set theApps to paragraphs of theApps
set sparkleAppsList to {}
tell application "System Events"
repeat with anApp in theApps
set anApp to anApp as text
set aFrameWork to anApp & "/Contents/Frameworks/Sparkle.framework"
if exists disk item aFrameWork then
set aSparklePlist to aFrameWork & "/Versions/A/Resources/Info.plist"
set thePlist to contents of property list file aSparklePlist
set theValue to value of thePlist
try
set sparkleVersion to CFBundleShortVersionString of theValue as text
on error
set sparkleVersion to CFBundleVersion of theValue as text
end try
considering numeric strings
set vulnerable to sparkleVersion < "1.13.1"
end considering
if vulnerable then
try
set thePlist to contents of property list file (anApp & infoFilePath)
set theValue to value of thePlist
try
set thisSUFeedURL to SUFeedURL of theValue as text
if thisSUFeedURL contains "http:" then
set end of sparkleAppsList to "Application : " & anApp & " : " & thisSUFeedURL & linefeed & linefeed
set foundCounter to foundCounter + 1
end if
end try
end try
end if # vulnerable
end if
end repeat
end tell
display dialog "Found: " & foundCounter & " apps that do not use secure https connections for the Sparkle updater:
" & sparkleAppsList buttons {"Save List", "OK"} default button "OK" with title "Sparkle Framework Vulnerability Check"
set aResponse to text of the result
if aResponse contains "Save List" then
tell application "TextEdit"
activate
make new document
set text of document 1 to sparkleAppsList as text
end tell
end if
#EOF
I was surprised to see that the late Phil's version scan all mounted volumes.
Here I boot my iMac from an external SSD and so the script list items from the SSD and from the internal HD.
I was puzzled by the way Sparkle describes its version.