cocoapods-privacy 0.4.0 → 0.5.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c4f7ccdf608fd542826f1c394ff71582844055dcc56b89640eeeafa1f145fab3
4
- data.tar.gz: 8fa3fd48b5af2c593fa3d3228430b7e14adbb896c16e3f5361ff78c4c211b390
3
+ metadata.gz: 517e776e5936689d58b230349587b62cae56b02f1204934bed0620cf1117785c
4
+ data.tar.gz: 4ece159c7db2ff224dd1958a5707911410f4f71fb00e337aa12493c53fb4bcdb
5
5
  SHA512:
6
- metadata.gz: be57d03bef6be72e12048d92e0b78b9b0557db7af38e209bd38207f7bd895ffbc4dfa65548fe7437fbfae88207b4b57300f3ebb5f7783191ea3511e7c240dc53
7
- data.tar.gz: 191b66a04667d812add2a3b621b5aec81540363f08481040e4407d2a2624c932d66edebe618f525512e88e5a36ea956f66fdf50d028e7b2d3cef459eb34eb610
6
+ metadata.gz: 5404d58d4e398f9d7074f252960546e9272912ee536687ef6d5c2d9f8577888916e54b5d36399512693b04ebe15aac1b7a7e358236215cf59112a174ffef8dbc
7
+ data.tar.gz: 4169159705cf07dd3f8e994c26bc9b3c65593d680434dc0dea23787fee59c51113559bab1652fcfa9c75e24987fac52fcb257a66bc0f280eae19a313ea068375
data/README.md CHANGED
@@ -1,35 +1,59 @@
1
1
  # cocoapods-privacy
2
2
 
3
- Apple 2024 will review the App's privacy list in the spring, and any apps that don't submit a privacy list may be called back. For now, the privacy list is broken down by component, to facilitate the maintenance of component privacy, cocoapods-privacy is developed for management.
3
+ Apple 2024 will review the App's privacy manifests in the spring, and any apps that don't submit a privacy list may be called back. For now, the privacy list is broken down by component, to facilitate the maintenance of component privacy, cocoapods-privacy is developed for management.
4
4
  [Click to view details on Apple](https://developer.apple.com/documentation/bundleresources/privacy_manifest_files)
5
5
 
6
+ # Introduction
7
+ As name as,cocoapods-privacy is a plugin for privacy manifests, and focus on cocoapods!
8
+
6
9
  ## Installation
7
10
  ```
8
11
  $ gem install cocoapods-privacy
9
12
  ```
10
13
 
11
14
  ## Usage
12
- #### init
15
+ ### init
13
16
  First of all, you must set a json config to cocoapods-privacy, this is a defalut config.json
14
17
  ```
15
18
  $ pod privacy config https://raw.githubusercontent.com/ymoyao/cocoapods-privacy/main/resources/config.json
16
19
  ```
17
20
 
18
- There has 3 keys in defalut config, you should custom it!
19
- * source.white.list : a white list of source, defalut is empty, so, you should add you self component sources, and it work in command 'pod privacy install' or 'pod install --privacy', will search white list for NSPrivacyAccessedAPITypes.
20
- * source.black.list : a black list of source, defalut is empty, it work in command 'pod privacy install' or 'pod install --privacy'.
21
- * api.template.url : its required, a template for search NSPrivacyAccessedAPITypes
21
+ There has 3 keys in defalut config, defalut rule is :To exclude retrieval a component that git source contains certain ‘github.com’ keywords
22
+ ```
23
+ "source.white.list": [],
24
+ "source.black.list": ["github.com"],
25
+ "api.template.url": "https://raw.githubusercontent.com/ymoyao/cocoapods-privacy/main/resources/NSPrivacyAccessedAPITypes.plist"
26
+ ```
27
+ * source.white.list : a white list of source, it effective in command 'pod privacy install' or 'pod install --privacy', will search white list for NSPrivacyAccessedAPITypes.
28
+ * when the whitelist is an empty array, it means all components are whitelist(default config).
29
+ * when the whitelist is not empty, it means only the components in the whitelist array are retrieved.
30
+ * source.black.list : a black list of source, defalut is ‘github.com’, based on the whitelist, the components need to be excluded。 it effective in command 'pod privacy install' or 'pod install --privacy'.
31
+ * api.template.url : its required, a template for search NSPrivacyAccessedAPITypes, you can use the provided by default。
32
+
33
+ If your needs are not met, you can custom! For example, there has some components,and it‘s your local config
22
34
  ```
23
- "source.white.list": ["replace me with yourserver"],
24
- "source.black.list": ["replace me such as github.com"],
35
+ "source.white.list": ["https://github.com/ReactiveCocoa/ReactiveObjC.git","git.yourserver.com","git.otherserver.com"],
36
+ "source.black.list": ["github.com","https://github.com/AFNetworking/AFNetworking.git"],
25
37
  "api.template.url": "https://raw.githubusercontent.com/ymoyao/cocoapods-privacy/main/resources/NSPrivacyAccessedAPITypes.plist"
26
38
  ```
27
- After custom,you can set local config like this
39
+
40
+ ```
41
+ https://github.com/AFNetworking/AFNetworking.git ❌ (it's in 'github.com' black list)
42
+ https://github.com/ReactiveCocoa/ReactiveObjC.git ❌ (it's in 'github.com' black list, although also on the white list,but the blacklist priority is high when conflict)
43
+ https://git.yourserver.com/xxx/xxxx.git ✅
44
+ https://git.yourserver.com/mmm/mmm.git ✅
45
+ https://git.otherserver.com/ssss/ssss.git ✅
46
+ https://git.yourserver.com/AFNetworking/AFNetworking.git ✅
47
+ ```
48
+
49
+ After custom,you just update config by local like this
28
50
  ```
29
51
  $ pod privacy config /yourfilepath/config.json
30
52
  ```
53
+ In a word, if you define both white and black lists ,final search range: white list minus black list, and empty white list means all!
31
54
 
32
- #### To Component
55
+
56
+ ### To Component
33
57
  ```
34
58
  $ pod privacy spec [podspec_file_path]
35
59
  ```
@@ -71,7 +95,7 @@ end
71
95
 
72
96
 
73
97
 
74
- #### To Project
98
+ ### To Project
75
99
  ```
76
100
  $ pod install --privacy
77
101
  or
@@ -83,6 +107,8 @@ After command, a PrivacyInfo.xcprivacy will create to you project Resources if e
83
107
 
84
108
  ## Notice
85
109
  The plugin is focus on NSPrivacyAccessedAPITypes and automatically search and create workflow.
86
- you should manager NSPrivacyCollectedDataTypes by yourself!
87
-
110
+ you should manager NSPrivacyCollectedDataTypes by yourself!
111
+
112
+ ##
113
+ Could you please consider giving our repository a star🌟🌟🌟? It would mean a lot to us and help our project gain more visibility. Thank you!
88
114
 
@@ -1,3 +1,3 @@
1
1
  module CocoapodsPrivacy
2
- VERSION = "0.4.0"
2
+ VERSION = "0.5.1"
3
3
  end
@@ -190,15 +190,122 @@ module PrivacyHunter
190
190
  # 文件是否包含内容
191
191
  def self.contains_apis?(file_path, apis)
192
192
  file_content = File.read(file_path)
193
+
194
+ #核心文件检查段落注释 /* */
195
+ file_extension = File.extname(file_path).downcase
196
+ need_check_paragraph_comment = ['.m', '.c', '.swift', '.mm', '.h', '.hap', '.hpp', '.cpp'].include?(file_extension)
197
+
198
+ if need_check_paragraph_comment
199
+ # 计算段注释 /**/
200
+ apis_found = contains_apis_ignore_all_comment(file_content.lines,apis)
201
+ else
202
+ # 计算单独行注释 //
203
+ apis_found = contains_apis_ignore_line_comment(file_content.lines,apis)
204
+ end
205
+ apis_found
206
+ end
207
+
208
+ def self.contains_apis_ignore_line_comment(lines,apis)
193
209
  apis_found = {}
194
- apis.each do |keyword, value|
195
- if file_content.include?(keyword)
196
- apis_found[keyword] = value
210
+ # 初始化状态机,表示不在注释块内
211
+ in_block_comment_count = 0
212
+ in_block_comment = false
213
+ lines.each do |line|
214
+ next if line.strip.empty? #忽略空行
215
+ next if line.strip.start_with?('//') #忽略单行
216
+
217
+ apis.each do |keyword, value|
218
+ if line.include?(keyword)
219
+ apis_found[keyword] = value
220
+ end
197
221
  end
198
222
  end
199
223
 
200
224
  apis_found
201
225
  end
226
+
227
+ def self.contains_apis_ignore_all_comment(lines,apis)
228
+ apis_found = {}
229
+
230
+ # 段注释和单行注释标志
231
+ in_block_comment = false
232
+ in_line_comment = false
233
+
234
+ # 是否可以触发注释标识,当为true 时可以触发 /*段注释 或者 //单行注释
235
+ can_trigger_comments_flag = true
236
+
237
+ # 统计计数器
238
+ count_comments = 0
239
+
240
+ lines.each do |line|
241
+ next if line.strip.empty? #忽略空行
242
+ next if line.strip.start_with?('//') && !in_block_comment #忽略单行
243
+
244
+ chars = line.chars
245
+ index = 0
246
+ while index < chars.size
247
+ char = chars[index]
248
+
249
+ if char == '/'
250
+ if chars[index + 1] == '*'
251
+ # 检测到 /* 且can_trigger_comments_flag标识为true时,判定为进入 段注释
252
+ if can_trigger_comments_flag
253
+ in_line_comment = false #重置行标识
254
+ in_block_comment = true #标记正在段注释中
255
+ can_trigger_comments_flag = false #回收头部重置标识
256
+ end
257
+
258
+ #段注释每次 遇到 /* 都累加1
259
+ if in_block_comment
260
+ count_comments += 1
261
+ end
262
+
263
+ #跳过当前 /* 两个字符
264
+ index += 2
265
+ next
266
+ # 检测到 can_trigger_comments_flag 为true,且 // 时,说明触发了段注释之后的单行注释 ==》 /**///abcd
267
+ elsif chars[index + 1] == '/' && can_trigger_comments_flag
268
+ in_line_comment = true
269
+ in_block_comment = false
270
+ can_trigger_comments_flag = true
271
+ break
272
+ end
273
+ # 检测到段注释的end 标识 */
274
+ elsif in_block_comment && char == '*' && chars[index + 1] == '/'
275
+
276
+ #段注释每次 遇到 */ 都累减1
277
+ count_comments -= 1
278
+
279
+ #当/* */ 配对时,说明当前段注释结束了
280
+ if count_comments == 0
281
+ in_line_comment = false
282
+ in_block_comment = false
283
+ can_trigger_comments_flag = true
284
+ end
285
+
286
+ #跳过当前 */ 两个字符
287
+ index += 2
288
+ next
289
+ end
290
+
291
+ # 其他情况,前进一个字符
292
+ index += 1
293
+ end
294
+
295
+ if !in_block_comment && !in_line_comment
296
+ apis.each do |keyword, value|
297
+ if line.include?(keyword)
298
+ apis_found[keyword] = value
299
+ end
300
+ end
301
+ end
302
+
303
+ #每行结束时,重置行标识
304
+ in_line_comment = false
305
+ end
306
+ apis_found
307
+ end
308
+
202
309
 
203
310
  #搜索所有子文件夹
204
311
  def self.search_files(folder_paths, exclude_folders, apis)
@@ -33,8 +33,15 @@ module Pod
33
33
 
34
34
  # 判断域名白名单 和 黑名单,确保该组件是自己的组件,第三方sdk不做检索
35
35
  config = Privacy::Config.instance
36
- git_source_whitelisted = config.source_white_list.any? { |item| git_source.include?(item) }
36
+
37
+ ## 规则:
38
+ ## 1、白名单/黑名单是通过组件podspec 中 source 字段的值来匹配,包含关键词即为命中,所有可以是git关键的域名,也可以是完整的git链接
39
+ ## 2、白名单:当白名单为空数组时:默认为全部组件都为白名单!!!; 当白名单不为空时,仅检索白名单数组内的组件
40
+ git_source_whitelisted = config.source_white_list.empty? ? true : config.source_white_list.any? { |item| git_source.include?(item) }
41
+
42
+ ## 3、黑名单:在白名单基础上,需要排除的组件
37
43
  git_source_blacklisted = config.source_black_list.any? { |item| git_source.include?(item) }
44
+ ## 4、最终检索的范围:白名单 - 黑名单
38
45
  git_source_whitelisted && !git_source_blacklisted
39
46
  end
40
47
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cocoapods-privacy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.5.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - youhui
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-03-19 00:00:00.000000000 Z
11
+ date: 2024-04-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler