fix(security): use HTTPS for CLI binary download URL (#12)

sunny-se · claude · web-flow · commit 2cc7ea729a0a · 2026-05-27T14:38:46.000+05:30
F-001 / DEVA11Y-473 — The default download URL used plaintext HTTP
(CWE-319), allowing MitM to substitute a malicious binary.
Switch to HTTPS to enforce TLS.

Co-authored-by: Claude Opus 4.6 (1M context) &lt;noreply@anthropic.com&gt;
diff --git a/Plugins/BrowserStackAccessibilityLint/BrowserStackAccessibilityLint.swift b/Plugins/BrowserStackAccessibilityLint/BrowserStackAccessibilityLint.swift
@@ -339,7 +339,7 @@ private struct BrowserStackCLIDownloader {
     private func defaultDownloadURL() throws -> URL {
         let os = try currentOSName()
         let arch = try currentArchName()
-        guard let url = URL(string: "http://api.browserstack.com/sdk/v1/download_cli?os=\(os)&os_arch=\(arch)") else {
+        guard let url = URL(string: "https://api.browserstack.com/sdk/v1/download_cli?os=\(os)&os_arch=\(arch)") else {
             throw PluginError("Failed to create download URL for \(os) \(arch).")
         }
         return url

Original file line number	Diff line number	Diff line change
`@@ -339,7 +339,7 @@ private struct BrowserStackCLIDownloader {`
`339`	`339`	`private func defaultDownloadURL() throws -> URL {`
`340`	`340`	`let os = try currentOSName()`
`341`	`341`	`let arch = try currentArchName()`
`342`		`- guard let url = URL(string: "http://api.browserstack.com/sdk/v1/download_cli?os=\(os)&os_arch=\(arch)") else {`
	`342`	`+ guard let url = URL(string: "https://api.browserstack.com/sdk/v1/download_cli?os=\(os)&os_arch=\(arch)") else {`
`343`	`343`	`throw PluginError("Failed to create download URL for \(os) \(arch).")`
`344`	`344`	`}`
`345`	`345`	`return url`