Skip to content

Commit

Permalink
Require signing validation for apple archives before extraction (#2588)
Browse files Browse the repository at this point in the history
  • Loading branch information
zorgiepoo authored Jun 20, 2024
1 parent dd93743 commit 1b6565d
Show file tree
Hide file tree
Showing 7 changed files with 9 additions and 9 deletions.
4 changes: 2 additions & 2 deletions Autoupdate/AppInstaller.m
Original file line number Diff line number Diff line change
Expand Up @@ -193,9 +193,9 @@ - (void)extractAndInstallUpdate SPU_OBJC_DIRECT

_updateValidator = [[SUUpdateValidator alloc] initWithDownloadPath:archivePath signatures:_signatures host:_host verifierInformation:_verifierInformation];

// Delta & package updates will require validation before extraction
// Delta, package updates, and .aar/.yaa archives will require validation before extraction
// Normal application updates are a bit more lenient allowing developers to change one of apple dev ID or EdDSA keys
BOOL needsPrevalidation = [[unarchiver class] mustValidateBeforeExtraction] || ![_installationType isEqualToString:SPUInstallationTypeApplication];
BOOL needsPrevalidation = [[unarchiver class] mustValidateBeforeExtractionWithArchivePath:archivePath] || ![_installationType isEqualToString:SPUInstallationTypeApplication];

if (needsPrevalidation) {
success = [_updateValidator validateDownloadPathWithError:&unarchiverError];
Expand Down
2 changes: 1 addition & 1 deletion Autoupdate/SUBinaryDeltaUnarchiver.m
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ + (BOOL)canUnarchivePath:(NSString *)path
return [[path pathExtension] isEqualToString:@"delta"];
}

+ (BOOL)mustValidateBeforeExtraction
+ (BOOL)mustValidateBeforeExtractionWithArchivePath:(NSString *)archivePath
{
return YES;
}
Expand Down
2 changes: 1 addition & 1 deletion Autoupdate/SUDiskImageUnarchiver.m
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ + (BOOL)canUnarchivePath:(NSString *)path
return [[path pathExtension] isEqualToString:@"dmg"];
}

+ (BOOL)mustValidateBeforeExtraction
+ (BOOL)mustValidateBeforeExtractionWithArchivePath:(NSString *)archivePath
{
return NO;
}
Expand Down
2 changes: 1 addition & 1 deletion Autoupdate/SUFlatPackageUnarchiver.m
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ + (BOOL)canUnarchivePath:(NSString *)path
return [path.pathExtension isEqualToString:@"pkg"] || [path.pathExtension isEqualToString:@"mpkg"];
}

+ (BOOL)mustValidateBeforeExtraction
+ (BOOL)mustValidateBeforeExtractionWithArchivePath:(NSString *)archivePath
{
return YES;
}
Expand Down
4 changes: 2 additions & 2 deletions Autoupdate/SUPipedUnarchiver.m
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,9 @@ + (BOOL)canUnarchivePath:(NSString *)path
return _commandAndArgumentsConformingToTypeOfPath(path) != nil;
}

+ (BOOL)mustValidateBeforeExtraction
+ (BOOL)mustValidateBeforeExtractionWithArchivePath:(NSString *)archivePath
{
return NO;
return ([archivePath hasSuffix:@".aar"] || [archivePath hasSuffix:@".yaa"]);
}

- (instancetype)initWithArchivePath:(NSString *)archivePath extractionDirectory:(NSString *)extractionDirectory
Expand Down
2 changes: 1 addition & 1 deletion Autoupdate/SUUnarchiverProtocol.h
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ NS_ASSUME_NONNULL_BEGIN

@protocol SUUnarchiverProtocol <NSObject>

+ (BOOL)mustValidateBeforeExtraction;
+ (BOOL)mustValidateBeforeExtractionWithArchivePath:(NSString *)archivePath;

- (void)unarchiveWithCompletionBlock:(void (^)(NSError * _Nullable))completionBlock progressBlock:(void (^ _Nullable)(double))progressBlock;

Expand Down
2 changes: 1 addition & 1 deletion Sparkle/SUUpdateValidator.m
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ - (BOOL)validateWithUpdateDirectory:(NSString *)updateDirectory error:(NSError *
{
// Because we already validated the EdDSA signature, this is just a consistency check to see
// if the developer signed their application properly with their Apple ID
// Currently, this case only gets hit for binary delta updates
// Currently, this case gets hit for binary delta updates and .aar/.yaa archives

NSError *innerError = nil;
if ([SUCodeSigningVerifier bundleAtURLIsCodeSigned:installSourceURL] && ![SUCodeSigningVerifier codeSignatureIsValidAtBundleURL:installSourceURL error:&innerError]) {
Expand Down

0 comments on commit 1b6565d

Please sign in to comment.