Karl/BobStore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

UNTESTED: Prompt the user to update an app with a known vulnerability.

Browse Source 
Untested because there are no apps in current repos which exhibit this
behaviour which have newer versions. Right now I'm testing with com.waze
from testy.at.or.at which only has the one version.

I'm also unsure of how important this is seeing as most the time it will
prompt people to update anyway.
This commit is contained in:
Peter Serwylo 2017-07-05 18:05:23 +10:00
parent 7424220c02
commit 4e544e61fb
2 changed files with 32 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
app/src/main/java/org/fdroid/fdroid/views/updates/items/KnownVulnAppListItemController.java
View File

@ -12,6 +12,7 @@ import android.view.View;
import org.fdroid.fdroid.AppUpdateStatusManager;
import org.fdroid.fdroid.R;
import org.fdroid.fdroid.data.Apk;
import org.fdroid.fdroid.data.App;
import org.fdroid.fdroid.data.AppProvider;
import org.fdroid.fdroid.installer.Installer;
@ -33,23 +34,46 @@ public class KnownVulnAppListItemController extends AppListItemController {
@Override
protected AppListItemState getCurrentViewState(
@NonNull App app, @Nullable AppUpdateStatusManager.AppUpdateStatus appStatus) {
String mainText;
String actionButtonText;
// TODO: Take into account signature when multi-sig stuff is merged.
if (app.installedVersionCode < app.suggestedVersionCode) {
mainText = activity.getString(R.string.updates__app_with_known_vulnerability__upgrade, app.name);
actionButtonText = activity.getString(R.string.menu_upgrade);
} else {
mainText = activity.getString(R.string.updates__app_with_known_vulnerability__uninstall, app.name);
actionButtonText = activity.getString(R.string.menu_uninstall);
}
return new AppListItemState(app)
.setMainText(activity.getString(R.string.updates__app_with_known_vulnerability__uninstall, app.name))
.showActionButton(activity.getString(R.string.menu_uninstall));
.setMainText(mainText)
.showActionButton(actionButtonText);
}
@Override
protected void onActionButtonPressed(@NonNull App app) {
LocalBroadcastManager.getInstance(activity).registerReceiver(uninstallReceiver,
Installer.getUninstallIntentFilter(app.packageName));
InstallerService.uninstall(activity, app.getInstalledApk(activity));
Apk installedApk = app.getInstalledApk(activity);
if (installedApk == null) {
throw new IllegalStateException(
"Tried to upgrade or uninstall app with known vulnerability but it doesn't seem to be installed");
}
// TODO: Take into account signature when multi-sig stuff is merged.
if (app.installedVersionCode < app.suggestedVersionCode) {
LocalBroadcastManager manager = LocalBroadcastManager.getInstance(activity);
manager.registerReceiver(installReceiver, Installer.getUninstallIntentFilter(app.packageName));
InstallerService.uninstall(activity, installedApk);
} else {
InstallerService.uninstall(activity, installedApk);
}
}
private void unregisterUninstallReceiver() {
LocalBroadcastManager.getInstance(activity).unregisterReceiver(uninstallReceiver);
LocalBroadcastManager.getInstance(activity).unregisterReceiver(installReceiver);
}
private final BroadcastReceiver uninstallReceiver = new BroadcastReceiver() {
private final BroadcastReceiver installReceiver = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
switch (intent.getAction()) {

1
app/src/main/res/values/strings.xml
View File

@ -98,6 +98,7 @@ This often occurs with apps installed via Google Play or other sources, if they
<string name="updates__tts__download_updates_for_all_apps">Download all updates</string>
<string name="updates__app_with_known_vulnerability__uninstall">We found a vulnerability with %1$s. We recommend uninstalling this app immediately.</string>
<string name="updates__app_with_known_vulnerability__upgrade">We found a vulnerability with %1$s. We recommend upgrading to the newest version immediately.</string>
<string name="updates__hide_updateable_apps">Hide apps</string>
<string name="updates__show_updateable_apps">Show apps</string>