• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server

  • Subject: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • From: sqwarqDev <email@hidden>
  • Date: Thu, 11 Feb 2016 17:19:03 +0700
Thanks largely to folks over on the AppleScript users list, the rough script I was providing yesterday has been significantly improved. Here’s the latest version.

Credits go to Al Varnell and Yvan Koenig for suggestions and rewriting of my earlier drafts.

Added: apps in  /Applications subfolders
Added: Pref Panes that use Sparkle
Added:  anything with .app extension outside of /Applications.
Added: counter showing number of vulnerable files found
Added: ability to view the compete list in TextExit, allowing saving and, more importantly, viewing the whole list, which could be truncated in the dialog box.


————————————————

#script version 1.51
set foundCounter to 0
set infoFilePath to "/Contents/info.plist"

set theApps to do shell script "mdfind kMDItemFSName == '*.prefPane' & mdfind kMDItemFSName == '*.app'"
set theApps to theApps & (do shell script "mdfind -onlyin /Applications " & quote & "kMDItemFSName == '*.app'" & quote)
set theApps to paragraphs of theApps
set sparkleAppsList to {}
tell application "System Events"
	repeat with anApp in theApps
		set anApp to anApp as text
		if exists disk item (anApp & "/Contents/Frameworks/Sparkle.framework") then
			try
				set thePlist to contents of property list file (anApp & infoFilePath)
				set theValue to value of thePlist
				try
					set thisSUFeedURL to SUFeedURL of theValue as text
					if thisSUFeedURL contains "http:" then
						set end of sparkleAppsList to "Application : " & anApp & " : " & thisSUFeedURL & linefeed & linefeed
						set foundCounter to foundCounter + 1
					end if
				end try
			end try
		end if
	end repeat
end tell

display dialog "Found: " & foundCounter & " apps that do not use secure https connections for the Sparkle updater:

" & sparkleAppsList buttons {"Save List", "OK"} default button "OK" with title "Sparkle Framework Vulnerability Check"

set aResponse to text of the result

if aResponse contains "Save List" then
	tell application "TextEdit"
		activate
		make new document
		set text of document 1 to sparkleAppsList as text
	end tell
end if
#EOF



————————————————












_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: brodhage <email@hidden>)
 >Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server (From: Jens Alfke <email@hidden>)

  • Prev by Date: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Next by Date: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Previous by thread: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Next by thread: Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server
  • Index(es):
    • Date
    • Thread