kornelski · February 14, 2016 00:44 · Kosmic-Halo · Feb 14, 2016 · mathiasbynens · Feb 14, 2016
diff --git a/sparklecheck.sh b/sparklecheck.sh
 #!/bin/bash
 set -o pipefail
 IFS=$'\n'
 REPORT=''

 checkapp() {
    local APPPATH=$1
    local PLIST="$APPPATH/Contents/Info.plist"
    local SPARKLEPLIST="$APPPATH/Contents/Frameworks/Sparkle.framework/Resources/Info.plist"
    local SPARKLEBIN="$APPPATH/Contents/Frameworks/Sparkle.framework/Sparkle"
    local VER=$(defaults read "$PLIST" CFBundleShortVersionString 2>/dev/null || defaults read "$PLIST" CFBundleVersion 2>/dev/null)
    local APP="$(basename -s .app "$APPPATH") $VER"
    FEED=$(defaults read "$PLIST" SUFeedURL 2>/dev/null)
    local RESULT=$?
    if [ -d "$APPPATH/Contents/_MASReceipt" -a ! -e "$SPARKLEBIN" ]; then
        echo "ok: $APP does not use Sparkle";
    elif [ "$RESULT" -ne 0 -a ! -e "$SPARKLEPLIST" ]; then
        echo "ok: $APP does not seem to use Sparkle";
    elif [[ $FEED == "https://"* ]]; then
        echo "ok: $APP uses HTTPS for updates - safe";
    elif fgrep 2>/dev/null -q "about:blank" "$SPARKLEBIN"; then
        echo "ok: $APP has a patched version Sparkle - safe"
    else
        SPARKLEVER=$(defaults read "$SPARKLEPLIST" CFBundleVersion 2>/dev/null)
        local RESULT=$?
        if [ $RESULT -eq 0 -a -n "$FEED" ]; then
            REPORT+="
 !!: $APP uses insecure feed URL '$FEED' and an unpatched version of Sparkle ($SPARKLEVER) - it is UNSAFE"
        elif [ $RESULT -ne 0 ]; then
            REPORT+="
 !!: $APP uses insecure feed URL '$FEED' and an unknown version of Sparkle - may be UNSAFE"
        else
            echo "!!: $APP uses unknown feed URL and an unknown version of Sparkle - unable to tell"
        fi

    fi
 }

 for i in $({ mdfind kind:application; find /Applications -maxdepth 2 -name '*.app'; } | sort -u ); do
    checkapp "$i"
 done

 if [ -n "$REPORT" ]; then
 echo "
 Unsafe applications found!
 $REPORT

 Please ask the apps' developers to update Sparkle to the secure version,
 as described at: https://sparkle-project.org/documentation/security
 "
 fi
	#!/bin/bash
	set -o pipefail
	IFS=$'\n'
	REPORT=''

	checkapp() {
	local APPPATH=$1
	local PLIST="$APPPATH/Contents/Info.plist"
	local SPARKLEPLIST="$APPPATH/Contents/Frameworks/Sparkle.framework/Resources/Info.plist"
	local SPARKLEBIN="$APPPATH/Contents/Frameworks/Sparkle.framework/Sparkle"
	local VER=$(defaults read "$PLIST" CFBundleShortVersionString 2>/dev/null \|\| defaults read "$PLIST" CFBundleVersion 2>/dev/null)
	local APP="$(basename -s .app "$APPPATH") $VER"
	FEED=$(defaults read "$PLIST" SUFeedURL 2>/dev/null)
	local RESULT=$?
	if [ -d "$APPPATH/Contents/_MASReceipt" -a ! -e "$SPARKLEBIN" ]; then
	echo "ok: $APP does not use Sparkle";
	elif [ "$RESULT" -ne 0 -a ! -e "$SPARKLEPLIST" ]; then
	echo "ok: $APP does not seem to use Sparkle";
	elif [[ $FEED == "https://"* ]]; then
	echo "ok: $APP uses HTTPS for updates - safe";
	elif fgrep 2>/dev/null -q "about:blank" "$SPARKLEBIN"; then
	echo "ok: $APP has a patched version Sparkle - safe"
	else
	SPARKLEVER=$(defaults read "$SPARKLEPLIST" CFBundleVersion 2>/dev/null)
	local RESULT=$?
	if [ $RESULT -eq 0 -a -n "$FEED" ]; then
	REPORT+="
	!!: $APP uses insecure feed URL '$FEED' and an unpatched version of Sparkle ($SPARKLEVER) - it is UNSAFE"
	elif [ $RESULT -ne 0 ]; then
	REPORT+="
	!!: $APP uses insecure feed URL '$FEED' and an unknown version of Sparkle - may be UNSAFE"
	else
	echo "!!: $APP uses unknown feed URL and an unknown version of Sparkle - unable to tell"
	fi

	fi
	}

	for i in $({ mdfind kind:application; find /Applications -maxdepth 2 -name '*.app'; } \| sort -u ); do
	checkapp "$i"
	done

	if [ -n "$REPORT" ]; then
	echo "
	Unsafe applications found!
	$REPORT

	Please ask the apps' developers to update Sparkle to the secure version,
	as described at: https://sparkle-project.org/documentation/security
	"
	fi