ruthmoogI've been learning Selenium WebDriver, which allows me to automate tests by using WebDriver's chromedriver tool to navigate the Chrome web browser automatically. Having updated MacOS, I found I couldn't run the tests in my project due to the chromedriver file being quarantined. When I ran my tests I got this error:
⚠️
“chromedriver” cannot be opened because the developer cannot be verified.
macOS cannot verify that this app is free from malware.
It may be possible to 'open anyway' from your Security & Privacy settings. If not, here's what I did to resolve this issue.
Step 1: verify the warning
MacOS has security checks run via software called Gatekeeper, which checks any downloaded apps or executables. By default, downloads from the Apple store or with a valid Apple developer certificate are allowed. In the latest update, I saw there had been an update to the Gatekeeper logic to make it more robust. As described in the Apple security updates release,
AppleScript
Available for: macOS Big Sur
Impact: a malicious application may bypass Gatekeeper checks
Description: a logic issue was addressed with improved state management.
CVE-2021-30669: Yair Hoffman
I'd downloaded chromedriver some time ago and already used it in my project - I'd been able to run the same tests previously - but the recent system update resulted in this file being newly flagged.
Since I had downloaded the chromedriver content from a reputable source I was confident that I could remove the quarantine.
| 💡 You should only remove the flag if you're confident it's safe to do so. |
|---|
Step 2: verify that quarantine is the cause of your error
In the terminal, navigate to the directory containing the file in question. Use ls -l to list files (ls) in long format (-l):
ʕᵔᴥᵔʔ:resources ruthmoog$ ls -l
total 32664
-rwxr-xr-x@ 1 ruthmoog staff 16722536 Mar 13 02:03 chromedriver
drwxr-xr-x 3 ruthmoog staff 96 Jun 6 12:13 screenshots
Using the -l flag will list the items in the directory, along with permissions information.
The proceeding letters indicate that I have a file (-) and a directory (d) in my current directory, and the letters or dashes in sets are file-system permissions which define read (r) and write (w), and executable (x) settings for three user levels (owner, group member, everyone).
In my example above, the character I'm interested is the @ symbol. This indicates the file is in quarantine.
Step 3: remove from quarantine
To remove the flag, I will need to update the chromedriver file's extended file attribute (xattr). This is what allows the system to associate the 'in quarantine' metadata with the file.
| 💡 You should not need any admin permissions to change these attributes, so there's no need to use the 'sudo' keyword here. |
|---|
Delete (-d) the apple quarantine flag com.apple.quarantine for the file (chromedriver, in my case) - and then long list again, to verify the attribute has changed as expected:
ʕᵔᴥᵔʔ:resources ruthmoog$ xattr -d com.apple.quarantine chromedriver
ʕᵔᴥᵔʔ:resources ruthmoog$ ls -l
total 32664
-rwxr-xr-x 1 ruthmoog staff 16722536 Mar 13 02:03 chromedriver
drwxr-xr-x 3 ruthmoog staff 96 Jun 6 12:13 screenshots
The @ symbol has gone from the chromedriver file in the listing; it's free from quarantine!
Step 4: run the code
Now I can run my tests, and use the chromedriver file without problem.
I've only changed the quarantine setting for the specific file I wanted to, and Gatekeeper will continue to check any downloaded files and quarantine any unapproved downloads.
