mirror of
https://github.com/affaan-m/everything-claude-code.git
synced 2026-04-08 02:03:34 +08:00
feat: add Swift language-specific rules
Add 5 rule files for Swift following the established pattern used by TypeScript, Python, and Go rule sets. Covers Swift 6 strict concurrency, Swift Testing framework, protocol-oriented patterns, Keychain-based secret management, and SwiftFormat/SwiftLint hooks.
This commit is contained in:
Maksim Dimitrov
33
rules/swift/security.md
Normal file
33
rules/swift/security.md
Normal file
@@ -0,0 +1,33 @@
|
||||
---
|
||||
paths:
|
||||
- "**/*.swift"
|
||||
- "**/Package.swift"
|
||||
---
|
||||
# Swift Security
|
||||
|
||||
> This file extends [common/security.md](../common/security.md) with Swift specific content.
|
||||
|
||||
## Secret Management
|
||||
|
||||
- Use **Keychain Services** for sensitive data (tokens, passwords, keys) — never `UserDefaults`
|
||||
- Use environment variables or `.xcconfig` files for build-time secrets
|
||||
- Never hardcode secrets in source — decompilation tools extract them trivially
|
||||
|
||||
```swift
|
||||
let apiKey = ProcessInfo.processInfo.environment["API_KEY"]
|
||||
guard let apiKey, !apiKey.isEmpty else {
|
||||
fatalError("API_KEY not configured")
|
||||
}
|
||||
```
|
||||
|
||||
## Transport Security
|
||||
|
||||
- App Transport Security (ATS) is enforced by default — do not disable it
|
||||
- Use certificate pinning for critical endpoints
|
||||
- Validate all server certificates
|
||||
|
||||
## Input Validation
|
||||
|
||||
- Sanitize all user input before display to prevent injection
|
||||
- Use `URL(string:)` with validation rather than force-unwrapping
|
||||
- Validate data from external sources (APIs, deep links, pasteboard) before processing
|
||||
Reference in New Issue
Block a user