mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-10-08 10:21:05 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

update: throw exception for APKs with invalid Application ID

Browse source 
Android Application IDs must be valid Java Package Names.  While the build
tools likely validate the Application ID, it is possible to manually create
a malicious APK.
This commit is contained in:
Hans-Christoph Steiner 2018-09-01 12:19:45 +02:00
parent 5d161cc9fd
commit 11b3e5be3a
2 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
fdroidserver/update.py
View file

@ -1064,6 +1064,10 @@ def scan_apk(apk_file):
else:
scan_apk_aapt(apk, apk_file)
if not common.is_valid_java_package_name(apk['packageName']):
raise BuildException(_("{appid} from {path} is not a valid Java Package Name!")
.format(appid=apk['packageName'], path=apk_file))
# Get the signature, or rather the signing key fingerprints
logging.debug('Getting signature of {0}'.format(os.path.basename(apk_file)))
apk['sig'] = getsig(apk_file)