#script version 1.6
#regression to 1.52 and then
#added: now includes apps that do not have SUFeedURL key in plist and reports their Sparkle version number
#added: borrowed Bill Cheeseman's idea of using choose list and offering to launch the app
#added: borrowed reverse_offset handler from Nigel Garvey's post on MacScripter
on reverse_offset(d, t)
set astid to AppleScript's text item delimiters
set AppleScript's text item delimiters to d
set ro to (count t) - (count text item -1 of t)
set AppleScript's text item delimiters to astid
return ro
end reverse_offset
set foundCounter to 0
set infoFilePath to "/Contents/info.plist"
set theApps to do shell script "mdfind kMDItemFSName == '*.prefPane' & mdfind kMDItemFSName == '*.app'"
set theApps to paragraphs of theApps
set sparkleAppsList to {}
tell application "System Events"
repeat with anApp in theApps
set anApp to anApp as text
if exists disk item (anApp & "/Contents/Frameworks/Sparkle.framework") then
try
set thePlist to contents of property list file (anApp & infoFilePath)
set theValue to value of thePlist
try
try
set thisSUFeedURL to SUFeedURL of theValue as text
if length of thisSUFeedURL = 0 then
set thisSUFeedURL to "httpx"
end if
on error
set thisSUFeedURL to "httpx"
end try
if thisSUFeedURL contains "http:" then
set end of sparkleAppsList to anApp & " : uses insecure http"
set foundCounter to foundCounter + 1
else if thisSUFeedURL contains "httpx" then
try
set sparkleVersion to CFBundleShortVersionString of theValue as text
on error
set sparkleVersion to CFBundleVersion of theValue as text
end try
considering numeric strings
set vulnerable to sparkleVersion < "1.13.1"
end considering
if vulnerable then
set end of sparkleAppsList to anApp & " : -- uses Sparkle v" & sparkleVersion & linefeed & linefeed
set foundCounter to foundCounter + 1
end if
end if
end try
end try
end if
end repeat
end tell
set thePrompt to "Found " & foundCounter & " items that may be using a vulnerable form of the Sparkle framework: " & linefeed & linefeed
choose from list sparkleAppsList with title "Sparkle Vulnerability Check" with prompt thePrompt OK button name "Launch"
if result is not false then
set appPath to item 1 of result
get offset of " :" in appPath
set appPath to text 1 thru (result - 1) of appPath
set ro to reverse_offset("/", appPath)
set appPath to text (ro + 1) thru -1 of appPath
tell me to launch application appPath
end if
#EOF