app-info 2.8.5 → 3.0.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f9406b7552e0bea00883446b85250398c7818120de74d0d6d3545d7b9b0d7ef6
-  data.tar.gz: a99bb2c55b4214ad72f8e6cf2e720199902fb37ad174b71bb5f9f4d529ba81a3
+  metadata.gz: 35509386f8425f29ea466dbcb1ce12cf54be230f9b4668d4ad2f5ac9b4a4b1b5
+  data.tar.gz: 6f3f87d116877fd058a9f479de6b0aa789d74c255f832f5db132446e6250b82e
 SHA512:
-  metadata.gz: '018d93bb67f489d4908f0701285ee6c177a627f3b5c602e90c24629da25f91fc2f5cb9b091675d471741361211289b71ed7c1ab51402f30cea843126c9c6271c'
-  data.tar.gz: 5eecd5818b12032898d33a14f74c43592d120ab751b2e4393591b0fd81e4df5cebb94342111478392fd84c5963f762de0383873c547176f74d546f7bfb7b8013
+  metadata.gz: b62671980b8d9e7a854523e24311af90e78b807023b65aa1d417159717c3119c34beef4e589638d3fa3708820c8732a1c82859f8b2194477a90548dfd0611b0a
+  data.tar.gz: dc22e6f681b64658bacd6206c3cb7bdceb4afac7fac9332af230563930d8df24da1b95336647c25f7f84537c7716804d5d27e7409baa08b30e5f436e3a505c16

data/.github/dependabot.yml

@@ -1,9 +1,14 @@
 version: 2
 updates:
-- package-ecosystem: bundler
-  directory: "/"
-  schedule:
-    interval: daily
-    time: "21:00"
-    timezone: Asia/Shanghai
-  open-pull-requests-limit: 10
+  - package-ecosystem: bundler
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "21:00"
+      timezone: Asia/Shanghai
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

data/.github/workflows/ci.yml

@@ -1,8 +1,10 @@
 name: CI
 on:
   push:
+    paths-ignore:
+      - '*.md'
     branches:
-      - master
+      - main
   pull_request:
 
 jobs:

data/.rubocop.yml

@@ -27,6 +27,22 @@ AllCops:
     - 'lib/app_info/protobuf/models/*_pb.rb'
     - 'main.rb'
 
+Layout/LineLength:
+  Max: 100
+  Exclude:
+    - 'lib/app_info/helper/signatures.rb'
+
+Lint/AssignmentInCondition:
+  Enabled: false
+
+Lint/UnusedMethodArgument:
+  Exclude:
+    - 'lib/app_info/file.rb'
+
+Lint/UselessAssignment:
+  Exclude:
+    - 'lib/app_info/android/signatures/v3.rb'
+
 Metrics/AbcSize:
   Max: 100
 
@@ -36,13 +52,15 @@ Metrics/BlockLength:
     - 'lib/app_info/mobile_provision.rb'
 
 Metrics/MethodLength:
-  Max: 20
+  Max: 30
   Exclude:
-    - 'lib/app_info/png_uncrush.rb'
     - 'lib/app_info/mobile_provision.rb'
+    - 'lib/app_info/android/signatures/v2.rb'
+    - 'lib/app_info/android/signatures/v3.rb'
 
-Layout/LineLength:
-  Max: 100
+Metrics/ParameterLists:
+  Exclude:
+    - 'lib/app_info/helper/signatures.rb'
 
 Metrics/ClassLength:
   CountComments: false
@@ -54,12 +72,16 @@ Metrics/CyclomaticComplexity:
 Metrics/PerceivedComplexity:
   Max: 18
 
-Lint/AssignmentInCondition:
-  Enabled: false
+Metrics/BlockNesting:
+  Exclude:
+    - 'lib/app_info/dsym.rb'
 
 Style/Documentation:
   Enabled: false
 
+Style/ClassAndModuleChildren:
+  Enabled: false
+
 Style/PerlBackrefs:
   Exclude:
     - 'lib/app_info/core_ext/string/inflector.rb'
@@ -67,10 +89,8 @@ Style/PerlBackrefs:
 Style/DocumentDynamicEvalDefinition:
   Enabled: false
 
-Metrics/BlockNesting:
-  Exclude:
-    - 'lib/app_info/dsym.rb'
-
-
 Style/SlicingWithRange:
   Enabled: false
+
+Style/ClassVars:
+  Enabled: false

data/CHANGELOG.md

@@ -9,6 +9,28 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 > List all changes before release a new version.
 
+## [3.0.0.beta1] (2023-04-?)
+
+### Added
+
+- New Windows PE format parser. [#47](https://github.com/icyleaf/app_info/pull/47)
+- Android parser add v2, v3 scheme signature support. [#55](https://github.com/icyleaf/app_info/pull/55]
+- dSYM parer accept multi dSYM target in a zip file. [#56](https://github.com/icyleaf/app_info/pull/56)
+
+### Changed
+
+- Add `AppInfo::File` base class for all parsers.
+- Add `AppInfo::Certifiate` X509 certificate wrapped and apply in Android/MobileProvision.
+- Remove `AppInfo::MobileProvision::DeveloperCertificate` class, use `AppInfo::Certifiate` instead.
+- Remove `.sign_version` method in Android parser.
+- Remove duplice `AppInfo::AndroidDevice` class.
+- Deprecate `.signs` and `.certifiates` methods in Android parser, use `.signatures` instead.
+- Deprecate `.developer_certs` method in MobileProvision parser, use `.certificates` instead.
+
+### Fixed
+
+- Fixed minor typo.
+
 ## [2.8.5] (2023-03-16)
 
 ### Fixed

data/Gemfile

@@ -7,5 +7,11 @@ gemspec
 
 group :development do
   gem 'awesome_print'
-  gem 'debug' # For ruby 3.0+
+  gem 'debug' # For ruby 3.0+\
+  gem 'yard'
+end
+
+group :development, :test do
+  gem 'rspec'
+  gem 'rubocop'
 end

data/README.md

@@ -5,7 +5,8 @@
 [![Gem version](https://img.shields.io/gem/v/app-info.svg?style=flat)](https://rubygems.org/gems/app_info)
 [![License](https://img.shields.io/badge/license-MIT-red.svg?style=flat)](LICENSE)
 
-Teardown tool for mobile app (ipa, apk and aab file), macOS app and dSYM.zip file, analysis metedata like version, name, icon etc.
+Teardown tool for mobile app (ipa, apk and aab file), macOS app, dSYM.zip file and Windows PE file.
+Analysis metedata like version, name, icon etc.
 
 ## Support
 
@@ -16,10 +17,13 @@ Teardown tool for mobile app (ipa, apk and aab file), macOS app and dSYM.zip fil
   - `.ipa`
   - `Info.plist` file
   - `.mobileprovision`/`.provisionprofile` file
-- Zipped macOS App file
+- macOS App file (archived by starnd pkzip format)
   - `.app.zip`
-- Zipped dSYMs file
+- dSYMs file (archived by starnd pkzip format)
   - `.dSYM.zip`
+- Windows PE file
+  - `.exe`
+  - `.zip` (binary in a zip file)
 
 <hr />
 
@@ -65,6 +69,8 @@ parser = AppInfo.parse('android.aab')
 parser = AppInfo.parse('u-u-i-d.mobileprovision')
 parser = AppInfo.parse('macOS.App.zip')
 parser = AppInfo.parse('App.dSYm.zip')
+parser = AppInfo.parse('win.exe')
+parser = AppInfo.parse('win.zip')
 
 # If detect file type failed, you can parse in other way
 parser = AppInfo::IPA.new('iphone.ipa')
@@ -74,6 +80,7 @@ parser = AppInfo::InfoPlist.new('Info.plist')
 parser = AppInfo::MobileProvision.new('uuid.mobileprovision')
 parser = AppInfo::Macos.new('App.dSYm.zip')
 parser = AppInfo::DSYM.new('App.dSYm.zip')
+parser = AppInfo::PE.new('win.exe')
 ```
 
 ### iOS
@@ -220,12 +227,8 @@ android.deep_links
 android.schemes
 # => ['appinfo']
 
-# get sign list (only v1 sign)
-android.signs
-# => [...]
-
-# get certificate list (only v1 sign)
-android.certificates
+# get v1-v3 scheme singature information (included unverified certificate and more)
+android.signatures
 # => [...]
 ```
 
@@ -313,6 +316,58 @@ dsym.machos.each do |macho|
 end
 ```
 
+### Windows
+
+Accept any PE format file, such like `.exe` or `.exe` binary fin a zip file.
+
+```ruby
+win = AppInfo.parse('win.exe')
+
+# get given file size
+win.size
+# => 3093823
+
+# get given file size in human reable.
+win.size(human_size: true)
+# => 29 MB
+
+# get given file size
+win.binary_size
+# => 20940
+
+# get given file size in human reable.
+win.size(human_size: true)
+# => 20 MB
+
+# get product name
+win.name
+# => AppInfo
+
+# get app company name
+win.company_name
+# => EWS Studio
+
+# get app product version (alias to release_version)
+win.product_version
+# => 1.0.0
+
+# get app assembly version (alias to build_version)
+win.assembly_version
+# => 1.0.0
+
+# detect architecture(s)
+win.archs
+# => x64
+
+# get all imports files
+win.imports
+# => [KERNEL32.dll, ...]
+
+# get app icons (bmp format image)
+win.icons
+# => [{:name=>"ICON.bmp", :file=>"{path}/ICON.bmp"}, :dimensions=>[64, 64]}, ...]
+```
+
 ## CLI Shell (Interactive console)
 
 It is possible to use this gem as a command line interface to parse mobile app:

data/Rakefile

@@ -2,6 +2,7 @@
 
 $LOAD_PATH.unshift File.expand_path('lib', __dir__)
 require 'app_info'
+require 'yard'
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
 require 'rubocop/rake_task'
@@ -9,3 +10,13 @@ require 'rubocop/rake_task'
 RSpec::Core::RakeTask.new(:spec)
 
 task default: :spec
+
+task :doc do
+  YARD::Rake::YardocTask.new do |t|
+    t.files   = ['lib/**/*.rb', 'README.md', 'LICENSE']
+    # t.options = ['--any', '--extra', '--opts'] # optional
+    # t.stats_options = ['--list-undoc']         # optional
+  end
+end
+
+

data/app_info.gemspec

@@ -23,14 +23,23 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'CFPropertyList', '< 3.1.0', '>= 2.3.4'
   spec.add_dependency 'image_size', '>= 1.5', '< 3.3'
   spec.add_dependency 'ruby-macho', '>= 1.4', '< 4'
-  spec.add_dependency 'android_parser', '~> 2.5.1'
+  spec.add_dependency 'android_parser', '~> 2.6.0'
   spec.add_dependency 'rubyzip', '>= 1.2', '< 3.0'
   spec.add_dependency 'uuidtools', '>= 2.1.5', '< 2.3.0'
   spec.add_dependency 'icns', '~> 0.2.0'
+  spec.add_dependency 'pedump', '~> 0.6.2'
   spec.add_dependency 'google-protobuf', '>= 3.19.4', '< 3.23.0'
 
   spec.add_development_dependency 'bundler', '>= 1.12'
   spec.add_development_dependency 'rake', '>= 10.0'
-  spec.add_development_dependency 'rspec', '~> 3.0'
-  spec.add_development_dependency 'rubocop', '~> 1.19'
+
+  spec.post_install_message = <<~ENDBANNER
+    AppInfo 3.0 is coming!
+    **********************
+    The public API of some AppInfo classes has been changed.
+
+    Please ensure that your Gemfiles and .gemspecs are suitably restrictive
+    to avoid an unexpected breakage when 3.0 is released (e.g. ~> 2.8.5).
+    See https://github.com/icyleaf/app_info for details.
+  ENDBANNER
 end

data/lib/app_info/aab.rb

@@ -5,8 +5,8 @@ require 'image_size'
 require 'forwardable'
 
 module AppInfo
-  # Parse APK file
-  class AAB
+  # Parse APK file parser
+  class AAB < File
     include Helper::HumanFileSize
     extend Forwardable
 
@@ -25,38 +25,52 @@ module AppInfo
     BASE_MANIFEST = "#{BASE_PATH}/manifest/AndroidManifest.xml"
     BASE_RESOURCES = "#{BASE_PATH}/resources.pb"
 
-    def initialize(file)
-      @file = file
-    end
-
+    # return file size
+    # @example Read file size in integer
+    #   aab.size                    # => 3618865
+    #
+    # @example Read file size in human readabale
+    #   aab.size(human_size: true)  # => '3.45 MB'
+    #
+    # @param [Boolean] human_size Convert integer value to human readable.
+    # @return [Integer, String]
     def size(human_size: false)
       file_to_human_size(@file, human_size: human_size)
     end
 
-    def os
+    # @return [Symbol] {Format::AAB}
+    def file_type
+      Format::AAB
+    end
+
+    # @return [String] {Platform::ANDROID}
+    def platform
       Platform::ANDROID
     end
-    alias file_type os
 
     def_delegators :manifest, :version_name, :deep_links, :schemes
 
     alias release_version version_name
 
+    # @return [String]
     def package_name
       manifest.package
     end
     alias identifier package_name
     alias bundle_id package_name
 
+    # @return [String]
     def version_code
       manifest.version_code.to_s
     end
     alias build_version version_code
 
+    # @return [String]
     def name
       manifest.label
     end
 
+    # @return [String] {Device}
     def device_type
       if wear?
         Device::WATCH
@@ -78,33 +92,40 @@ module AppInfo
     #           .size >= 1
     # end
 
+    # @return [Boolean]
     def wear?
       !!use_features&.include?('android.hardware.type.watch')
     end
 
+    # @return [Boolean]
     def tv?
       !!use_features&.include?('android.software.leanback')
     end
 
+    # @return [Boolean]
     def automotive?
       !!use_features&.include?('android.hardware.type.automotive')
     end
 
+    # @return [String]
     def min_sdk_version
       manifest.uses_sdk.min_sdk_version
     end
     alias min_os_version min_sdk_version
 
+    # @return [String]
     def target_sdk_version
       manifest.uses_sdk.target_sdk_version
     end
 
+    # @return [Array<String>]
     def use_features
       return [] unless manifest.respond_to?(:uses_feature)
 
       @use_features ||= manifest&.uses_feature&.map(&:name)
     end
 
+    # @return [Array<String>]
     def use_permissions
       return [] unless manifest.respond_to?(:uses_permission)
 
@@ -123,36 +144,25 @@ module AppInfo
       @components ||= manifest.components.transform_values
     end
 
-    def sign_version
-      return 'v1' unless signs.empty?
-
-      # when ?
-      # https://source.android.com/security/apksigning/v2?hl=zh-cn
-      #   'v2'
-      # when ?
-      # https://source.android.com/security/apksigning/v3?hl=zh-cn
-      #   'v3'
-      'unknown'
+    # Return multi version certifiates of signatures
+    # @return [Array<Hash>] signatures
+    # @see AppInfo::Android::Signature.verify
+    def signatures
+      @signatures ||= Android::Signature.verify(self)
     end
 
+    # Legacy v1 scheme signatures, it will remove soon.
+    # @deprecated Use {#signatures}
+    # @return [Array<OpenSSL::PKCS7, nil>] signatures
     def signs
-      return @signs if @signs
-
-      @signs = []
-      each_file do |path, data|
-        # find META-INF/xxx.{RSA|DSA}
-        next unless path =~ %r{^META-INF/} && data.unpack('CC') == [0x30, 0x82]
-
-        @signs << APK::Sign.new(path, OpenSSL::PKCS7.new(data))
-      end
-
-      @signs
+      @signs ||= v1sign&.signatures || []
     end
 
+    # Legacy v1 scheme certificates, it will remove soon.
+    # @deprecated Use {#signatures}
+    # @return [Array<OpenSSL::PKCS7, nil>] certificates
     def certificates
-      @certificates ||= signs.each_with_object([]) do |sign, obj|
-        obj << APK::Certificate.new(sign.path, sign.sign.certificates[0])
-      end
+      @certificates ||= v1sign&.certificates || []
     end
 
     def each_file
@@ -171,7 +181,7 @@ module AppInfo
     end
 
     def entry(name, base_path: BASE_PATH)
-      entry = @zip.find_entry(File.join(base_path, name))
+      entry = @zip.find_entry(::File.join(base_path, name))
       raise NotFoundError, "'#{name}'" if entry.nil?
 
       entry
@@ -182,25 +192,28 @@ module AppInfo
       @manifest ||= Protobuf::Manifest.parse(io, resource)
     end
 
+    # @return [Protobuf::Resources]
     def resource
       io = zip.read(zip.find_entry(BASE_RESOURCES))
       @resource ||= Protobuf::Resources.parse(io)
     end
 
+    # @return [Zip::File]
     def zip
       @zip ||= Zip::File.open(@file)
     end
 
+    # @return [Array<Hash>]
     def icons
       @icons ||= manifest.icons.each_with_object([]) do |res, obj|
         path = res.value
-        filename = File.basename(path)
-        filepath = File.join(contents, File.dirname(path))
-        file = File.join(filepath, filename)
+        filename = ::File.basename(path)
+        filepath = ::File.join(contents, ::File.dirname(path))
+        file = ::File.join(filepath, filename)
         FileUtils.mkdir_p filepath
 
         binary_data = read_file(path)
-        File.write(file, binary_data, encoding: Encoding::BINARY)
+        ::File.write(file, binary_data, encoding: Encoding::BINARY)
 
         obj << {
           name: filename,
@@ -223,13 +236,19 @@ module AppInfo
     end
 
     def contents
-      @contents ||= File.join(Dir.mktmpdir, "AppInfo-android-#{SecureRandom.hex}")
+      @contents ||= ::File.join(Dir.mktmpdir, "AppInfo-android-#{SecureRandom.hex}")
     end
 
     private
 
+    def v1sign
+      @v1sign ||= Android::Signature::V1.verify(self)
+    rescue Android::Signature::NotFoundError
+      nil
+    end
+
     def xml_file?(file)
-      File.extname(file) == '.xml'
+      ::File.extname(file) == '.xml'
     end
 
     # TODO: how to convert xml content after decode protoubufed content

data/lib/app_info/android/signature.rb

@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+module AppInfo
+  module Android
+    # Android Signature
+    #
+    # Support digest and length:
+    #
+    # RSA：1024、2048、4096、8192、16384
+    # EC：NIST P-256、P-384、P-521
+    # DSA：1024、2048、3072
+    module Signature
+      class VersionError < Error; end
+      class SecurityError < Error; end
+      class NotFoundError < NotFoundError; end
+
+      module Version
+        V1    = 1
+        V2    = 2
+        V3    = 3
+        V4    = 4
+      end
+
+      # All registerd verions to verify
+      #
+      # key is the version
+      # value is the class
+      @versions = {}
+
+      class << self
+        # Verify Android Signature
+        #
+        # @example Get unverified v1 certificates, verified v2 certificates,
+        #  and not found v3 certificate
+        #
+        #   signature.versions(parser)
+        #   # => [
+        #   #   {
+        #   #     version: 1,
+        #   #     verified: false,
+        #   #     certificates: [<AppInfo::Certificate>, ...],
+        #   #     verifier: AppInfo::Androig::Signature
+        #   #   },
+        #   #   {
+        #   #     version: 2,
+        #   #     verified: false,
+        #   #     certificates: [<AppInfo::Certificate>, ...],
+        #   #     verifier: AppInfo::Androig::Signature
+        #   #   },
+        #   #   {
+        #   #     version: 3
+        #   #   }
+        #   # ]
+        # @todo version 4 no implantation yet
+        # @param [AppInfo::File] parser
+        # @param [Version, Integer] min_version
+        # @return [Array<Hash>] versions
+        def verify(parser, min_version: Version::V4)
+          min_version = min_version.to_i if min_version.is_a?(String)
+          if min_version && min_version > Version::V4
+            raise VersionError,
+                  "No signature found in #{min_version} scheme or newer for android file"
+          end
+
+          if min_version.zero?
+            raise VersionError,
+                  "Unkonwn version: #{min_version}, avaiables in 1/2/3 and 4 (no implantation yet)"
+          end
+
+          # try full version signatures if min_version is nil
+          versions = min_version.downto(Version::V1).each_with_object([]) do |version, signatures|
+            next unless kclass = fetch(version)
+
+            data = { version: version }
+            begin
+              verifier = kclass.verify(parser)
+              data[:verified] = verifier.verified
+              data[:certificates] = verifier.certificates
+              data[:verifier] = verifier
+            rescue SecurityError, NotFoundError
+              # not this version, try the low version
+            ensure
+              signatures << data
+            end
+          end
+
+          versions.sort_by { |entry| entry[:version] }
+        end
+
+        def registered
+          @versions.keys
+        end
+
+        def register(version, verifier)
+          @versions[version] = verifier
+        end
+
+        def fetch(version)
+          @versions[version]
+        end
+
+        def exist?(version)
+          @versions.key?(version)
+        end
+      end
+
+      UINT32_MAX_VALUE = 2_147_483_647
+      UINT32_SIZE = 4
+      UINT64_SIZE = 8
+    end
+  end
+end
+
+require 'app_info/android/signatures/base'