-Desktop/VPNLib/Validate.swift | New file containing extracted validation logic with added XPC peer requirement string |
| Coder-Desktop/VPNLib/Download.swift | Removed validation code that was moved to Validate.swift |
| Coder-Desktop/VPN/NEHelperXPCClient.swift | Added code signing requirement to XPC client connection |
| Coder-Desktop/Coder-DesktopHelper/HelperXPCListeners.swift | Added code signing requirements to both XPC server listeners |
| Coder-Desktop/Coder-Desktop/AppHelperXPCClient.swift | Added code signing requirement to app helper XPC client |
| } | ||
| guard let plistName = infoPlist[infoNameKey] as? String, plistName == expectedName else { | ||
| throw .invalidIdentifier(identifier: infoPlist[infoNameKey] as? String) |
CopilotAIAug 6, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The error type should be a name-specific validation error, notinvalidIdentifier. This validation is checking the bundle name, not the identifier, so it should throw a different error type or the existinginvalidIdentifier case should be renamed to be more generic.
Suggested change
| throw.invalidIdentifier(identifier:infoPlist[infoNameKey]as?String) | |
| throw.invalidName(name:infoPlist[infoNameKey]as?String) |
d09250b tod286679Comparec450bd4 to557e4feCompareMemberAuthor
ethanndickson commentedAug 6, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Merge activity
|
557e4fe to6b4106aCompareff169e3 intomain 4 checks passed
Uh oh!
There was an error while loading.Please reload this page.
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Labels
None yet
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading.Please reload this page.
Continues to address#201.
I've manually tested that this change prevents binaries not signed by the Coder Apple development team from connecting to the Helper over XPC.
Most of the PR diff is me moving the validator out of
Download.swiftand intoValidate.swift