2.1 KiB
2.1 KiB
macOS Bundle Inspector with Capability Overlays
Module
Scanner
Status
IMPLEMENTED
Description
Inspects macOS .app/.framework bundles, parsing Info.plist for metadata and entitlements for security capability analysis (sandbox, hardened runtime, network access flags).
Implementation Details
- Bundle Analyzer:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.MacOsBundle/MacOsBundleAnalyzer.cs-MacOsBundleAnalyzerinspects macOS .app/.framework bundles, extracting metadata and security capabilitiessrc/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.MacOsBundle/MacOsBundleAnalyzerPlugin.cs- Plugin registration for the macOS bundle analyzer
- Parsers:
src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.MacOsBundle/InfoPlistParser.cs-InfoPlistParserparses Info.plist files for bundle metadata (CFBundleIdentifier, version, minimum OS)src/Scanner/__Libraries/StellaOps.Scanner.Analyzers.OS.MacOsBundle/EntitlementsParser.cs-EntitlementsParserparses entitlements XML for security capability analysis (sandbox, hardened runtime, network access)
- Mach-O Analysis:
src/Scanner/StellaOps.Scanner.Analyzers.Native/MachOReader.cs-MachOReaderreads Mach-O binary format headers and load commandssrc/Scanner/StellaOps.Scanner.Analyzers.Native/MachOCodeSignature.cs-MachOCodeSignatureextracts code signature information from Mach-O binaries
E2E Test Plan
- Scan a container image containing a macOS .app bundle and verify Info.plist metadata is extracted (bundle identifier, version, minimum OS version)
- Verify entitlements are parsed and security capabilities (sandbox, hardened runtime) are identified
- Verify network access entitlements (com.apple.security.network.client/server) are detected and reported as capability overlays
- Verify .framework bundles are also inspected with the same metadata extraction
- Verify Mach-O code signature information is extracted and linked to the bundle analysis
- Verify bundles without entitlements are handled gracefully with appropriate defaults