Hans-Christoph Steiner
f538e0da8c
add tests for RepoXMLHandler
...
This is a basic set of tests. These tests should be extended in three ways:
* make sure all of the apps are parsed
* make sure all of the APKs are parsed
* make sure the ProgressListener is called
2014-12-11 13:50:05 +01:00
Daniel Martí
06dd4c8dcb
Move F-Droid project into subdir, keeping a root gradle project
...
Also improved .gitignore a tad
2014-12-09 15:36:07 +01:00
Hans-Christoph Steiner
3fef37a5f4
added test of "Master Key"-style exploit based
...
This does not seem affected, I made a quick and dirty zip with two
index.xml files in it following these instructions:
http://www.saurik.com/id/17
refs #39 https://gitlab.com/fdroid/fdroidclient/issues/39
2014-07-10 13:30:44 -04:00
Hans-Christoph Steiner
8395472f8d
test index.jar signature checking
...
I got scared by seeing the Android docs' version of JarFile.getInputStream,
which didn't mention SecurityException or the signature checking. But it
seems that even tho its not in the Android docs, Android implements it the
same as Java does. It is good to have these tests in place anyhow, since
this is an essential piece of the security process of FDroid.
* http://docs.oracle.com/javase/6/docs/api/java/util/jar/JarFile.html#getInputStream(java.util.zip.ZipEntry)
* https://developer.android.com/reference/java/util/jar/JarFile.html#getInputStream(java.util.zip.ZipEntry)
refs #2627 https://dev.guardianproject.info/issues/2627
refs #2959 https://dev.guardianproject.info/issues/2959
2014-05-01 12:44:01 -04:00
