I've removed some duplications in the code, but functionally identical to the
last version.
Again, I'll point out that this is only going to show you apps in
/Applications, and it's not going to find those that hide the appcast url in
the binary (DriveDx, for one, but there are others). Bear in mind that it's a
script that shows Sparkle apps that are definitely insecure, and doesn't imply
that all the other apps that use Sparkle on your mac are secure.
#script version 1.41
set x to (path to startup disk) as text
set defaultAppsFolder to "/Applications"
set plistContents to ""
set pathToAppFolder to x & "Applications:"
set infoFilePath to "Contents:info.plist"
set theApp to ""
set sparkleAppsList to {}
set theAppList to do shell script "find " & defaultAppsFolder & " -name
Sparkle.framework | awk -F'/' '{print $3}'"
set theAppList to paragraphs of theAppList
repeat with i from 1 to number of items in theAppList
set theApp to text of item i of theAppList
set this_item to item i of theAppList
set f to pathToAppFolder & this_item & ":" & infoFilePath as string
tell application "System Events"
if exists property list file f then
set thePlist to contents of property list file f
set theValue to value of thePlist
try
if exists SUFeedURL of theValue then
set thisSUFeedURL to SUFeedURL of theValue as text
if thisSUFeedURL contains "http:" then
set theResultString to "Application : " & my theApp & " : " & thisSUFeedURL as
text
set end of my sparkleAppsList to theResultString & "
"
end if
end if
end try
end if
end tell
end repeat
display dialog "The following apps do not use secure https connections for the
Sparkle updater:
" & sparkleAppsList as string buttons "OK" default button "OK" with title "Sparkle
Framework Vulnerability Check"
#EOF
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
