cocoapods-privacy 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 75f110acdd889169f011bfa5508d1941cdaccf78ce5dcb43bc51dd79236e793f
+  data.tar.gz: 9db44f1ca04a5991000862935336ba4d1ebbb96508c2e6b2d0877a5d21f5f1d5
+SHA512:
+  metadata.gz: adca9245bb2e2feef01acf8f5215f933b3bd89a97cfd279494e9d0c0f6edc92b82d2daf1b86e8b439e5c7ae1ce0746cb3b67100fdcc23c390ee339bee56d8d60
+  data.tar.gz: a313ab80c11f3479da5f173de9179aae6498d677289e05e0674ffecb089aa6c7905856c061539a5cb1d9add0c418959362edef520a14c2386566ef64fb11a1cc

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2024 youhui <youhui@babybus.com>
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,11 @@
+# cocoapods-privacy
+
+A description of cocoapods-privacy.
+
+## Installation
+
+    $ gem install cocoapods-privacy
+
+## Usage
+
+    $ pod spec privacy POD_NAME

data/lib/cocoapods-privacy/command/install.rb

@@ -0,0 +1,34 @@
+require 'cocoapods-privacy/command'
+
+module Pod
+    class Config
+        attr_accessor :privacy_folds
+        attr_accessor :is_privacy
+    end
+end
+
+module Pod
+    class Command
+      class Install < Command
+        class << self
+          alias_method :origin_options, :options
+          def options
+            [
+            ['--privacy', '使用该参数，会自动生成并更新PrivacyInfo.xcprivacy'],
+            ['--privacy-folds=folds', '指定文件夹检索，多个文件夹使用逗号","分割'],
+            ].concat(origin_options)
+          end
+        end
+  
+        alias_method :privacy_origin_initialize, :initialize
+        def initialize(argv)
+          privacy_folds = argv.option('privacy-folds', '').split(',')
+          is_privacy = argv.flag?('privacy',false)
+          privacy_origin_initialize(argv)
+          instance = Pod::Config.instance
+          instance.privacy_folds = privacy_folds
+          instance.is_privacy = is_privacy
+        end
+      end
+    end
+end

data/lib/cocoapods-privacy/command/privacy/config.rb

@@ -0,0 +1,64 @@
+require 'cocoapods-privacy/command'
+
+module Pod
+    class Command
+      class Privacy < Command
+        class Config < Privacy
+            self.summary = '初始化隐私清单配置'
+  
+            self.description = <<-DESC
+                初始化隐私清单配置，包含必须的隐私api模版，和source 黑白名单等，配置文件格式详细见 #{"https://github.com/ymoyao/cocoapods-privacy"}
+            DESC
+      
+            def initialize(argv)
+                @config = argv.shift_argument
+                super
+            end
+        
+            def validate!
+                super
+                help! 'A config url is required.' unless @config
+                raise Informative, "配置文件格式不是 JSON，请检查配置#{@config}" unless @config.end_with?(".json")                
+            end
+
+            def run
+              load_config_file()
+            end
+
+            def load_config_file
+              # 检查 @config 是远程 URL 还是本地文件路径
+              if @config.start_with?('http')
+                download_remote_config
+              else
+                copy_local_config
+              end
+            end
+            
+            def download_remote_config
+              # 配置文件目录
+              cache_config_file = PrivacyUtils.cache_config_file
+
+              # 开始下载
+              system("curl -o #{cache_config_file} #{@config}")
+
+              if File.exist?(cache_config_file)
+                puts "配置文件已下载到: #{cache_config_file}"
+              else
+                raise Informative, "配置文件下载出错，请检查下载地址#{@config}"
+              end
+            end
+            
+            def copy_local_config
+              # 配置文件目录
+              cache_config_file = PrivacyUtils.cache_config_file
+            
+              # 复制本地文件
+              FileUtils.cp(@config, cache_config_file)
+            
+              puts "配置文件已复制到: #{cache_config_file}"
+            end
+        end
+      end
+    end
+  end
+  

data/lib/cocoapods-privacy/command/privacy/install.rb

@@ -0,0 +1,36 @@
+module Pod
+    class Command
+      class Privacy < Command
+        class Install < Privacy
+            self.summary = '在工程中创建对应隐私清单文件'
+
+            self.description = <<-DESC
+                1、在工程Resources 文件夹下创建隐私清单文件
+                2、搜索对应组件，补全隐私Api部分
+                3、只处理隐私Api部分，隐私权限相关需要自行处理！！！
+            DESC
+
+            def self.options
+                [
+                  ["--folds=folds", '传入自定义搜索文件夹，多个文件目录使用“,”分割'],
+                ].concat(super)
+            end
+
+            def initialize(argv)
+                @folds = argv.option('folds', '').split(',')
+                super
+            end
+    
+            def run
+                installer = installer_for_config
+                installer.repo_update = false
+                installer.update = false
+                installer.deployment = false
+                installer.clean_install = false
+                installer.privacy_analysis(@folds)
+            end
+        end
+      end
+    end
+  end
+  

data/lib/cocoapods-privacy/command/privacy/spec.rb

@@ -0,0 +1,27 @@
+module Pod
+    class Command
+      class Privacy < Command
+        class Spec < Privacy
+            self.summary = '根据 podspec 创建对应隐私清单文件'
+
+            self.description = <<-DESC
+                根据podspec 创建对应隐私清单文件，并自动修改podspec文件，以映射对应隐私清单文件。
+            DESC
+    
+            self.arguments = [
+                CLAide::Argument.new('podspec_file', false, true),
+            ]
+    
+            def initialize(argv)
+                @podspec_file = argv.arguments!.first
+                super
+            end
+    
+            def run
+                PrivacyModule.load_module(@podspec_file)
+            end
+        end
+      end
+    end
+  end
+  

data/lib/cocoapods-privacy/command/privacy.rb

@@ -0,0 +1,20 @@
+module Pod
+  class Command
+    class Privacy < Command
+
+      def initialize(argv)
+        super
+      end
+
+      def run
+        if PrivacyUtils.isMainProject
+          puts "检测到#{PrivacyUtils.project_path || ""}工程文件， 请使用 pod privacy install 对工程进行隐私清单创建和自动检索"
+        elsif PrivacyUtils.podspec_file_path
+          puts "检测到#{PrivacyUtils.podspec_file_path || ""} 组件， 请使用 pod privacy spec 对组件进行隐私清单创建和自动检索"
+        else
+          puts "未检测到工程或podspec 文件， 请切换到工程或podspec文件目录下再次执行命令"
+        end
+      end      
+    end
+  end
+end

data/lib/cocoapods-privacy/command.rb

@@ -0,0 +1,13 @@
+require 'cocoapods-privacy/command/privacy'
+require 'cocoapods-privacy/command/privacy/config'
+require 'cocoapods-privacy/command/privacy/install'
+require 'cocoapods-privacy/command/privacy/spec'
+require 'cocoapods-privacy/command/install'
+
+require 'cocoapods-privacy/privacy/privacy_specification_hook'
+require 'cocoapods-privacy/privacy/privacy_installer_hook'
+require 'cocoapods-privacy/privacy/PrivacyUtils'
+require 'cocoapods-privacy/privacy/PrivacyModule'
+require 'cocoapods-privacy/privacy/PrivacyHunter'
+require 'cocoapods-privacy/privacy/PrivacyConfig'
+

data/lib/cocoapods-privacy/gem_version.rb

@@ -0,0 +1,3 @@
+module CocoapodsPrivacy
+  VERSION = "0.0.1"
+end

data/lib/cocoapods-privacy/privacy/PrivacyConfig.rb

@@ -0,0 +1,28 @@
+require 'cocoapods-privacy/command'
+
+module Privacy
+    class Config
+        
+        def initialize()
+            config_content = File.read(PrivacyUtils.cache_config_file)
+            @json = JSON.parse(config_content)
+        end
+
+        def api_template_url
+            return @json['api.template.url'] || ""
+        end
+
+        def source_black_list
+            return @json['source.black.list'] || []
+        end
+
+        def source_white_list
+            return @json['source.white.list'] || []
+        end
+
+        def self.instance
+            @instance ||= new
+        end
+      
+    end
+end

data/lib/cocoapods-privacy/privacy/PrivacyHunter.rb

@@ -0,0 +1,180 @@
+require 'json'
+require 'cocoapods-privacy/command'
+
+##
+#  功能介绍：
+#  1、检测本地隐私协议清单模版是否最新，如果不存在或不是最新，那么下载远端隐私协议模版
+#  2、使用模版对相关文件夹进行检索
+#  3、检索到的内容转换成隐私协议格式写入 隐私清单文件 PrivacyInfo.xcprivacy
+##
+module PrivacyHunter
+    KTypes = "NSPrivacyAccessedAPITypes"
+    KType = "NSPrivacyAccessedAPIType"
+    KReasons = "NSPrivacyAccessedAPITypeReasons"
+    KAPI = "NSPrivacyAccessedAPI"
+
+    # source_files = ARGV[0]#传入source文件路径，如有多个使用 “,” 逗号分割
+    # privacyInfo_file = ARGV[1]#传入目标 PrivacyInfo.xcprivacy
+
+    def self.search_pricacy_apis(source_folders)
+      # #读取源文件，也就是搜索目标文件
+      # source_folders = source_files.split(",")
+      #模版数据源plist文件
+      template_plist_file = fetch_template_plist_file()
+
+      # 读取并解析 数据源 plist 文件
+      json_str = `plutil -convert json -o - "#{template_plist_file}"`.chomp
+      map = JSON.parse(json_str)
+      arr = map[KTypes]
+
+      #解析并按照API模版查询指定文件夹
+      privacyArr = []
+      arr.each do |value|
+        privacyDict = {}
+        type = value[KType]
+        reasons = []
+        apis = value[KAPI]
+        apis.each do |s_key, s_value|
+            if search_files(source_folders, s_key)
+                s_vlaue_split = s_value.split(',')
+                reasons += s_vlaue_split
+            end
+        end
+        
+        #按照隐私清单拼接数据
+        reasons = reasons.uniq
+        if !reasons.empty?
+            privacyDict[KType] = type
+            privacyDict[KReasons] = reasons
+            privacyArr.push(privacyDict)
+        end
+        # puts "type: #{type}"
+        # puts "reasons: #{reasons.uniq}"
+
+      end
+
+      # 打印出搜索结果
+      puts privacyArr
+
+      # 转换成 JSON 字符串
+      json_data = privacyArr.to_json
+    end
+
+
+    def self.write_to_privacy(json_data,privacy_path)
+      # 转换 JSON 为 plist 格式
+      plist_data = `echo '#{json_data}' | plutil -convert xml1 - -o -`
+
+      # 创建临时文件
+      temp_plist = File.join(PrivacyUtils.cache_privacy_fold,"#{PrivacyUtils.to_md5(privacy_path)}.plist")
+      File.write(temp_plist, plist_data)
+
+      # 获取原先文件中的 NSPrivacyAccessedAPITypes 数据
+      origin_privacy_data = `/usr/libexec/PlistBuddy -c 'Print :NSPrivacyAccessedAPITypes' '#{privacy_path}' 2>/dev/null`
+      new_privacy_data = `/usr/libexec/PlistBuddy -c 'Print' '#{temp_plist}'`
+
+      # 检查新数据和原先数据是否一致
+      if origin_privacy_data.strip == new_privacy_data.strip
+        puts "NSPrivacyAccessedAPITypes 数据一致，无需插入。"
+      else
+        unless origin_privacy_data.strip.empty?
+          # 删除 :NSPrivacyAccessedAPITypes 键
+          system("/usr/libexec/PlistBuddy -c 'Delete :NSPrivacyAccessedAPITypes' '#{privacy_path}'")
+        end
+
+        # 添加 :NSPrivacyAccessedAPITypes 键并设置为数组
+        system("/usr/libexec/PlistBuddy -c 'Add :NSPrivacyAccessedAPITypes array' '#{privacy_path}'")
+
+        # 合并 JSON 数据到隐私文件
+        system("/usr/libexec/PlistBuddy -c 'Merge #{temp_plist} :NSPrivacyAccessedAPITypes' '#{privacy_path}'")
+
+        puts "NSPrivacyAccessedAPITypes 数据已插入。"
+      end
+
+      # 删除临时文件
+      File.delete(temp_plist)
+
+    end
+
+
+    private
+
+
+    def self.fetch_template_plist_file
+
+      unless File.exist?(PrivacyUtils.cache_config_file)
+        raise Informative, "无配置文件，run `pod privacy config config_file' 进行配置"
+      end
+  
+      template_url = Privacy::Config.instance.api_template_url
+      unless template_url && !template_url.empty?
+        raise Informative, "配置文件中无 `api.template.url` 配置，请补全后再更新配置 `pod privacy config config_file` "
+      end
+
+      # 目标文件路径
+      local_file_path = File.join(PrivacyUtils.cache_privacy_fold, 'NSPrivacyAccessedAPITypes.plist')
+      
+      # 获取远程文件更新时间
+      remote_file_time = remoteFileTime?(template_url)
+
+      # 判断本地文件的最后修改时间是否与远端文件一致，如果一致则不进行下载
+      if File.exist?(local_file_path) && file_identical?(local_file_path, remote_file_time)
+        puts "本地文件与远端文件一致，无需下载。文件路径: #{local_file_path}"
+      else
+        # 使用 curl 下载文件
+        system("curl -o #{local_file_path} #{template_url}")
+        puts "文件已下载到: #{local_file_path}"
+
+        # 同步远程文件时间到本地文件
+        syncFileTime?(local_file_path,remote_file_time)
+      end
+      
+      local_file_path
+    end
+
+    # 获取远程文件更新时间
+    def self.remoteFileTime?(remote_url)
+      uri = URI.parse(remote_url)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = (uri.scheme == 'https')
+      response = http.request_head(uri.path)
+
+      response['Last-Modified']
+    end
+
+    # 判断本地文件的最后修改时间与远端文件的最后修改时间是否一致
+    def self.file_identical?(local_file_path, remote_file_time) 
+      remote_file_time && Time.parse(remote_file_time) == File.mtime(local_file_path)
+    end
+
+    # 同步远程文件时间到本地文件
+    def self.syncFileTime?(local_file_path, remote_file_time)
+      File.utime(File.atime(local_file_path), Time.parse(remote_file_time), local_file_path)
+    end
+
+    # 文件是否包含内容
+    def self.contains_keyword?(file_path, keyword)
+      File.read(file_path).include? keyword
+    end
+
+    #搜索所有子文件夹
+    def self.search_files(folder_paths, keyword)
+
+      # 获取文件夹下所有文件（包括子文件夹）
+      all_files = []
+      folder_paths.each do |folder|
+        allowed_extensions = ['m', 'c', 'swift', 'mm', 'hap', 'cpp']
+        pattern = File.join(folder, '**', '*.{'+allowed_extensions.join(',')+'}')
+        all_files += Dir.glob(pattern, File::FNM_DOTMATCH).reject { |file| File.directory?(file) }
+      end
+      # 遍历文件进行检索
+      all_files.uniq.each_with_index do |file_path, index|
+        if contains_keyword?(file_path, keyword)
+          puts "File #{file_path} contains the keyword '#{keyword}'."
+          return true
+        end
+      end
+      return false
+    end
+end
+

data/lib/cocoapods-privacy/privacy/PrivacyModule.rb

@@ -0,0 +1,296 @@
+require 'cocoapods-privacy/command'
+require 'cocoapods-core/specification/dsl/attribute_support'
+require 'cocoapods-core/specification/dsl/attribute'
+require 'xcodeproj'
+
+class BBRow
+  attr_accessor  :content, :is_comment, :is_spec_start, :is_spec_end, :key, :value
+
+  def initialize(content, is_comment=false, is_spec_start=false, is_spec_end=false)
+    @content = content
+    @is_comment = is_comment
+    @is_spec_start = is_spec_start
+    @is_spec_end = is_spec_end
+
+    parse_key_value
+  end
+
+  def parse_key_value
+    # 在这里添加提取 key 和 value 的逻辑
+    if @content.include?('=')
+      key_value_split = @content.split('=')
+      @key = key_value_split[0]
+      @value = key_value_split[1..-1].join('=')
+    else
+      @key = nil
+      @value = nil
+    end
+  end
+end
+
+class BBSpec
+  attr_accessor :name, :alias_name, :full_name, :rows, :privacy_sources, :privacy_file
+
+  def initialize(name,alias_name,full_name)
+    @rows = []
+    @privacy_sources = []
+    @name = name
+    @alias_name = alias_name
+    @full_name = full_name
+    @privacy_file = "Pod/Privacy/#{full_name}/PrivacyInfo.xcprivacy"
+  end
+
+  def privacy_handle(podspec_file_path)
+    @rows.each_with_index do |line, index|
+      if !line || line.is_a?(BBSpec) || !line.key || line.key.empty? 
+        next
+      end
+       
+      if !line.is_comment && line.key.include?(".resource_bundle")
+        @has_resource_bundle = true
+      elsif !line.is_comment && line.key.include?(".source_files")
+        spec = eval("Pod::Spec.new do |s|; s.source_files = #{line.value}; end;")
+        if spec && !spec.attributes_hash['source_files'].nil?
+          source_files_value = spec.attributes_hash['source_files']
+          if source_files_value.is_a?(String)
+            source_files_array = [source_files_value]
+          elsif source_files_value.is_a?(Array)
+            # 如果已经是数组，直接使用
+            source_files_array = source_files_value
+          else
+            # 其他情况，默认为空数组
+            source_files_array = []
+          end
+        
+          @privacy_sources = source_files_array.map do |file_path|
+            File.join(File.dirname(podspec_file_path), file_path.strip)
+          end
+        end
+      end
+    end
+    create_privacy_file_if_need(podspec_file_path)
+    modify_privacy_resource_bundle_if_need()
+  end
+
+  # 对应Spec新增隐私文件
+  def create_privacy_file_if_need(podspec_file_path)
+    if !@privacy_sources.empty?
+      PrivacyUtils.create_privacy_if_empty(File.join(File.dirname(podspec_file_path), @privacy_file))
+    end
+  end
+
+  # 把新增的隐私文件 映射给 podspec
+  def modify_privacy_resource_bundle_if_need
+    if !@privacy_sources.empty?
+      privacy_resource_bundle = { "#{full_name}.privacy" => @privacy_file }
+      if @has_resource_bundle
+        @rows.each_with_index do |line, index|
+          if !line || line.is_a?(BBSpec) || !line.key || line.key.empty? 
+            next
+          end
+
+          if !line.is_comment && line.key.include?(".resource_bundle")
+            origin_resource_bundle = eval(line.value)
+            merged_resource_bundle = origin_resource_bundle.merge(privacy_resource_bundle)
+
+            @resource_bundle = merged_resource_bundle
+            line.value = merged_resource_bundle
+            line.content = "#{line.key}= #{line.value}"
+          end
+        end
+      else
+        space = PrivacyUtils.count_spaces_before_first_character(rows.first.content)
+        line = "#{alias_name}.resource_bundle = #{privacy_resource_bundle}"
+        line = PrivacyUtils.add_spaces_to_string(line,space + 2)
+        row = BBRow.new(line)
+        @rows.insert(1, row)
+      end
+    end
+  end
+end
+
+
+module PrivacyModule
+
+  public
+
+  # 处理工程
+  def self.load_project(folds)
+    project_path = PrivacyUtils.project_path()
+    resources_folder_path = File.join(File.basename(project_path, File.extname(project_path)),'Resources')
+    privacy_file_path = File.join(resources_folder_path,PrivacyUtils.privacy_name)
+    # 如果隐私文件不存在，创建隐私协议模版
+    unless File.exist?(privacy_file_path) 
+      PrivacyUtils.create_privacy_if_empty(privacy_file_path)
+    end
+    
+    # 如果没有隐私文件，那么新建一个添加到工程中
+    # 打开 Xcode 项目，在Resources 下创建
+    project = Xcodeproj::Project.open(File.basename(project_path))
+    main_group = project.main_group
+    resources_group = PrivacyUtils.find_group_by_path(main_group,resources_folder_path)
+    if resources_group.nil?
+      resources_group = main_group.new_group('Resources',resources_folder_path)
+    end
+
+    # 如果不存在引用，创建新的引入xcode引用
+    if resources_group.find_file_by_path(PrivacyUtils.privacy_name).nil?
+      resources_group.new_reference(PrivacyUtils.privacy_name)
+      # resources_group.new_file(privacy_file_path)
+    end
+    
+    project.save
+
+    # 开始检索api,并返回json 字符串数据
+    json_data = PrivacyHunter.search_pricacy_apis(folds)
+
+    # 将数据写入隐私清单文件
+    PrivacyHunter.write_to_privacy(json_data,privacy_file_path)
+  end
+
+  # 处理组件
+  def self.load_module(podspec_file)
+    podspec_file_path = podspec_file ? podspec_file : PrivacyUtils.podspec_file_path
+    unless podspec_file_path && !podspec_file_path.empty?
+      raise Informative, "no podspec file were found, please run `pod privacy podspec_file_path`"               
+    end
+
+    privacy_hash = PrivacyModule.check(podspec_file_path)
+    privacy_hash.each do |privacy_file_path, source_files|
+      data = PrivacyHunter.search_pricacy_apis(source_files)
+      PrivacyHunter.write_to_privacy(data,privacy_file_path) unless data.empty?
+    end
+  end
+
+  def self.check(podspec_file_path)
+      # Step 1: 读取podspec
+      lines = read_podspec(podspec_file_path)
+      
+      # Step 2: 逐行解析并转位BBRow 模型
+      rows = parse_row(lines)
+
+      # Step 3.1:如果Row 是属于Spec 内，那么聚拢成BBSpec，
+      # Step 3.2:BBSpec 内使用数组存储其Spec 内的行
+      # Step 3.3 在合适位置给每个有效的spec都创建一个 隐私模版，并修改其podspec 引用
+      combin_sepcs_and_rows = combin_sepc_if_need(rows,podspec_file_path)
+
+      # Step 4: 展开修改后的Spec,重新转换成 BBRow
+      rows = unfold_sepc_if_need(combin_sepcs_and_rows)
+
+      # Step 5: 打开隐私模版，并修改其podspec文件，并逐行写入
+      File.open(podspec_file_path, 'w') do |file|
+        # 逐行写入 rows
+        rows.each do |row|
+          file.puts(row.content)
+        end
+      end
+
+     
+      # Step 6: 获取privacy 相关信息，传递给后续处理
+      privacy_hash = fetch_privacy_hash(combin_sepcs_and_rows,podspec_file_path)
+      filtered_privacy_hash = privacy_hash.reject { |_, value| value.empty? }
+      filtered_privacy_hash
+  end
+
+  private
+  def self.read_podspec(file_path)
+    File.readlines(file_path)
+  end
+  
+  def self.parse_row(lines)
+    rows = []  
+    if_stack = [] #排除if end 干扰
+    lines.each do |line|
+      content = line.strip
+      is_comment = content.start_with?('#')
+      is_spec_start = !is_comment && (content.include?('Pod::Spec.new') || content.include?('.subspec'))
+      is_if = !is_comment && content.start_with?('if')  
+      is_end = !is_comment && content.start_with?('end')
+      # 排除if end 对spec_end 的干扰
+      if_stack.push(true) if is_if
+      is_spec_end = if_stack.empty? && is_end
+      if_stack.pop if is_end
+      row = BBRow.new(line, is_comment, is_spec_start, is_spec_end)
+      rows << row
+    end
+    rows
+  end
+
+  # 数据格式：
+  # [
+  #   BBRow
+  #   BBRow
+  #   BBSpec
+  #     rows
+  #         [
+  #            BBRow
+  #            BBSpec 
+  #            BBRow
+  #            BBRow
+  #         ] 
+  #   BBRow
+  #   ......  
+  # ]
+  # 合并Row -> Spec（会存在部分行不在Spec中：Spec new 之前的注释）
+  def self.combin_sepc_if_need(rows,podspec_file_path) 
+    spec_stack = []
+    result_rows = []
+    default_name = File.basename(podspec_file_path, File.extname(podspec_file_path))
+
+    rows.each do |row|
+      if row.is_spec_start 
+        # 创建 spec
+        name = row.content.split("'")[1]&.strip || default_name
+        alias_name = row.content.split("|")[1]&.strip
+        full_name = spec_stack.empty? ? name : "#{spec_stack.last.full_name}.#{name}" 
+        spec = BBSpec.new(name,alias_name,full_name)
+        spec.rows << row
+
+        # 当存在 spec 时，存储在 spec.rows 中；不存在时，直接存储在外层
+        (spec_stack.empty? ? result_rows : spec_stack.last.rows) << spec
+  
+        # spec 入栈
+        spec_stack.push(spec)
+      elsif row.is_spec_end
+        # 当前 spec 的 rows 加入当前行
+        spec_stack.last&.rows << row
+
+        #执行隐私协议修改
+        spec_stack.last.privacy_handle(podspec_file_path)
+
+        # spec 出栈
+        spec_stack.pop
+      else
+        # 当存在 spec 时，存储在 spec.rows 中；不存在时，直接存储在外层
+        (spec_stack.empty? ? result_rows : spec_stack.last.rows) << row
+      end
+    end
+  
+    result_rows
+  end
+
+  # 把所有的spec中的rows 全部展开，拼接成一级数组【BBRow】
+  def self.unfold_sepc_if_need(rows)
+    result_rows = []
+    rows.each do |row|
+      if row.is_a?(BBSpec) 
+        result_rows += unfold_sepc_if_need(row.rows)
+      else
+          result_rows << row
+      end
+    end
+    result_rows
+  end
+
+
+  def self.fetch_privacy_hash(rows,podspec_file_path)
+    privacy_hash = {}
+    filtered_rows = rows.select { |row| row.is_a?(BBSpec) }
+    filtered_rows.each do |spec|
+      privacy_hash[File.join(File.dirname(podspec_file_path),spec.privacy_file)] = spec.privacy_sources
+      privacy_hash.merge!(fetch_privacy_hash(spec.rows,podspec_file_path))
+    end
+    privacy_hash
+  end
+
+end

data/lib/cocoapods-privacy/privacy/PrivacyUtils.rb

@@ -0,0 +1,124 @@
+require 'digest'
+
+module PrivacyUtils
+
+    def self.privacy_name
+      'PrivacyInfo.xcprivacy'
+    end
+    
+    # 通过是否包含podspec 来判断是否为主工程
+    def self.isMainProject
+      !(podspec_file_path && !podspec_file_path.empty)
+    end
+
+    # 查找podspec
+    def self.podspec_file_path
+      base_path = Pathname.pwd
+      matching_files = Dir.glob(File.join(base_path, '*.podspec'))
+      matching_files.first
+    end
+
+    # xcode工程地址
+    def self.project_path
+      matching_files = Dir[File.join(Pathname.pwd, '*.xcodeproj')].uniq
+      matching_files.first
+    end
+
+    # xcode工程主代码目录
+    def self.project_code_fold
+      projectPath = project_path
+      File.join(Pathname.pwd,File.basename(projectPath, File.extname(projectPath)))
+    end
+
+    # 使用正则表达式匹配第一个字符前的空格数量
+    def self.count_spaces_before_first_character(str)
+      match = str.match(/\A\s*/)
+      match ? match[0].length : 0
+    end
+
+    # 使用字符串乘法添加指定数量的空格
+    def self.add_spaces_to_string(str, num_spaces)
+      spaces = ' ' * num_spaces
+      "#{spaces}#{str}"
+    end
+
+    def self.to_md5(string)
+      md5 = Digest::MD5.new
+      md5.update(string)
+      md5.hexdigest
+    end
+
+    def self.cache_privacy_fold
+      # 本地缓存目录
+      cache_directory = File.expand_path('~/.cache')
+      
+      # 目标文件夹路径
+      target_directory = File.join(cache_directory, 'cocoapods-privacy', 'privacy')
+
+      # 如果文件夹不存在，则创建
+      FileUtils.mkdir_p(target_directory) unless Dir.exist?(target_directory)
+
+      target_directory
+    end
+
+    def self.cache_config_file
+      config_file = File.join(cache_privacy_fold, 'config.json')
+    end
+
+    # 创建默认隐私协议文件
+    def self.create_privacy_if_empty(file_path) 
+      # 文件内容
+     file_content = <<~EOS
+     <?xml version="1.0" encoding="UTF-8"?>
+     <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+     <plist version="1.0">
+     <dict>
+       <key>NSPrivacyTracking</key>
+       <false/>
+       <key>NSPrivacyTrackingDomains</key>
+       <array/>
+       <key>NSPrivacyCollectedDataTypes</key>
+       <array/>
+       <key>NSPrivacyAccessedAPITypes</key>
+       <array/>
+     </dict>
+     </plist>     
+     EOS
+   
+     isCreate = create_file_and_fold_if_no_exit(file_path,file_content)
+     if isCreate
+       puts "【隐私清单】（初始化）存放地址 => #{file_path}"
+     end
+   end
+   
+   # 创建文件，并写入默认值，文件路径不存在会自动创建
+   def self.create_file_and_fold_if_no_exit(file_path,file_content = nil)
+     folder_path = File.dirname(file_path)
+     FileUtils.mkdir_p(folder_path) unless File.directory?(folder_path)
+   
+     # 创建文件（如果不存在/或为空）
+     if !File.exist?(file_path) || File.zero?(file_path)
+       File.open(file_path, 'w') do |file|
+         file.write(file_content)
+       end
+       return true
+     end 
+     return false
+   end
+
+   # 查询group 中是否有执行路径的子group
+   def self.find_group_by_path(group,path)
+     result = nil
+     sub_group = group.children
+     if sub_group && !sub_group.empty?
+       sub_group.each do |item|
+         if item.path == path
+           result = item
+           break
+         end
+       end
+     end
+     result
+   end
+
+end

data/lib/cocoapods-privacy/privacy/privacy_installer_hook.rb

@@ -0,0 +1,123 @@
+require 'active_support/core_ext/string/inflections'
+require 'fileutils'
+require 'cocoapods/podfile'
+require 'cocoapods-privacy/command'
+
+module Pod
+  # The Installer is responsible of taking a Podfile and transform it in the
+  # Pods libraries. It also integrates the user project so the Pods
+  # libraries can be used out of the box.
+  #
+  # The Installer is capable of doing incremental updates to an existing Pod
+  # installation.
+  #
+  # The Installer gets the information that it needs mainly from 3 files:
+  #
+  #   - Podfile: The specification written by the user that contains
+  #     information about targets and Pods.
+  #   - Podfile.lock: Contains information about the pods that were previously
+  #     installed and in concert with the Podfile provides information about
+  #     which specific version of a Pod should be installed. This file is
+  #     ignored in update mode.
+  #   - Manifest.lock: A file contained in the Pods folder that keeps track of
+  #     the pods installed in the local machine. This files is used once the
+  #     exact versions of the Pods has been computed to detect if that version
+  #     is already installed. This file is not intended to be kept under source
+  #     control and is a copy of the Podfile.lock.
+  #
+  # The Installer is designed to work in environments where the Podfile folder
+  # is under source control and environments where it is not. The rest of the
+  # files, like the user project and the workspace are assumed to be under
+  # source control.
+  #
+  class Installer
+    autoload :Analyzer,                     'cocoapods/installer/analyzer'
+    autoload :InstallationOptions,          'cocoapods/installer/installation_options'
+    autoload :PostInstallHooksContext,      'cocoapods/installer/post_install_hooks_context'
+    autoload :PreInstallHooksContext,       'cocoapods/installer/pre_install_hooks_context'
+    autoload :BaseInstallHooksContext,      'cocoapods/installer/base_install_hooks_context'
+    autoload :PostIntegrateHooksContext,    'cocoapods/installer/post_integrate_hooks_context'
+    autoload :PreIntegrateHooksContext,     'cocoapods/installer/pre_integrate_hooks_context'
+    autoload :SourceProviderHooksContext,   'cocoapods/installer/source_provider_hooks_context'
+    autoload :PodfileValidator,             'cocoapods/installer/podfile_validator'
+    autoload :PodSourceDownloader,          'cocoapods/installer/pod_source_downloader'
+    autoload :PodSourceInstaller,           'cocoapods/installer/pod_source_installer'
+    autoload :PodSourcePreparer,            'cocoapods/installer/pod_source_preparer'
+    autoload :UserProjectIntegrator,        'cocoapods/installer/user_project_integrator'
+    autoload :Xcode,                        'cocoapods/installer/xcode'
+    autoload :SandboxHeaderPathsInstaller,  'cocoapods/installer/sandbox_header_paths_installer'
+    autoload :SandboxDirCleaner,            'cocoapods/installer/sandbox_dir_cleaner'
+    autoload :ProjectCache,                 'cocoapods/installer/project_cache/project_cache'
+    autoload :TargetUUIDGenerator,          'cocoapods/installer/target_uuid_generator'
+
+
+    # 直接执行 pod privacy 时调用
+    def privacy_analysis(custom_folds)
+      prepare
+      resolve_dependencies
+      clean_sandbox
+
+      privacy_handle(custom_folds)
+    end
+
+    # hook pod install 命令
+    alias_method :privacy_origin_install!, :install!
+        def install!
+        privacy_origin_install!()
+ 
+        if !(Pod::Config.instance.is_privacy || !Pod::Config.instance.privacy_folds.empty?)
+          return
+        end
+
+        privacy_handle(Pod::Config.instance.privacy_folds)
+    end
+
+
+    def privacy_handle(custom_folds)
+      # 过滤出自身组件 && 自身没有隐私协议文件的spec
+      modules = @analysis_result.specifications.select { 
+        |obj| obj.is_need_search_module && !obj.has_privacy
+      }
+      
+      # 存储本地调试组件
+      development_folds = []
+
+      # 获取组件所在工程的pods 目录
+      pod_folds = modules.map{ |spec|
+        name = spec.name.split('/').first
+        fold = File.join(@sandbox.root,name)
+        if Dir.exist?(fold)
+          fold
+        else
+          development_pods = @sandbox.development_pods
+          if name && development_pods
+            podspec_file_path = development_pods[name]
+            if podspec_file_path && !podspec_file_path.empty? 
+              podspec_fold_path = File.dirname(podspec_file_path)
+              source_files = spec.attributes_hash['source_files']
+              if source_files && !source_files.empty?
+                source_files.each do |file|
+                  development_folds << File.join(podspec_fold_path,file)
+                end
+              end
+            end
+          end
+          nil
+        end
+      }.compact
+    
+      
+      pod_folds += development_folds # 拼接本地调试和远端的pod目录 
+      pod_folds += [PrivacyUtils.project_code_fold].compact # 拼接工程同名主目录
+      pod_folds += custom_folds || [] # 拼接外部传入的自定义目录
+      pod_folds = pod_folds.uniq # 去重
+
+      if pod_folds.empty?
+        puts "无组件或工程目录, 请检查工程"
+      else
+        # 处理工程隐私协议
+        PrivacyModule.load_project(pod_folds)
+      end
+    end
+  end
+end

data/lib/cocoapods-privacy/privacy/privacy_specification_hook.rb

@@ -0,0 +1,53 @@
+
+require 'cocoapods-core/specification/root_attribute_accessors'
+
+module Pod
+    # The Specification provides a DSL to describe a Pod. A pod is defined as a
+    # library originating from a source. A specification can support detailed
+    # attributes for modules of code  through subspecs.
+    #
+    # Usually it is stored in files with `podspec` extension.
+    #
+    class Specification
+
+        # 是否含有隐私协议文件
+        def has_privacy
+            resource_bundle = attributes_hash['resource_bundles']
+            resource_bundle && resource_bundle.to_s.include?('PrivacyInfo.xcprivacy')
+        end
+
+        # 是否为需要检索组件
+        def is_need_search_module
+            unless File.exist?(PrivacyUtils.cache_config_file)
+                raise Informative, "无配置文件，run `pod privacy config config_file` 进行配置"
+            end
+
+            #查找source(可能是subspec)
+            git_source = recursive_git_source(self)
+            unless git_source
+                return false
+            end
+
+            # 判断域名白名单 和 黑名单，确保该组件是自己的组件，第三方sdk不做检索
+            config = Privacy::Config.instance          
+            git_source_whitelisted = config.source_white_list.any? { |item| git_source.include?(item) }
+            git_source_blacklisted = config.source_black_list.any? { |item| git_source.include?(item) }
+            git_source_whitelisted && !git_source_blacklisted
+        end
+
+        # 返回resource_bundles
+        def bb_resource_bundles
+          hash_value['resource_bundles']
+        end
+
+        private
+        def recursive_git_source(spec)
+            return nil unless spec
+            if spec.source && spec.source.key?(:git)
+                spec.source[:git]
+            else
+                recursive_git_source(spec.instance_variable_get(:@parent))
+            end
+        end
+    end
+end

data/lib/cocoapods-privacy.rb

@@ -0,0 +1 @@
+require 'cocoapods-privacy/gem_version'

data/lib/cocoapods_plugin.rb

@@ -0,0 +1 @@
+require 'cocoapods-privacy/command'

data/spec/command/privacy_spec.rb

@@ -0,0 +1,12 @@
+require File.expand_path('../../spec_helper', __FILE__)
+
+module Pod
+  describe Command::Privacy do
+    describe 'CLAide' do
+      it 'registers it self' do
+        Command.parse(%w{ privacy }).should.be.instance_of Command::Privacy
+      end
+    end
+  end
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,50 @@
+require 'pathname'
+ROOT = Pathname.new(File.expand_path('../../', __FILE__))
+$:.unshift((ROOT + 'lib').to_s)
+$:.unshift((ROOT + 'spec').to_s)
+
+require 'bundler/setup'
+require 'bacon'
+require 'mocha-on-bacon'
+require 'pretty_bacon'
+require 'pathname'
+require 'cocoapods'
+
+Mocha::Configuration.prevent(:stubbing_non_existent_method)
+
+require 'cocoapods_plugin'
+
+#-----------------------------------------------------------------------------#
+
+module Pod
+
+  # Disable the wrapping so the output is deterministic in the tests.
+  #
+  UI.disable_wrap = true
+
+  # Redirects the messages to an internal store.
+  #
+  module UI
+    @output = ''
+    @warnings = ''
+
+    class << self
+      attr_accessor :output
+      attr_accessor :warnings
+
+      def puts(message = '')
+        @output << "#{message}\n"
+      end
+
+      def warn(message = '', actions = [])
+        @warnings << "#{message}\n"
+      end
+
+      def print(message)
+        @output << message
+      end
+    end
+  end
+end
+
+#-----------------------------------------------------------------------------#

metadata

@@ -0,0 +1,92 @@
+--- !ruby/object:Gem::Specification
+name: cocoapods-privacy
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- youhui
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2024-01-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: A short description of cocoapods-privacy.
+email:
+- developer_yh@163.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- lib/cocoapods-privacy.rb
+- lib/cocoapods-privacy/command.rb
+- lib/cocoapods-privacy/command/install.rb
+- lib/cocoapods-privacy/command/privacy.rb
+- lib/cocoapods-privacy/command/privacy/config.rb
+- lib/cocoapods-privacy/command/privacy/install.rb
+- lib/cocoapods-privacy/command/privacy/spec.rb
+- lib/cocoapods-privacy/gem_version.rb
+- lib/cocoapods-privacy/privacy/PrivacyConfig.rb
+- lib/cocoapods-privacy/privacy/PrivacyHunter.rb
+- lib/cocoapods-privacy/privacy/PrivacyModule.rb
+- lib/cocoapods-privacy/privacy/PrivacyUtils.rb
+- lib/cocoapods-privacy/privacy/privacy_installer_hook.rb
+- lib/cocoapods-privacy/privacy/privacy_specification_hook.rb
+- lib/cocoapods_plugin.rb
+- spec/command/privacy_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/ymoyao/cocoapods-privacy
+licenses:
+- MIT
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.4.21
+signing_key:
+specification_version: 4
+summary: A longer description of cocoapods-privacy.
+test_files:
+- spec/command/privacy_spec.rb
+- spec/spec_helper.rb