| I've never liked using 'do shell script', mainly because I know a lot more about AppleScript than I do about shell scripting. The following script uses pure AppleScript to return a string listing the paths to all application packages in the Applications folder that contain the Sparkle.framework in their Contents/Frameworks subfolder. (Like the SqwarqDev script, it does not search for applications that use a Sparkle plugin, because I don't know enough about Sparkle.)
This script searches every application package in the Applications folder, no matter how deeply nested in subfolders. For example, it searches all application packages in the Utilities subfolder. (I can't tell from the mailing list posts whether the SqwarqDev script searches applications at all levels of the Applications folder.)
It is IMPORTANT to note that, unlike the SqwarqDev script, my script lists ALL applications that contain the Sparkle framework in their Frameworks subfolder, whether or not they pose a security risk. I did this partly because I want to know which applications in my Applications folder use the Sparkle framework, but mainly because I don't have time to modify my script to read the Info.plist files.
Perhaps somebody else could take a stab at adding the features that are missing from my script, as noted above. A comment marks the place where code to process the Info.plist file should be added.
set report to "" tell application "Finder" repeat with thisApp in every application file in every folder of folder "Applications" of startup disk as alias list set thisApp to contents of thisApp if package folder of (info for thisApp) and ¬ name of every folder of thisApp contains "Contents" and ¬ name of every folder of folder "Contents" of thisApp contains "Frameworks" and ¬ name of every item of folder "Frameworks" of folder "Contents" of thisApp contains "Sparkle.framework" then -- add statements to process Info.plist file of thisApp here set report to (report & thisApp as text) & return end if end repeat end tell On Feb 10, 2016, at 11:49 AM, sqwarqDev < email@hidden> wrote:
I've removed some duplications in the code, but functionally identical to the last version.
Again, I'll point out that this is only going to show you apps in /Applications, and it's not going to find those that hide the appcast url in the binary (DriveDx, for one, but there are others). Bear in mind that it's a script that shows Sparkle apps that are definitely insecure, and doesn't imply that all the other apps that use Sparkle on your mac are secure.
|