Skip to content

fix(security): restrict SPM plugin network scope [DEVA11Y-481]#14

Open
sunny-se wants to merge 1 commit into
mainfrom
fix/DEVA11Y-481-restrict-network-scope
Open

fix(security): restrict SPM plugin network scope [DEVA11Y-481]#14
sunny-se wants to merge 1 commit into
mainfrom
fix/DEVA11Y-481-restrict-network-scope

Conversation

@sunny-se
Copy link
Copy Markdown
Collaborator

@sunny-se sunny-se commented May 26, 2026
edited by atlassian Bot
Loading

Summary

  • F-012 / DEVA11Y-481 — SPM plugin declared unrestricted .all() network scope (CWE-250), amplifying blast radius of other findings.
  • Changed to .all(ports: []) in Package.swift, matching what shell scripts already enforce via --allow-network-connections 'all(ports: [])'.
  • Removed stale commented-out line.

Verification

  • swift build should succeed without changes to plugin behavior.
  • grep -r '\.all()' Package.swift should return no matches.
  • Shell scripts already pass all(ports: []) — no drift between manifest and CLI invocation.

Jira

DEVA11Y-481

🤖 Generated with Claude Code

@sunny-se @claude
fix(security): restrict SPM plugin network scope to .all(ports: [])
54872ac 
F-012 / DEVA11Y-481 — The plugin declared unrestricted .all() network
scope (CWE-250) which amplifies blast radius of other findings.
Switch to .all(ports: []) matching what shell scripts already enforce.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@sunny-se sunny-se requested a review from a team as a code owner May 26, 2026 08:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sunny-se