Re: How to pre-select a file in NSOpenPanel -- specifically, a .app bundle?
Re: How to pre-select a file in NSOpenPanel -- specifically, a .app bundle?
- Subject: Re: How to pre-select a file in NSOpenPanel -- specifically, a .app bundle?
- From: Charles Srstka <email@hidden>
- Date: Fri, 24 Jun 2016 22:31:26 -0500
> On Jun 24, 2016, at 7:47 PM, Quincey Morris <email@hidden> wrote:
>
> On Jun 24, 2016, at 16:24 , Charles Srstka <email@hidden> wrote:
>>
>> How could this be a security threat, when a malicious program could just set canChooseDirectories to true, open the panel to the app’s parent directory, and spearphish the user into clicking OK on that?
>
> (I wasn’t referring to opening apps, but to files generally.)
>
> Clicking OK won’t do anything until the user selects something, and the app can’t preset or change the selection. Maybe my logic is incorrect, but this seems to me to prevent attempts to fool the user into choosing something unintended.
func readTheFile(url: NSURL) {
do {
let data = try NSData(contentsOfURL: url, options: [])
guard let string = String(data: data, encoding: NSUTF8StringEncoding) else {
throw NSCocoaError.FileReadCorruptFileError
}
print("Contents of file: \(string)")
} catch {
print("Error occurred: \(error)")
}
}
let url = NSURL(fileURLWithPath: "/path/to/MyGreatFile.txt")
print("First attempt:")
readTheFile(url)
let dirURL: NSURL = {
while true {
let openPanel = NSOpenPanel()
openPanel.canChooseDirectories = true
openPanel.directoryURL = url.URLByDeletingLastPathComponent
openPanel.prompt = "OK"
openPanel.message = "Please click OK"
let answer = openPanel.runModal()
if answer == NSFileHandlingPanelOKButton, let openPanelURL = openPanel.URL where openPanelURL == url.URLByDeletingLastPathComponent {
return openPanelURL
} else {
let alert = NSAlert()
alert.messageText = "Hey buddy, click the OK button when I tell you to, okay?"
alert.runModal()
}
}
}()
print("Second attempt:")
dirURL.startAccessingSecurityScopedResource()
readTheFile(url)
dirURL.stopAccessingSecurityScopedResource()
--
After clicking OK when asked, this outputs:
First attempt:
Error occurred: Error Domain=NSCocoaErrorDomain Code=257 "The file “MyGreatFile.txt” couldn’t be opened because you don’t have permission to view it." UserInfo={NSFilePath=/path/to/MyGreatFile.txt, NSUnderlyingError=0x600000046750 {Error Domain=NSPOSIXErrorDomain Code=1 "Operation not permitted"}}
Second attempt:
Contents of file: This is my great file!
Charles
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden