Dealing with Error: chromedriver cannot be opened because the developer cannot be verified.

I've been learning Selenium WebDriver, which allows me to automate tests by using WebDriver's chromedriver tool to navigate the Chrome web browser automatically. Having updated MacOS, I found I couldn't run the tests in my project due to the chromedriver file being quarantined. When I ran my tests I got this error:

chromedriver cannot be opened because the developer cannot be verified.
macOS cannot verify that this app is free from malware.

It may be possible to 'open anyway' from your Security & Privacy settings. If not, here's what I did to resolve this issue.

Step 1: verify the warning

MacOS has security checks run via software called Gatekeeper, which checks any downloaded apps or executables. By default, downloads from the Apple store or with a valid Apple developer certificate are allowed. In the latest update, I saw there had been an update to the Gatekeeper logic to make it more robust. As described by in the Apple security updates release,

AppleScript
Available for: macOS Big Sur
Impact: a malicious application may bypass Gatekeeper checks
Description: a logic issue was addressed with improved state management.
CVE-2021-30669: Yair Hoffman

I'd downloaded chromedriver some time ago and already used it in my project - I'd been able to run the same tests previously - but the recent system update resulted in this file being newly flagged.

Since I had downloaded the chromedriver content from a reputable source I was confident that I could remove the quarantine.

Step 2: verify that quarantine is the cause of your error

In the terminal, navigate to the directory containing the file in question. Use ls -l to list files (ls) in long format (-l):

:resources ruthmoog$ ls -ltotal 32664-rwxr-xr-x@ 1 ruthmoog  staff  16722536 Mar 13 02:03 chromedriverdrwxr-xr-x  3 ruthmoog  staff        96 Jun  6 12:13 screenshots

Using the -l flag will list the items in the directory, along with permissions information.

The proceeding letters indicate that I have a file (-) and a directory (d) in my current directory, and the letters or dashes in sets are file-system permissions which define read (r) and write (w), and executable (x) settings for three user levels (owner, group member, everyone).

In my example above, the character I'm interested is the @ symbol. This indicates the file is in quarantine.

Step 3: remove from quarantine

To remove the flag, I will need to update the chromedriver file's extended file attribute (xattr). This is what allows the system to associate the 'in quarantine' metadata with the file.

Delete (-d) the apple quarantine flag com.apple.quarantine for the file (chromedriver, in my case) - and then long list again, to verify the attribute has changed as expected:

:resources ruthmoog$ xattr -d com.apple.quarantine chromedriver:resources ruthmoog$ ls -ltotal 32664-rwxr-xr-x  1 ruthmoog  staff  16722536 Mar 13 02:03 chromedriverdrwxr-xr-x  3 ruthmoog  staff        96 Jun  6 12:13 screenshots

The @ symbol has gone from the chromedriver file in the listing; it's free from quarantine!

Step 4: run the code

Now I can run my tests, and use the chromedriver file without problem.

I've only changed the quarantine setting for the specific file I wanted to, and Gatekeeper will continue to check any downloaded files and quarantine any unapproved downloads.