• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server

  • Subject: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • From: sqwarqDev <email@hidden>
  • Date: Wed, 10 Feb 2016 13:36:32 +0000 (GMT)


On Feb 10, 2016, at 07:39, email@hidden wrote:

You can do that in the terminal, I found this terminal command online:

find /Applications -name Sparkle.framework | awk -F'/' '{print $3}' | awk
-F'.' '{print $1}'


Here’s an AppleScript that will output the insecure http apps from your Applications folder. Note two caveats:

i. it won’t catch apps not in your /Applications folder

ii. it won’t catch apps that don’t use the SUFeedURL in the info.plist (some hide it in the binary, DriveDx being one I know of). 

I’ve also posted this script and a summary of what’s been said here on my blog at:


http://applehelpwriter.com/2016/02/10/how-to-check-for-sparkle-vulnerability/


Here’s the script. Paste it into the Script Editor, compile and run. If there’s any compile problems, it’s just to formatting from your Email editor, so copy and paste as plain text.



set plistContents to ""
set x to (path to startup disk) as text
set pathToAppFolder to x & "Applications:" as alias
set infoFilePath to "Contents:info.plist"
set theApp to ""
set sparkleAppsList to {}
set theAppList to do shell script "find /Applications -name Sparkle.framework | awk -F'/' '{print $3}' | awk -F'.' '{print $1}'"
set theAppList to paragraphs of theAppList
repeat with i from 1 to number of items in theAppList
set theApp to text of item i of theAppList
set this_item to item i of theAppList
set f to pathToAppFolder & this_item & ".app:" & infoFilePath as string
tell application "System Events"
set thePlist to contents of property list file f
set theValue to value of thePlist
set thisSUFeedURL to SUFeedURL of theValue as text
if thisSUFeedURL contains "http:" then
set theResultString to "Application : " & my theApp & " : " & thisSUFeedURL as text
set end of my sparkleAppsList to theResultString & "

"
end if
end tell
end repeat
display dialog "The following apps do not use secure https connections for the sparkle updater:

" & sparkleAppsList as string

#EOF




Best


Phil
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Next by Date: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Previous by thread: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Next by thread: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Index(es):
    • Date
    • Thread