cocoapods-privacy 0.4.0 → 0.5.1
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 517e776e5936689d58b230349587b62cae56b02f1204934bed0620cf1117785c
|
4
|
+
data.tar.gz: 4ece159c7db2ff224dd1958a5707911410f4f71fb00e337aa12493c53fb4bcdb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5404d58d4e398f9d7074f252960546e9272912ee536687ef6d5c2d9f8577888916e54b5d36399512693b04ebe15aac1b7a7e358236215cf59112a174ffef8dbc
|
7
|
+
data.tar.gz: 4169159705cf07dd3f8e994c26bc9b3c65593d680434dc0dea23787fee59c51113559bab1652fcfa9c75e24987fac52fcb257a66bc0f280eae19a313ea068375
|
data/README.md
CHANGED
@@ -1,35 +1,59 @@
|
|
1
1
|
# cocoapods-privacy
|
2
2
|
|
3
|
-
Apple 2024 will review the App's privacy
|
3
|
+
Apple 2024 will review the App's privacy manifests in the spring, and any apps that don't submit a privacy list may be called back. For now, the privacy list is broken down by component, to facilitate the maintenance of component privacy, cocoapods-privacy is developed for management.
|
4
4
|
[Click to view details on Apple](https://developer.apple.com/documentation/bundleresources/privacy_manifest_files)
|
5
5
|
|
6
|
+
# Introduction
|
7
|
+
As name as,cocoapods-privacy is a plugin for privacy manifests, and focus on cocoapods!
|
8
|
+
|
6
9
|
## Installation
|
7
10
|
```
|
8
11
|
$ gem install cocoapods-privacy
|
9
12
|
```
|
10
13
|
|
11
14
|
## Usage
|
12
|
-
|
15
|
+
### init
|
13
16
|
First of all, you must set a json config to cocoapods-privacy, this is a defalut config.json
|
14
17
|
```
|
15
18
|
$ pod privacy config https://raw.githubusercontent.com/ymoyao/cocoapods-privacy/main/resources/config.json
|
16
19
|
```
|
17
20
|
|
18
|
-
There has 3 keys in defalut config,
|
19
|
-
|
20
|
-
|
21
|
-
|
21
|
+
There has 3 keys in defalut config, defalut rule is :To exclude retrieval a component that git source contains certain ‘github.com’ keywords
|
22
|
+
```
|
23
|
+
"source.white.list": [],
|
24
|
+
"source.black.list": ["github.com"],
|
25
|
+
"api.template.url": "https://raw.githubusercontent.com/ymoyao/cocoapods-privacy/main/resources/NSPrivacyAccessedAPITypes.plist"
|
26
|
+
```
|
27
|
+
* source.white.list : a white list of source, it effective in command 'pod privacy install' or 'pod install --privacy', will search white list for NSPrivacyAccessedAPITypes.
|
28
|
+
* when the whitelist is an empty array, it means all components are whitelist(default config).
|
29
|
+
* when the whitelist is not empty, it means only the components in the whitelist array are retrieved.
|
30
|
+
* source.black.list : a black list of source, defalut is ‘github.com’, based on the whitelist, the components need to be excluded。 it effective in command 'pod privacy install' or 'pod install --privacy'.
|
31
|
+
* api.template.url : its required, a template for search NSPrivacyAccessedAPITypes, you can use the provided by default。
|
32
|
+
|
33
|
+
If your needs are not met, you can custom! For example, there has some components,and it‘s your local config
|
22
34
|
```
|
23
|
-
"source.white.list": ["
|
24
|
-
"source.black.list": ["
|
35
|
+
"source.white.list": ["https://github.com/ReactiveCocoa/ReactiveObjC.git","git.yourserver.com","git.otherserver.com"],
|
36
|
+
"source.black.list": ["github.com","https://github.com/AFNetworking/AFNetworking.git"],
|
25
37
|
"api.template.url": "https://raw.githubusercontent.com/ymoyao/cocoapods-privacy/main/resources/NSPrivacyAccessedAPITypes.plist"
|
26
38
|
```
|
27
|
-
|
39
|
+
|
40
|
+
```
|
41
|
+
https://github.com/AFNetworking/AFNetworking.git ❌ (it's in 'github.com' black list)
|
42
|
+
https://github.com/ReactiveCocoa/ReactiveObjC.git ❌ (it's in 'github.com' black list, although also on the white list,but the blacklist priority is high when conflict)
|
43
|
+
https://git.yourserver.com/xxx/xxxx.git ✅
|
44
|
+
https://git.yourserver.com/mmm/mmm.git ✅
|
45
|
+
https://git.otherserver.com/ssss/ssss.git ✅
|
46
|
+
https://git.yourserver.com/AFNetworking/AFNetworking.git ✅
|
47
|
+
```
|
48
|
+
|
49
|
+
After custom,you just update config by local like this
|
28
50
|
```
|
29
51
|
$ pod privacy config /yourfilepath/config.json
|
30
52
|
```
|
53
|
+
In a word, if you define both white and black lists ,final search range: white list minus black list, and empty white list means all!
|
31
54
|
|
32
|
-
|
55
|
+
|
56
|
+
### To Component
|
33
57
|
```
|
34
58
|
$ pod privacy spec [podspec_file_path]
|
35
59
|
```
|
@@ -71,7 +95,7 @@ end
|
|
71
95
|
|
72
96
|
|
73
97
|
|
74
|
-
|
98
|
+
### To Project
|
75
99
|
```
|
76
100
|
$ pod install --privacy
|
77
101
|
or
|
@@ -83,6 +107,8 @@ After command, a PrivacyInfo.xcprivacy will create to you project Resources if e
|
|
83
107
|
|
84
108
|
## Notice
|
85
109
|
The plugin is focus on NSPrivacyAccessedAPITypes and automatically search and create workflow.
|
86
|
-
you should manager NSPrivacyCollectedDataTypes by yourself!
|
87
|
-
|
110
|
+
you should manager NSPrivacyCollectedDataTypes by yourself!
|
111
|
+
|
112
|
+
##
|
113
|
+
Could you please consider giving our repository a star🌟🌟🌟? It would mean a lot to us and help our project gain more visibility. Thank you!
|
88
114
|
|
@@ -190,15 +190,122 @@ module PrivacyHunter
|
|
190
190
|
# 文件是否包含内容
|
191
191
|
def self.contains_apis?(file_path, apis)
|
192
192
|
file_content = File.read(file_path)
|
193
|
+
|
194
|
+
#核心文件检查段落注释 /* */
|
195
|
+
file_extension = File.extname(file_path).downcase
|
196
|
+
need_check_paragraph_comment = ['.m', '.c', '.swift', '.mm', '.h', '.hap', '.hpp', '.cpp'].include?(file_extension)
|
197
|
+
|
198
|
+
if need_check_paragraph_comment
|
199
|
+
# 计算段注释 /**/
|
200
|
+
apis_found = contains_apis_ignore_all_comment(file_content.lines,apis)
|
201
|
+
else
|
202
|
+
# 计算单独行注释 //
|
203
|
+
apis_found = contains_apis_ignore_line_comment(file_content.lines,apis)
|
204
|
+
end
|
205
|
+
apis_found
|
206
|
+
end
|
207
|
+
|
208
|
+
def self.contains_apis_ignore_line_comment(lines,apis)
|
193
209
|
apis_found = {}
|
194
|
-
|
195
|
-
|
196
|
-
|
210
|
+
# 初始化状态机,表示不在注释块内
|
211
|
+
in_block_comment_count = 0
|
212
|
+
in_block_comment = false
|
213
|
+
lines.each do |line|
|
214
|
+
next if line.strip.empty? #忽略空行
|
215
|
+
next if line.strip.start_with?('//') #忽略单行
|
216
|
+
|
217
|
+
apis.each do |keyword, value|
|
218
|
+
if line.include?(keyword)
|
219
|
+
apis_found[keyword] = value
|
220
|
+
end
|
197
221
|
end
|
198
222
|
end
|
199
223
|
|
200
224
|
apis_found
|
201
225
|
end
|
226
|
+
|
227
|
+
def self.contains_apis_ignore_all_comment(lines,apis)
|
228
|
+
apis_found = {}
|
229
|
+
|
230
|
+
# 段注释和单行注释标志
|
231
|
+
in_block_comment = false
|
232
|
+
in_line_comment = false
|
233
|
+
|
234
|
+
# 是否可以触发注释标识,当为true 时可以触发 /*段注释 或者 //单行注释
|
235
|
+
can_trigger_comments_flag = true
|
236
|
+
|
237
|
+
# 统计计数器
|
238
|
+
count_comments = 0
|
239
|
+
|
240
|
+
lines.each do |line|
|
241
|
+
next if line.strip.empty? #忽略空行
|
242
|
+
next if line.strip.start_with?('//') && !in_block_comment #忽略单行
|
243
|
+
|
244
|
+
chars = line.chars
|
245
|
+
index = 0
|
246
|
+
while index < chars.size
|
247
|
+
char = chars[index]
|
248
|
+
|
249
|
+
if char == '/'
|
250
|
+
if chars[index + 1] == '*'
|
251
|
+
# 检测到 /* 且can_trigger_comments_flag标识为true时,判定为进入 段注释
|
252
|
+
if can_trigger_comments_flag
|
253
|
+
in_line_comment = false #重置行标识
|
254
|
+
in_block_comment = true #标记正在段注释中
|
255
|
+
can_trigger_comments_flag = false #回收头部重置标识
|
256
|
+
end
|
257
|
+
|
258
|
+
#段注释每次 遇到 /* 都累加1
|
259
|
+
if in_block_comment
|
260
|
+
count_comments += 1
|
261
|
+
end
|
262
|
+
|
263
|
+
#跳过当前 /* 两个字符
|
264
|
+
index += 2
|
265
|
+
next
|
266
|
+
# 检测到 can_trigger_comments_flag 为true,且 // 时,说明触发了段注释之后的单行注释 ==》 /**///abcd
|
267
|
+
elsif chars[index + 1] == '/' && can_trigger_comments_flag
|
268
|
+
in_line_comment = true
|
269
|
+
in_block_comment = false
|
270
|
+
can_trigger_comments_flag = true
|
271
|
+
break
|
272
|
+
end
|
273
|
+
# 检测到段注释的end 标识 */
|
274
|
+
elsif in_block_comment && char == '*' && chars[index + 1] == '/'
|
275
|
+
|
276
|
+
#段注释每次 遇到 */ 都累减1
|
277
|
+
count_comments -= 1
|
278
|
+
|
279
|
+
#当/* */ 配对时,说明当前段注释结束了
|
280
|
+
if count_comments == 0
|
281
|
+
in_line_comment = false
|
282
|
+
in_block_comment = false
|
283
|
+
can_trigger_comments_flag = true
|
284
|
+
end
|
285
|
+
|
286
|
+
#跳过当前 */ 两个字符
|
287
|
+
index += 2
|
288
|
+
next
|
289
|
+
end
|
290
|
+
|
291
|
+
# 其他情况,前进一个字符
|
292
|
+
index += 1
|
293
|
+
end
|
294
|
+
|
295
|
+
if !in_block_comment && !in_line_comment
|
296
|
+
apis.each do |keyword, value|
|
297
|
+
if line.include?(keyword)
|
298
|
+
apis_found[keyword] = value
|
299
|
+
end
|
300
|
+
end
|
301
|
+
end
|
302
|
+
|
303
|
+
#每行结束时,重置行标识
|
304
|
+
in_line_comment = false
|
305
|
+
end
|
306
|
+
apis_found
|
307
|
+
end
|
308
|
+
|
202
309
|
|
203
310
|
#搜索所有子文件夹
|
204
311
|
def self.search_files(folder_paths, exclude_folders, apis)
|
@@ -33,8 +33,15 @@ module Pod
|
|
33
33
|
|
34
34
|
# 判断域名白名单 和 黑名单,确保该组件是自己的组件,第三方sdk不做检索
|
35
35
|
config = Privacy::Config.instance
|
36
|
-
|
36
|
+
|
37
|
+
## 规则:
|
38
|
+
## 1、白名单/黑名单是通过组件podspec 中 source 字段的值来匹配,包含关键词即为命中,所有可以是git关键的域名,也可以是完整的git链接
|
39
|
+
## 2、白名单:当白名单为空数组时:默认为全部组件都为白名单!!!; 当白名单不为空时,仅检索白名单数组内的组件
|
40
|
+
git_source_whitelisted = config.source_white_list.empty? ? true : config.source_white_list.any? { |item| git_source.include?(item) }
|
41
|
+
|
42
|
+
## 3、黑名单:在白名单基础上,需要排除的组件
|
37
43
|
git_source_blacklisted = config.source_black_list.any? { |item| git_source.include?(item) }
|
44
|
+
## 4、最终检索的范围:白名单 - 黑名单
|
38
45
|
git_source_whitelisted && !git_source_blacklisted
|
39
46
|
end
|
40
47
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cocoapods-privacy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- youhui
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-04-02 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|