mirror of
https://gitcode.com/gh_mirrors/re/react-native-pushy.git
synced 2025-09-18 02:46:09 +08:00
Compare commits
5 Commits
v9.1.2
...
fix/zipsli
| Author | SHA1 | Date | |
|---|---|---|---|
|
8622935bdf | ||
|
|
b747b1f356 | ||
|
|
7752581470 | ||
|
|
33eb89d2a7 | ||
|
|
d111bf5a9c |
@@ -237,19 +237,7 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
|
||||
while (entries.hasMoreElements()) {
|
||||
ZipEntry ze = entries.nextElement();
|
||||
|
||||
String fn = ze.getName();
|
||||
File fmd = new File(param.unzipDirectory, fn);
|
||||
|
||||
if (UpdateContext.DEBUG) {
|
||||
Log.d("RNUpdate", "Unzipping " + fn);
|
||||
}
|
||||
|
||||
if (ze.isDirectory()) {
|
||||
fmd.mkdirs();
|
||||
continue;
|
||||
}
|
||||
|
||||
zipFile.unzipToFile(ze, fmd);
|
||||
zipFile.unzipToPath(ze, param.unzipDirectory);
|
||||
}
|
||||
|
||||
zipFile.close();
|
||||
@@ -324,8 +312,15 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
|
||||
} else {
|
||||
target = copyList.get((from));
|
||||
}
|
||||
target.add(new File(param.unzipDirectory, to));
|
||||
//copyFromResource(from, new File(param.unzipDirectory, to));
|
||||
File toFile = new File(param.unzipDirectory, to);
|
||||
|
||||
// Fixing a Zip Path Traversal Vulnerability
|
||||
// https://support.google.com/faqs/answer/9294009
|
||||
String canonicalPath = toFile.getCanonicalPath();
|
||||
if (!canonicalPath.startsWith(param.unzipDirectory.getCanonicalPath() + File.separator)) {
|
||||
throw new SecurityException("Illegal name: " + to);
|
||||
}
|
||||
target.add(toFile);
|
||||
}
|
||||
continue;
|
||||
}
|
||||
@@ -339,18 +334,9 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
|
||||
fout.close();
|
||||
continue;
|
||||
}
|
||||
File fmd = new File(param.unzipDirectory, fn);
|
||||
|
||||
if (UpdateContext.DEBUG) {
|
||||
Log.d("RNUpdate", "Unzipping " + fn);
|
||||
}
|
||||
|
||||
if (ze.isDirectory()) {
|
||||
fmd.mkdirs();
|
||||
continue;
|
||||
}
|
||||
|
||||
zipFile.unzipToFile(ze, fmd);
|
||||
zipFile.unzipToPath(ze, param.unzipDirectory);
|
||||
}
|
||||
|
||||
zipFile.close();
|
||||
@@ -419,18 +405,8 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
|
||||
fout.close();
|
||||
continue;
|
||||
}
|
||||
File fmd = new File(param.unzipDirectory, fn);
|
||||
|
||||
if (UpdateContext.DEBUG) {
|
||||
Log.d("RNUpdate", "Unzipping " + fn);
|
||||
}
|
||||
|
||||
if (ze.isDirectory()) {
|
||||
fmd.mkdirs();
|
||||
continue;
|
||||
}
|
||||
|
||||
zipFile.unzipToFile(ze, fmd);
|
||||
zipFile.unzipToPath(ze, param.unzipDirectory);
|
||||
}
|
||||
|
||||
zipFile.close();
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
package cn.reactnative.modules.update;
|
||||
|
||||
import android.util.Log;
|
||||
|
||||
import java.io.BufferedInputStream;
|
||||
import java.io.BufferedOutputStream;
|
||||
import java.io.File;
|
||||
@@ -10,12 +12,15 @@ import java.util.Enumeration;
|
||||
import java.util.zip.ZipEntry;
|
||||
import java.util.zip.ZipFile;
|
||||
|
||||
|
||||
public class SafeZipFile extends ZipFile {
|
||||
|
||||
public SafeZipFile(File file) throws IOException {
|
||||
super(file);
|
||||
}
|
||||
|
||||
private static final int BUFFER_SIZE = 8192;
|
||||
|
||||
@Override
|
||||
public Enumeration<? extends ZipEntry> entries() {
|
||||
return new SafeZipEntryIterator(super.entries());
|
||||
@@ -43,40 +48,46 @@ public class SafeZipFile extends ZipFile {
|
||||
* avoid ZipperDown
|
||||
*/
|
||||
if (null != name && (name.contains("../") || name.contains("..\\"))) {
|
||||
throw new SecurityException("illegal entry: " + entry.getName());
|
||||
throw new SecurityException("illegal entry: " + name);
|
||||
}
|
||||
}
|
||||
return entry;
|
||||
}
|
||||
}
|
||||
|
||||
public void unzipToFile(ZipEntry entry, File output) throws IOException {
|
||||
InputStream inputStream = null;
|
||||
try {
|
||||
inputStream = getInputStream(entry);
|
||||
writeOutInputStream(output, inputStream);
|
||||
} finally {
|
||||
if (inputStream != null) {
|
||||
inputStream.close();
|
||||
public void unzipToPath(ZipEntry ze, File targetPath) throws IOException {
|
||||
String name = ze.getName();
|
||||
File target = new File(targetPath, name);
|
||||
|
||||
// Fixing a Zip Path Traversal Vulnerability
|
||||
// https://support.google.com/faqs/answer/9294009
|
||||
String canonicalPath = target.getCanonicalPath();
|
||||
if (!canonicalPath.startsWith(targetPath.getCanonicalPath() + File.separator)) {
|
||||
throw new SecurityException("Illegal name: " + name);
|
||||
}
|
||||
|
||||
if (UpdateContext.DEBUG) {
|
||||
Log.d("RNUpdate", "Unzipping " + name);
|
||||
}
|
||||
|
||||
if (ze.isDirectory()) {
|
||||
target.mkdirs();
|
||||
return;
|
||||
}
|
||||
unzipToFile(ze, target);
|
||||
}
|
||||
|
||||
public void unzipToFile(ZipEntry ze, File target) throws IOException {
|
||||
try (InputStream inputStream = getInputStream(ze)) {
|
||||
try (BufferedOutputStream output = new BufferedOutputStream(new FileOutputStream(target));
|
||||
BufferedInputStream input = new BufferedInputStream(inputStream)) {
|
||||
byte[] buffer = new byte[BUFFER_SIZE];
|
||||
int n;
|
||||
while ((n = input.read(buffer, 0, BUFFER_SIZE)) >= 0) {
|
||||
output.write(buffer, 0, n);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private void writeOutInputStream(File file, InputStream inputStream) throws IOException {
|
||||
BufferedOutputStream output = null;
|
||||
try {
|
||||
output = new BufferedOutputStream(
|
||||
new FileOutputStream(file));
|
||||
BufferedInputStream input = new BufferedInputStream(inputStream);
|
||||
byte b[] = new byte[8192];
|
||||
int n;
|
||||
while ((n = input.read(b, 0, 8192)) >= 0) {
|
||||
output.write(b, 0, n);
|
||||
}
|
||||
} finally {
|
||||
if (output != null) {
|
||||
output.close();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -15,4 +15,4 @@ export const downloadAndInstallApk = noop;
|
||||
export const setCustomEndpoints = noop;
|
||||
export const getCurrentVersionInfo = noop;
|
||||
export const simpleUpdate = (app) => app;
|
||||
export const onEvents = noop;
|
||||
export const onPushyEvents = noop;
|
||||
|
||||
@@ -78,7 +78,7 @@ if (!uuid) {
|
||||
const noop = () => {};
|
||||
let reporter: UpdateEventsListener = noop;
|
||||
|
||||
export function onEvents(customReporter: UpdateEventsListener) {
|
||||
export function onPushyEvents(customReporter: UpdateEventsListener) {
|
||||
reporter = customReporter;
|
||||
if (isRolledBack) {
|
||||
report({
|
||||
@@ -322,10 +322,12 @@ function assertHash(hash: string) {
|
||||
return true;
|
||||
}
|
||||
|
||||
let applyingUpdate = false;
|
||||
export function switchVersion(hash: string) {
|
||||
assertRelease();
|
||||
if (assertHash(hash)) {
|
||||
if (assertHash(hash) && !applyingUpdate) {
|
||||
logger('switchVersion: ' + hash);
|
||||
applyingUpdate = true;
|
||||
PushyModule.reloadUpdate({ hash });
|
||||
}
|
||||
}
|
||||
|
||||
@@ -16,20 +16,20 @@ import {
|
||||
switchVersionLater,
|
||||
markSuccess,
|
||||
downloadAndInstallApk,
|
||||
onEvents,
|
||||
onPushyEvents,
|
||||
} from './main';
|
||||
import { UpdateEventsListener } from './type';
|
||||
|
||||
export function simpleUpdate(
|
||||
WrappedComponent: ComponentType,
|
||||
options: { appKey?: string; onEvents?: UpdateEventsListener } = {},
|
||||
options: { appKey?: string; onPushyEvents?: UpdateEventsListener } = {},
|
||||
) {
|
||||
const { appKey, onEvents: eventListeners } = options;
|
||||
const { appKey, onPushyEvents: eventListeners } = options;
|
||||
if (!appKey) {
|
||||
throw new Error('appKey is required for simpleUpdate()');
|
||||
}
|
||||
if (typeof eventListeners === 'function') {
|
||||
onEvents(eventListeners);
|
||||
onPushyEvents(eventListeners);
|
||||
}
|
||||
return __DEV__
|
||||
? WrappedComponent
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "react-native-update",
|
||||
"version": "9.1.2",
|
||||
"version": "9.1.4",
|
||||
"description": "react-native hot update",
|
||||
"main": "lib/index.ts",
|
||||
"scripts": {
|
||||
|
||||
Reference in New Issue
Block a user