Here’s a script that should check whether apps located in your /Applications folder are using an insecure http address for the Sparkle updater url
Note that there’s two important classes of application it won’t find:
i. any insecure Sparkle apps that are not in your /Applications folder, and
ii. any Sparkle apps that do not use the SUFeedURL key in their info plist.
For the former, you’ll either have to move the apps into Applications or adapt the script (choose folder would be the easiest way, I guess).
For the latter, the only way I can think of at the moment is to use ‘strings’ (or a text editor) and grep for ‘appcast’ on the binary located in /Contents/MacOS.
set plistContents to ""
set x to (path to startup disk) as text
set pathToAppFolder to x & "Applications:" as alias
set infoFilePath to "Contents:info.plist"
set theApp to ""
set sparkleAppsList to {}
set theAppList to do shell script "find /Applications -name Sparkle.framework | awk -F'/' '{print $3}'"
set theAppList to paragraphs of theAppList
repeat with i from 1 to number of items in theAppList
set theApp to text of item i of theAppList
set this_item to item i of theAppList
set f to pathToAppFolder & this_item & ":" & infoFilePath as string
tell application "System Events"
set thePlist to contents of property list file f
set theValue to value of thePlist
set thisSUFeedURL to SUFeedURL of theValue as text
if thisSUFeedURL contains "http:" then
set theResultString to "Application : " & my theApp & " : " & thisSUFeedURL as text
set end of my sparkleAppsList to theResultString & "
"
end if
end tell
end repeat
display dialog "The following apps do not use secure https connections for the sparkle updater:
" & sparkleAppsList as string