Apple

#script version 1.5.1

set foundCounter to 0

set infoFilePath to "/Contents/info.plist"

set theApps to do shell script "mdfind kMDItemFSName == '*.prefPane' & mdfind kMDItemFSName == '*.app'"

set theApps to theApps & (do shell script "mdfind -onlyin /Applications " & quote & "kMDItemFSName == '*.app'" & quote)

set theApps to paragraphs of theApps

set sparkleAppsList to {}

tell application "System Events"

repeat with anApp in theApps

set anApp to anApp as text

set aFrameWork to anApp & "/Contents/Frameworks/Sparkle.framework"

if exists disk item aFrameWork then

set aSparklePlist to aFrameWork & "/Versions/A/Resources/Info.plist"

set thePlist to contents of property list file aSparklePlist

set theValue to value of thePlist

try

set sparkleVersion to CFBundleShortVersionString of theValue as text

on error

set sparkleVersion to CFBundleVersion of theValue as text

end try

considering numeric strings

set vulnerable to sparkleVersion < "1.13.1"

end considering

if vulnerable then

try

set thePlist to contents of property list file (anApp & infoFilePath)

set theValue to value of thePlist

try

set thisSUFeedURL to SUFeedURL of theValue as text

if thisSUFeedURL contains "http:" then

set end of sparkleAppsList to "Application : " & anApp & " : " & thisSUFeedURL & linefeed & linefeed

set foundCounter to foundCounter + 1

end if

end try

end if # vulnerable

end if

end repeat

end tell

display dialog "Found: " & foundCounter & " apps that do not use secure https connections for the Sparkle updater:

" & sparkleAppsList buttons {"Save List", "OK"} default button "OK" with title "Sparkle Framework Vulnerability Check"

set aResponse to text of the result

if aResponse contains "Save List" then

tell application "TextEdit"

activate

make new document

set text of document 1 to sparkleAppsList as text

end tell

end if

#EOF