mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-09-13 22:42:29 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

update: print warnings for all KnownVulns found

Browse source 
Some baby steps towards making the KnownVuln stuff more visible.
This commit is contained in:
Hans-Christoph Steiner 2017-12-11 17:56:04 +01:00
parent ca50adb2e5
commit 5ce950e748
1 changed files with 7 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
fdroidserver/update.py
View file

@ -500,6 +500,8 @@ def has_known_vulnerability(filename):
http://www.saurik.com/id/17 http://www.saurik.com/id/17
""" """
found_vuln = False
# statically load this pattern # statically load this pattern
if not hasattr(has_known_vulnerability, "pattern"): if not hasattr(has_known_vulnerability, "pattern"):
has_known_vulnerability.pattern = re.compile(b'.*OpenSSL ([01][0-9a-z.-]+)') has_known_vulnerability.pattern = re.compile(b'.*OpenSSL ([01][0-9a-z.-]+)')
@ -524,14 +526,15 @@ def has_known_vulnerability(filename):
else: else:
logging.warning(_('"{path}" contains outdated {name} ({version})') logging.warning(_('"{path}" contains outdated {name} ({version})')
.format(path=filename, name=name, version=version)) .format(path=filename, name=name, version=version))
return True found_vuln = True
break break
elif name == 'AndroidManifest.xml' or name == 'classes.dex' or name.endswith('.so'): elif name == 'AndroidManifest.xml' or name == 'classes.dex' or name.endswith('.so'):
if name in files_in_apk: if name in files_in_apk:
return True logging.warning(_('{apkfilename} has multiple {name} files, looks like Master Key exploit!')
.format(apkfilename=filename, name=name))
found_vuln = True
files_in_apk.add(name) files_in_apk.add(name)
return found_vuln
return False
def insert_obbs(repodir, apps, apks): def insert_obbs(repodir, apps, apks):