• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server

  • Subject: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • From: sqwarqDev <email@hidden>
  • Date: Wed, 10 Feb 2016 16:49:43 +0000 (GMT)
I've removed some duplications in the code, but functionally identical to the last version.

Again, I'll point out that this is only going to show you apps in /Applications, and it's not going to find those that hide the appcast url in the binary (DriveDx, for one, but there are others). Bear in mind that it's a script that shows Sparkle apps that are definitely insecure, and doesn't imply that all the other apps that use Sparkle on your mac are secure.


#script version 1.41
set x to (path to startup disk) as text
set defaultAppsFolder to "/Applications"
set plistContents to ""
set pathToAppFolder to x & "Applications:"
set infoFilePath to "Contents:info.plist"
set theApp to ""
set sparkleAppsList to {}
set theAppList to do shell script "find " & defaultAppsFolder & " -name Sparkle.framework | awk -F'/' '{print $3}'"
set theAppList to paragraphs of theAppList
repeat with i from 1 to number of items in theAppList
set theApp to text of item i of theAppList
set this_item to item i of theAppList
set f to pathToAppFolder & this_item & ":" & infoFilePath as string
tell application "System Events"
if exists property list file f then
set thePlist to contents of property list file f
set theValue to value of thePlist
try
if exists SUFeedURL of theValue then

set thisSUFeedURL to SUFeedURL of theValue as text
if thisSUFeedURL contains "http:" then
set theResultString to "Application : " & my theApp & " : " & thisSUFeedURL as text
set end of my sparkleAppsList to theResultString & "

"
end if

end if
end try
end if
end tell
end repeat
display dialog "The following apps do not use secure https connections for the Sparkle updater:

" & sparkleAppsList as string buttons "OK" default button "OK" with title "Sparkle Framework Vulnerability Check"

#EOF
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Next by Date: Contextual menu for NSTableCellView in NSOutlineView
  • Previous by thread: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Next by thread: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Index(es):
    • Date
    • Thread