296133 – [webkitapipy] Allowed selector names are ambiguous between classes, leading to false positives

RESOLVED FIXED296133

[webkitapipy] Allowed selector names are ambiguous between classes, leading to false positives

https://bugs.webkit.org/show_bug.cgi?id=296133

Summary [webkitapipy] Allowed selector names are ambiguous between classes, leading t...

Elliott Williams

Reported 2025-07-17 10:31:09 PDT

audit-spi only tracks selectors sent by a binary, and not the classes that receive those messages. This means that we may have allowed a selector which is an SPI method on one class, but API on another class. This is an `UnnecessaryAllowedName` verification error, and prompts us to remove the selector from the allowlist. But we might be intending to bind to the SPI method, so it would be premature to remove it from the allowlist. We should instead make it possible to narrow the allowlist declaration to bind to the specific SPI method.

Attachments
Add attachment proposed patch, testcase, etc.

Elliott Williams

Comment 1 2025-07-17 10:52:05 PDT

Pull request: https://github.com/WebKit/WebKit/pull/48192

Radar WebKit Bug Importer

Comment 2 2025-07-24 10:32:13 PDT

<rdar://problem/156617260>

EWS

Comment 3 2025-08-12 10:09:32 PDT

Committed 298571@main (b9fa7bcf1170): <https://commits.webkit.org/298571@main> Reviewed commits have been landed. Closing PR #48192 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Tools / Tests

Assignee

Elliott Williams

Reported

2025-07-17 10:31 PDT

Modified

2025-08-12 10:09 PDT History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks