#script version 1.5.4
set foundCounter to 0
set infoFilePath to "/Contents/info.plist"
set theApps to do shell script "mdfind kMDItemFSName == '*.prefPane' & mdfind kMDItemFSName == '*.app'"
--set theApps to theApps & (do shell script "mdfind -onlyin /Applications " & quote & "kMDItemFSName == '*.app'" & quote) # disabled in 1.5.2
set theApps to paragraphs of theApps
set sparkleAppsList to {}
tell application "System Events"
repeat with anApp in theApps
set anApp to anApp as text
set aFrameWork to anApp & "/Contents/Frameworks/Sparkle.framework"
if exists disk item aFrameWork then
set aSparklePlist to aFrameWork & "/Versions/A/Resources/Info.plist"
set thePlist to contents of property list file aSparklePlist
set theValue to value of thePlist
try
set sparkleVersion to CFBundleShortVersionString of theValue as text
on error
set sparkleVersion to CFBundleVersion of theValue as text
end try
considering numeric strings
set vulnerable to sparkleVersion < "1.13.1"
end considering
if vulnerable then
# Added in v1.5.4
set theBin to (first disk item of folder (anApp & "/Contents/MacOS/") whose type identifier is "public.unix-executable")
tell me to set binContents to read theBin
set callAppcast to binContents contains "appcast"
if callAppcast then
set thePlist to contents of property list file (anApp & infoFilePath)
set theValue to value of thePlist
try # Edited in 1.5.3 and 1.5.4
set thisSUFeedURL to SUFeedURL of theValue as text
if thisSUFeedURL contains "http:" then set thisSUFeedURL to thisSUFeedURL & " and call appcast"
on error
set thisSUFeedURL to "no link available but call appcast"
end try
set end of sparkleAppsList to "Application : " & anApp & " : " & thisSUFeedURL & linefeed & linefeed
set foundCounter to foundCounter + 1
end if
end if # vulnerable
end if
end repeat
end tell
display dialog "Found: " & foundCounter & " apps that do not use secure https connections for the Sparkle updater:
" & sparkleAppsList buttons {"Save List", "OK"} default button "OK" with title "Sparkle Framework Vulnerability Check"
set aResponse to button returned of the result # Edited in 1.5.3
if aResponse is "Save List" then # Edited in 1.5.3
tell application "TextEdit"
activate
make new document
set text of document 1 to sparkleAppsList as text
end tell
end if
#EOF
Yvan KOENIG running El Capitan 10.11.3 in French (VALLAURIS, France) jeudi 11 février 2016 16:39:21