Re: PSA: Does your app use Sparkle? Update it, or use an HTTPS server

Thu, 11 Feb 2016 02:21:55 -0800 

Thanks largely to folks over on the AppleScript users list, the rough script I 
was providing yesterday has been significantly improved. Here’s the latest 
version. 

Credits go to Al Varnell and Yvan Koenig for suggestions and rewriting of my 
earlier drafts.

Added: apps in  /Applications subfolders 
Added: Pref Panes that use Sparkle
Added:  anything with .app extension outside of /Applications.
Added: counter showing number of vulnerable files found
Added: ability to view the compete list in TextExit, allowing saving and, more 
importantly, viewing the whole list, which could be truncated in the dialog box.


————————————————

#script version 1.51
set foundCounter to 0
set infoFilePath to "/Contents/info.plist"

set theApps to do shell script "mdfind kMDItemFSName == '*.prefPane' & mdfind 
kMDItemFSName == '*.app'"
set theApps to theApps & (do shell script "mdfind -onlyin /Applications " & 
quote & "kMDItemFSName == '*.app'" & quote)
set theApps to paragraphs of theApps
set sparkleAppsList to {}
tell application "System Events"
        repeat with anApp in theApps
                set anApp to anApp as text
                if exists disk item (anApp & 
"/Contents/Frameworks/Sparkle.framework") then
                        try
                                set thePlist to contents of property list file 
(anApp & infoFilePath)
                                set theValue to value of thePlist
                                try
                                        set thisSUFeedURL to SUFeedURL of 
theValue as text
                                        if thisSUFeedURL contains "http:" then
                                                set end of sparkleAppsList to 
"Application : " & anApp & " : " & thisSUFeedURL & linefeed & linefeed
                                                set foundCounter to 
foundCounter + 1
                                        end if
                                end try
                        end try
                end if
        end repeat
end tell

display dialog "Found: " & foundCounter & " apps that do not use secure https 
connections for the Sparkle updater:

" & sparkleAppsList buttons {"Save List", "OK"} default button "OK" with title 
"Sparkle Framework Vulnerability Check"

set aResponse to text of the result

if aResponse contains "Save List" then
        tell application "TextEdit"
                activate
                make new document
                set text of document 1 to sparkleAppsList as text
        end tell
end if
#EOF



————————————————












_______________________________________________

Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com

This email sent to arch...@mail-archive.com

Reply via email to