app_permission_statistics 0.1.1

data/app_permission_statistics.gemspec

@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require_relative "lib/app_permission_statistics/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "app_permission_statistics"
+  spec.version       = AppPermissionStatistics::VERSION
+  spec.authors       = ["bin"]
+  spec.email         = ["tang.bin@olaola.chat"]
+
+  spec.summary       = "app permission statistics"
+  spec.description   = "app permission statistics from ipas"
+  spec.homepage      = "https://github.com/olaola-chat/cli-app_permission_statistics.git"
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.3.0")
+
+
+  spec.metadata["homepage_uri"] = spec.homepage
+  spec.metadata["source_code_uri"] = "https://github.com/olaola-chat/cli-app_permission_statistics.git"
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{\A(?:test|spec|features)/}) }
+  end
+  spec.bindir        = "bin"
+  spec.executables = ['app_permission_statistics']
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "yaml"
+  spec.add_runtime_dependency "crimp"
+  spec.add_dependency 'CFPropertyList', '< 3.1.0', '>= 2.3.4'
+  spec.add_development_dependency 'bundler', '>= 1.12'
+
+  # Uncomment to register a new dependency of your gem
+  # spec.add_dependency "example-gem", "~> 1.0"
+
+  # For more information and examples about making a new gem, checkout our
+  # guide at: https://bundler.io/guides/creating_gem.html
+end

data/bin/app_permission_statistics

@@ -0,0 +1,41 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "app_permission_statistics"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+if ARGV.length < 2
+    puts "Error: need two ipa path !!"
+    abort
+end
+
+if !File.exist?(ARGV.first) 
+    puts "Error: #{ARGV.first} not found"
+    abort
+end
+
+if !File.exist?(ARGV[1]) 
+    puts "Error: #{ARGV[1]} not found"
+    abort
+end
+
+if ARGV.length == 1
+    actuator = AppPermissionStatistics::Actuator.new(ipaPath)
+    actuator.run
+elsif ARGV.length == 2
+    actuator = AppPermissionStatistics::Actuator.new(ARGV[0],ARGV[1],report_path: ARGV[2])
+    actuator.run
+elsif ARGV.length == 3
+    actuator = AppPermissionStatistics::Actuator.new(ARGV[0],ARGV[1],report_path:ARGV[2])
+    actuator.run
+elsif ARGV.length >= 4
+    actuator = AppPermissionStatistics::Actuator.new(ARGV[0],ARGV[1],report_path:ARGV[2],store_path:ARGV[3])
+    actuator.run
+end

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/app_permission_statistics/analyze.rb

@@ -0,0 +1,220 @@
+# frozen_string_literal: true
+
+require_relative "helper"
+require 'fileutils'
+require 'yaml'
+
+module AppPermissionStatistics
+
+    class Analyzer
+        include Helper::Utils
+    
+        attr_reader :store_path
+        attr_reader :report_path
+        attr_reader :identifier
+
+        def initialize(identifier,report_path = nil,store_path = nil)
+            @identifier = identifier
+            @report_path = report_path 
+            @store_path = store_path
+        end
+
+        def analyze
+            load_version
+            return singleGenerate unless @versions.length > 1
+            pre_version = @versions[1]
+            cur_version = @versions[0]
+            pre_entitlements = load_entitlements_yaml(pre_version)
+            cur_entitlements = load_entitlements_yaml(cur_version)
+            return "" unless pre_entitlements.any?
+            return "" unless cur_entitlements.any?
+
+            capabilities_diff = analyze_capabilities_diff(pre_entitlements,cur_entitlements)
+            usage_descs_diff = analyze_usage_descs_diff(pre_entitlements,cur_entitlements);
+            report_path = generate(capabilities_diff,usage_descs_diff)
+            report_path
+        end
+
+        def singleGenerate
+            return "" unless @versions.length > 0
+            output = "no more versions to compare !! "
+            output += "\n\n\n#{@versions.first} entitlements list: "
+            output += "\n" + read_each_line(@versions.first)
+            output += "\n" + "----------------------------------------"
+            report_path = report_file_name(path: @report_path)
+            File.open(report_path, 'w') { |file|
+                file.write(output)
+            }
+            report_path
+        end
+
+
+        def generate(capabilities_diff,usage_descs_diff)
+            return unless @versions.length > 1
+            cur_version = @versions[0]
+            pre_version = @versions[1]
+
+            output =  "\n" + "compared #{cur_version}  #{pre_version}"
+            output += "\n" + capabilities_diff unless capabilities_diff.empty?
+            output += "\n" + usage_descs_diff unless usage_descs_diff.empty?
+            output += "\n\nThere is no difference between the two versions \n\n" unless (!capabilities_diff.empty? || !usage_descs_diff.empty?)
+            puts output
+            puts "----------------------------------------"
+            output += "\n\n\n#{cur_version} entitlements list: "
+            output += "\n" + read_each_line(cur_version)
+            output += "\n" + "----------------------------------------"
+            output += "\n\n#{pre_version} entitlements list: "
+            output += "\n" + read_each_line(pre_version)
+            output += "\n" + "----------------------------------------"
+
+            report_path = report_file_name(path: @report_path)
+            File.open(report_path, 'w') { |file|
+                file.write(output)
+            }
+            puts "detail file: #{File.expand_path(report_path)}"
+            report_path
+        end
+
+        def read_each_line(version)
+            file_name = entitlements_yaml_name(version,@identifier, path: @store_path)
+            file_content = ""
+            File.open(file_name,"r").each_line do |line|
+                file_content += "\n" + line
+            end
+            file_content
+        end
+
+        def load_version
+            yaml_name = versions_yaml_name(@identifier, path: @store_path)
+            if File.exist?(yaml_name) 
+                @versions = YAML.load_file(yaml_name)
+            end
+        end      
+
+        def load_entitlements_yaml(version)
+            yaml_name = entitlements_yaml_name(version,@identifier, path: @store_path)
+            yaml_content = [ ]
+            if File.exist?(yaml_name)
+                yaml_content = YAML.load_file(yaml_name)
+            end
+            puts "#{yaml_name} not found!!!" unless !yaml_content.empty?
+            yaml_content
+        end
+
+        def analyze_capabilities_diff(pre,cur)
+            output = ""
+            cur_capabilities_summary =  cur['Capabilities_Summary']
+            pre_capabilities_summary = pre['Capabilities_Summary']
+            cur_capabilities = cur['Capabilities']
+            pre_capabilities = pre['Capabilities']
+            output = ""
+            # 修改
+            comm_capabilities = cur_capabilities_summary.keys & pre_capabilities_summary.keys
+            modifys = modifys_cur = modifys_pre = ""
+            comm_capabilities.each do |key|
+                if cur_capabilities_summary[key] != pre_capabilities_summary[key]
+                    modifys_cur +=  "\n" + '- ' + key + ': ' + cur_capabilities[key].to_s
+                    modifys_pre +=  "\n" + '- ' + key + ': ' + pre_capabilities[key].to_s
+                end
+            end
+
+            modifys +=  "\n" + @versions[0] unless modifys_cur.empty?
+            modifys +=  modifys_cur unless modifys_cur.empty?
+            modifys +=  "\n" + @versions[1] unless modifys_pre.empty?
+            modifys +=  modifys_pre unless modifys_pre.empty?
+
+            #新增
+            add_capabilities = cur_capabilities_summary.keys - pre_capabilities_summary.keys
+            adds = ""
+            add_capabilities.each do |key|
+                adds +=  "\n" + '- ' + key + ': ' + cur_capabilities[key].to_s
+            end
+
+            #移除
+            remove_capabilities = pre_capabilities_summary.keys - cur_capabilities_summary.keys
+            removes = ""
+            remove_capabilities.each do |key|
+                removes +=  "\n" + '- ' + key + ': ' + pre_capabilities[key].to_s
+            end
+            
+            if !modifys.empty?
+                output +=  "\n" + "modify capabilitys : " 
+                output +=  modifys 
+                output +=  "\n------------------------------"     
+            end
+
+            if !adds.empty?
+                output +=  "\n" + "add capabilitys : " 
+                output +=  adds 
+                output +=  "\n------------------------------"     
+            end
+
+            if !removes.empty?
+                output +=  "\n" + "remove capabilitys : " 
+                output +=  removes 
+                output +=  "\n------------------------------" 
+            end
+
+            output
+        end 
+
+        def analyze_usage_descs_diff(pre,cur)
+            output = ""
+            cur_usage_descs_summary =  cur['PermissionsUsageDescription_Summary']
+            pre_usage_descs_summary = pre['PermissionsUsageDescription_Summary']
+    
+            cur_usage_descs = cur['PermissionsUsageDescription']
+            pre_usage_descs = pre['PermissionsUsageDescription']
+    
+            # 修改
+            comm_usage_descs = cur_usage_descs_summary.keys & pre_usage_descs_summary.keys
+            modifys = modifys_cur = modifys_pre = ""
+            comm_usage_descs.each do |key|
+                if cur_usage_descs_summary[key] != pre_usage_descs_summary[key]
+                    modifys_cur += "\n" + '- ' + key + ': ' + cur_usage_descs[key].to_s
+                    modifys_pre += "\n" +  '- ' + key + ': ' + pre_usage_descs[key].to_s
+                end
+            end
+
+            modifys +=  "\n" + @versions[0] unless modifys_cur.empty?
+            modifys +=  modifys_cur unless modifys_cur.empty?
+            modifys +=  "\n" + @versions[1] unless modifys_pre.empty?
+            modifys +=  modifys_pre unless modifys_pre.empty?
+
+            #新增
+            add_usage_descs = cur_usage_descs_summary.keys - pre_usage_descs_summary.keys
+            adds = ""
+            add_usage_descs.each do |key|
+                adds += "\n" +  '- ' + key + ': ' + cur_usage_descs[key].to_s
+            end
+
+            #移除
+            remove_usage_descs = pre_usage_descs_summary.keys - cur_usage_descs_summary.keys
+            removes = ""
+            remove_usage_descs.each do |key|
+                removes += "\n" +  '- ' + key + ': ' + pre_usage_descs[key].to_s
+            end
+
+            if !modifys.empty?
+                output += "\n" + "modify permissions usage description : " 
+                output +=  modifys 
+                output +=  "\n------------------------------"     
+            end
+
+            if !adds.empty?
+                output += "\n" + "add permissions usage description : " 
+                output +=  adds 
+                output +=  "\n------------------------------"     
+            end
+
+            if !removes.empty?
+                output += "\n" + "remove permissions usage description : " 
+                output +=  removes 
+                output +=  "\n------------------------------" 
+            end
+
+            output
+        end
+    end
+
+end

data/lib/app_permission_statistics/core_ext/inflector.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+module AppPermissionStatistics
+  module Inflector
+    def ai_snakecase
+      gsub(/([A-Z]+)([A-Z][a-z])/, '\1_\2')
+        .gsub(/([a-z\d])([A-Z])/, '\1_\2')
+        .tr('-', '_')
+        .gsub(/\s/, '_')
+        .gsub(/__+/, '_')
+        .downcase
+    end
+
+    def ai_camelcase(first_letter: :upper, separators: ['-', '_', '\s'])
+      str = dup
+
+      separators.each do |s|
+        str = str.gsub(/(?:#{s}+)([a-z])/) { $1.upcase }
+      end
+
+      case first_letter
+      when :upper, true
+        str = str.gsub(/(\A|\s)([a-z])/) { $1 + $2.upcase }
+      when :lower, false
+        str = str.gsub(/(\A|\s)([A-Z])/) { $1 + $2.downcase }
+      end
+
+      str
+    end
+  end
+end
+
+class String
+  include AppPermissionStatistics::Inflector
+end

data/lib/app_permission_statistics/core_ext/try.rb

@@ -0,0 +1,112 @@
+# frozen_string_literal: true
+
+# Copyrights rails
+# Copy from https://github.com/rails/rails/blob/master/activesupport/lib/active_support/core_ext/object/try.rb
+
+module AppPermissionStatistics
+  module Tryable # :nodoc:
+    ##
+    # :method: try
+    #
+    # :call-seq:
+    #   try(*a, &b)
+    #
+    # Invokes the public method whose name goes as first argument just like
+    # +public_send+ does, except that if the receiver does not respond to it the
+    # call returns +nil+ rather than raising an exception.
+    #
+    # This method is defined to be able to write
+    #
+    #   @person.try(:name)
+    #
+    # instead of
+    #
+    #   @person.name if @person
+    #
+    # +try+ calls can be chained:
+    #
+    #   @person.try(:spouse).try(:name)
+    #
+    # instead of
+    #
+    #   @person.spouse.name if @person && @person.spouse
+    #
+    # +try+ will also return +nil+ if the receiver does not respond to the method:
+    #
+    #   @person.try(:non_existing_method) # => nil
+    #
+    # instead of
+    #
+    #   @person.non_existing_method if @person.respond_to?(:non_existing_method) # => nil
+    #
+    # +try+ returns +nil+ when called on +nil+ regardless of whether it responds
+    # to the method:
+    #
+    #   nil.try(:to_i) # => nil, rather than 0
+    #
+    # Arguments and blocks are forwarded to the method if invoked:
+    #
+    #   @posts.try(:each_slice, 2) do |a, b|
+    #     ...
+    #   end
+    #
+    # The number of arguments in the signature must match. If the object responds
+    # to the method the call is attempted and +ArgumentError+ is still raised
+    # in case of argument mismatch.
+    #
+    # If +try+ is called without arguments it yields the receiver to a given
+    # block unless it is +nil+:
+    #
+    #   @person.try do |p|
+    #     ...
+    #   end
+    #
+    # You can also call try with a block without accepting an argument, and the block
+    # will be instance_eval'ed instead:
+    #
+    #   @person.try { upcase.truncate(50) }
+    #
+    # Please also note that +try+ is defined on +Object+. Therefore, it won't work
+    # with instances of classes that do not have +Object+ among their ancestors,
+    # like direct subclasses of +BasicObject+.
+    def try(method_name = nil, *args, &block)
+      if method_name.nil? && block_given?
+        if block.arity.zero?
+          instance_eval(&b)
+        else
+          yield self
+        end
+      elsif respond_to?(method_name)
+        public_send(method_name, *args, &block)
+      end
+    end
+
+    ##
+    # :method: try!
+    #
+    # :call-seq:
+    #   try!(*a, &b)
+    #
+    # Same as #try, but raises a +NoMethodError+ exception if the receiver is
+    # not +nil+ and does not implement the tried method.
+    #
+    #   "a".try!(:upcase) # => "A"
+    #   nil.try!(:upcase) # => nil
+    #   123.try!(:upcase) # => NoMethodError: undefined method `upcase' for 123:Integer
+    def try!(method_name = nil, *args, &block)
+      if method_name.nil? && block_given?
+        if block.arity.zero?
+          instance_eval(&block)
+        else
+          yield self
+        end
+      else
+        public_send(method_name, *args, &block)
+      end
+    end
+  end
+end
+
+class Object
+  include AppPermissionStatistics::Tryable
+end

data/lib/app_permission_statistics/entitlements.rb

@@ -0,0 +1,185 @@
+# frozen_string_literal: true
+
+require 'forwardable'
+require 'cfpropertylist'
+
+module AppPermissionStatistics
+
+    # iOS app.entitlements parser
+    class EntitlementsPlist
+        extend Forwardable
+
+        def initialize(file)
+            @file = file
+        end
+
+        # 
+        # Extract the capabilities
+        # https://developer.apple.com/help/account/reference/supported-capabilities-ios
+        # https://developer.apple.com/documentation/bundleresources/entitlements
+        # https://developer.apple.com/library/archive/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/AboutEntitlements.html
+        # a few entitlements are inherited from the iOS provisioning profile used to run the app.
+        # 
+        def enabled_capabilities
+            capabilities = Hash.new
+            info.each do |key, value|
+                case key
+                when 'com.apple.developer.game-center'
+                    capabilities['Game Center'] = {
+                        key => value
+                    }
+                when 'keychain-access-groups' 
+                    capabilities['Keychain sharing'] =   {
+                        key => value
+                    }
+                when 'aps-environment'
+                    capabilities['Push Notifications'] = {
+                        key => value
+                    }
+                when 'com.apple.developer.applesignin'
+                    capabilities['Sign In with Apple'] = {
+                        key => value
+                    }
+                when 'com.apple.developer.siri'
+                    capabilities['SiriKit'] = {
+                        key => value
+                    }
+                when 'com.apple.security.application-groups'
+                    capabilities['App Groups'] = {
+                        key => value
+                    }
+                when 'com.apple.developer.associated-domains'
+                    capabilities['Associated Domains']  =  {
+                        key => value
+                    }
+                when 'com.apple.developer.default-data-protection'
+                    capabilities['Data Protection'] = {
+                        key => value
+                    }
+                when 'com.apple.developer.networking.networkextension'
+                    capabilities ['Network Extensions'] = {
+                        key => value
+                    }
+                when 'com.apple.developer.networking.vpn.api'
+                    capabilities ['Personal VPN'] =  {
+                        key => value
+                    }
+                when 'com.apple.developer.healthkit',
+                    'com.apple.developer.healthkit.access'
+                    capabilities['HealthKit']  = {
+                        'com.apple.developer.healthkit' => info['com.apple.developer.healthkit'],
+                        'com.apple.developer.healthkit.access' => info['com.apple.developer.healthkit.access'],
+                    } unless capabilities.include?('HealthKit')
+                when 'com.apple.developer.icloud-services',
+                    'com.apple.developer.icloud-container-identifiers'
+                    capabilities['iCloud']  = {
+                        'com.apple.developer.icloud-services' => info['com.apple.developer.icloud-services'],
+                        'com.apple.developer.icloud-container-identifiers' => info['com.apple.developer.icloud-container-identifiers'],
+                    } unless capabilities.include?('iCloud')
+                when 'com.apple.developer.in-app-payments'
+                    capabilities['Apple Pay'] = {
+                        key => value
+                    }
+                when 'com.apple.developer.homekit'
+                    capabilities['HomeKit'] =  {
+                        key => value
+                    }
+                when 'com.apple.developer.user-fonts'
+                    capabilities['Fonts'] = {
+                        key => value
+                    }
+                when 'com.apple.developer.pass-type-identifiers'
+                    capabilities['Wallet'] =  {
+                        key => value
+                    }
+                when 'inter-app-audio'
+                    capabilities['Inter-App Audio'] =  {
+                        key => value
+                    }
+                when 'com.apple.developer.networking.multipath'
+                    capabilities['Multipath'] = {
+                        key => value
+                    }
+                when 'com.apple.developer.authentication-services.autofill-credential-provider'
+                    capabilities['AutoFill Credential Provider'] = {
+                        key => value
+                    }
+                when 'com.apple.developer.networking.wifi-info'
+                    capabilities['Access WiFi Information'] = {
+                        key => value
+                    }
+                when 'com.apple.external-accessory.wireless-configuration'
+                    capabilities['Wireless Accessory Configuration'] = {
+                        key => value
+                    }
+                when 'com.apple.developer.kernel.extended-virtual-addressing'
+                    capabilities['Extended Virtual Address Space'] = {
+                        key => value
+                    }
+                when 'com.apple.developer.nfc.readersession.formats'
+                    capabilities['NFC Tag Reading'] =  {
+                        key => value
+                    }
+                when 'com.apple.developer.ClassKit-environment'
+                    capabilities['ClassKit'] =  {
+                        key => value
+                    }
+                when 'com.apple.developer.networking.HotspotConfiguration'
+                    capabilities['Hotspot'] =  {
+                        key => value
+                    }
+                when 'com.apple.developer.devicecheck.appattest-environment'
+                    capabilities['App Attest'] =  {
+                        key => value
+                    }
+                when 'com.apple.developer.coremedia.hls.low-latency'
+                    capabilities['Low Latency HLS'] =  {
+                        key => value
+                    }
+                when 'com.apple.developer.associated-domains.mdm-managed'
+                    capabilities['MDM Managed Associated Domains'] =  {
+                        key => value
+                    }
+                end
+            end
+            capabilities
+        end
+
+
+        def game_center
+            info.try(:[], 'com.apple.developer.game-center').nil?
+        end
+
+        def keychain_access_groups
+            info.try(:[], 'keychain-access-groups').nil?
+        end
+
+
+        def [](key)
+            info.try(:[], key.to_s)
+        end
+
+        def_delegators :info, :to_h
+
+        def method_missing(method_name, *args, &block)
+            info.try(:[], method_name.to_s.ai_camelcase) ||
+                info.send(method_name) ||
+                super
+        end
+
+        def respond_to_missing?(method_name, *args)
+            info.key?(method_name.to_s.ai_camelcase) ||
+                info.respond_to?(method_name) ||
+                super
+        end
+
+        private
+
+        def info
+            return unless File.file?(@file)
+
+            @info ||= CFPropertyList.native_types(CFPropertyList::List.new(file: @file).value)
+        end
+
+    end
+end