I've been learning Selenium WebDriver, which allows me to automate tests by using WebDriver's chromedriver tool to navigate the Chrome web browser automatically. Having updated MacOS, I found I couldn't run the tests in my project due to the chromedriver file being quarantined. When I ran my tests I got this error:
“chromedriver” cannot be opened because the developer cannot be verified.
macOS cannot verify that this app is free from malware.
It may be possible to 'open anyway' from your Security & Privacy settings. If not, here's what I did to resolve this issue.
MacOS has security checks run via software called Gatekeeper, which checks any downloaded apps or executables. By default, downloads from the Apple store or with a valid Apple developer certificate are allowed. In the latest update, I saw there had been an update to the Gatekeeper logic to make it more robust. As described by in the Apple security updates release,
Available for: macOS Big Sur
Impact: a malicious application may bypass Gatekeeper checks
Description: a logic issue was addressed with improved state management.
CVE-2021-30669: Yair Hoffman
I'd downloaded chromedriver some time ago and already used it in my project - I'd been able to run the same tests previously - but the recent system update resulted in this file being newly flagged.
Since I had downloaded the chromedriver content from a reputable source I was confident that I could remove the quarantine.
|💡 You should only remove the flag if you're confident it's safe to do so.|
In the terminal, navigate to the directory containing the file in question. Use
ls -l to list files (
ls) in long format (
ʕᵔᴥᵔʔ:resources ruthmoog$ ls -l total 32664 -rwxr-xr-x@ 1 ruthmoog staff 16722536 Mar 13 02:03 chromedriver drwxr-xr-x 3 ruthmoog staff 96 Jun 6 12:13 screenshots
-l flag will list the items in the directory, along with permissions information.
The proceeding letters indicate that I have a file (
-) and a directory (
d) in my current directory, and the letters or dashes in sets are file-system permissions which define read (
r) and write (
w), and executable (
x) settings for three user levels (owner, group member, everyone).
In my example above, the character I'm interested is the
@ symbol. This indicates the file is in quarantine.
To remove the flag, I will need to update the chromedriver file's extended file attribute (
xattr). This is what allows the system to associate the 'in quarantine' metadata with the file.
|💡 You should not need any admin permissions to change these attributes, so there's no need to use the 'sudo' keyword here.|
-d) the apple quarantine flag
com.apple.quarantine for the file (
chromedriver, in my case) - and then long list again, to verify the attribute has changed as expected:
ʕᵔᴥᵔʔ:resources ruthmoog$ xattr -d com.apple.quarantine chromedriver ʕᵔᴥᵔʔ:resources ruthmoog$ ls -l total 32664 -rwxr-xr-x 1 ruthmoog staff 16722536 Mar 13 02:03 chromedriver drwxr-xr-x 3 ruthmoog staff 96 Jun 6 12:13 screenshots
@ symbol has gone from the chromedriver file in the listing; it's free from quarantine!
Now I can run my tests, and use the chromedriver file without problem.
I've only changed the quarantine setting for the specific file I wanted to, and Gatekeeper will continue to check any downloaded files and quarantine any unapproved downloads.