From 4e544e61fb16e2185869d9364066081c690027b4 Mon Sep 17 00:00:00 2001
From: Peter Serwylo <peter@serwylo.com>
Date: Wed, 5 Jul 2017 18:05:23 +1000
Subject: [PATCH] UNTESTED: Prompt the user to update an app with a known
 vulnerability.

Untested because there are no apps in current repos which exhibit this
behaviour which have newer versions. Right now I'm testing with com.waze
from testy.at.or.at which only has the one version.

I'm also unsure of how important this is seeing as most the time it will
prompt people to update anyway.
---
 .../items/KnownVulnAppListItemController.java | 38 +++++++++++++++----
 app/src/main/res/values/strings.xml           |  1 +
 2 files changed, 32 insertions(+), 7 deletions(-)

diff --git a/app/src/main/java/org/fdroid/fdroid/views/updates/items/KnownVulnAppListItemController.java b/app/src/main/java/org/fdroid/fdroid/views/updates/items/KnownVulnAppListItemController.java
index 1641001d9..a466ae98e 100644
--- a/app/src/main/java/org/fdroid/fdroid/views/updates/items/KnownVulnAppListItemController.java
+++ b/app/src/main/java/org/fdroid/fdroid/views/updates/items/KnownVulnAppListItemController.java
@@ -12,6 +12,7 @@ import android.view.View;
 
 import org.fdroid.fdroid.AppUpdateStatusManager;
 import org.fdroid.fdroid.R;
+import org.fdroid.fdroid.data.Apk;
 import org.fdroid.fdroid.data.App;
 import org.fdroid.fdroid.data.AppProvider;
 import org.fdroid.fdroid.installer.Installer;
@@ -33,23 +34,46 @@ public class KnownVulnAppListItemController extends AppListItemController {
     @Override
     protected AppListItemState getCurrentViewState(
             @NonNull App app, @Nullable AppUpdateStatusManager.AppUpdateStatus appStatus) {
+        String mainText;
+        String actionButtonText;
+
+        // TODO: Take into account signature when multi-sig stuff is merged.
+        if (app.installedVersionCode < app.suggestedVersionCode) {
+            mainText = activity.getString(R.string.updates__app_with_known_vulnerability__upgrade, app.name);
+            actionButtonText = activity.getString(R.string.menu_upgrade);
+        } else {
+            mainText = activity.getString(R.string.updates__app_with_known_vulnerability__uninstall, app.name);
+            actionButtonText = activity.getString(R.string.menu_uninstall);
+        }
+
         return new AppListItemState(app)
-                .setMainText(activity.getString(R.string.updates__app_with_known_vulnerability__uninstall, app.name))
-                .showActionButton(activity.getString(R.string.menu_uninstall));
+                .setMainText(mainText)
+                .showActionButton(actionButtonText);
     }
 
     @Override
     protected void onActionButtonPressed(@NonNull App app) {
-        LocalBroadcastManager.getInstance(activity).registerReceiver(uninstallReceiver,
-                Installer.getUninstallIntentFilter(app.packageName));
-        InstallerService.uninstall(activity, app.getInstalledApk(activity));
+        Apk installedApk = app.getInstalledApk(activity);
+        if (installedApk == null) {
+            throw new IllegalStateException(
+                    "Tried to upgrade or uninstall app with known vulnerability but it doesn't seem to be installed");
+        }
+
+        // TODO: Take into account signature when multi-sig stuff is merged.
+        if (app.installedVersionCode < app.suggestedVersionCode) {
+            LocalBroadcastManager manager = LocalBroadcastManager.getInstance(activity);
+            manager.registerReceiver(installReceiver, Installer.getUninstallIntentFilter(app.packageName));
+            InstallerService.uninstall(activity, installedApk);
+        } else {
+            InstallerService.uninstall(activity, installedApk);
+        }
     }
 
     private void unregisterUninstallReceiver() {
-        LocalBroadcastManager.getInstance(activity).unregisterReceiver(uninstallReceiver);
+        LocalBroadcastManager.getInstance(activity).unregisterReceiver(installReceiver);
     }
 
-    private final BroadcastReceiver uninstallReceiver = new BroadcastReceiver() {
+    private final BroadcastReceiver installReceiver = new BroadcastReceiver() {
         @Override
         public void onReceive(Context context, Intent intent) {
             switch (intent.getAction()) {
diff --git a/app/src/main/res/values/strings.xml b/app/src/main/res/values/strings.xml
index a14d9cc05..3ad55ce16 100644
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -98,6 +98,7 @@ This often occurs with apps installed via Google Play or other sources, if they
     <string name="updates__tts__download_updates_for_all_apps">Download all updates</string>
 
     <string name="updates__app_with_known_vulnerability__uninstall">We found a vulnerability with %1$s. We recommend uninstalling this app immediately.</string>
+    <string name="updates__app_with_known_vulnerability__upgrade">We found a vulnerability with %1$s. We recommend upgrading to the newest version immediately.</string>
 
     <string name="updates__hide_updateable_apps">Hide apps</string>
     <string name="updates__show_updateable_apps">Show apps</string>