react-native-update 10.32.0 → 10.33.0

package/android/src/main/java/cn/reactnative/modules/update/DownloadTask.java

@@ -25,6 +25,7 @@ import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.Iterator;
 import java.util.zip.ZipEntry;
+import java.util.zip.CRC32;
 import java.util.HashMap;
 
 import okio.BufferedSink;
@@ -100,7 +101,7 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
             if (UpdateContext.DEBUG) {
                 Log.d("react-native-update", "Progress " + received + "/" + contentLength);
             }
-            
+
             int percentage = (int)(received * 100.0 / contentLength + 0.5);
             if (percentage > currentPercentage) {
                 currentPercentage = percentage;
@@ -198,6 +199,10 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
         return fout.toByteArray();
     }
 
+    private String getCRC32AsDecimal(long crc32Value) {
+        return String.valueOf(crc32Value & 0xFFFFFFFFL);
+    }
+
     private void copyFilesWithBlacklist(String current, File from, File to, JSONObject blackList) throws IOException {
         File[] files = from.listFiles();
         for (File file : files) {
@@ -273,12 +278,41 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
         zipFile.close();
     }
 
+    private void copyFromResourceV2(HashMap<String, ArrayList<File>> resToCopy2) throws IOException {
+        SafeZipFile zipFile = new SafeZipFile(new File(context.getPackageResourcePath()));
+        Enumeration<? extends ZipEntry> entries = zipFile.entries();
+        while (entries.hasMoreElements()) {
+            ZipEntry ze = entries.nextElement();
+            String fn = ze.getName();
+            long zipCrc32 = ze.getCrc();
+            String crc32Decimal = getCRC32AsDecimal(zipCrc32);
+            ArrayList<File> targets = resToCopy2.get(crc32Decimal);
+            if (targets != null) {
+                File lastTarget = null;
+                for (File target: targets) {
+                    if (UpdateContext.DEBUG) {
+                        Log.d("react-native-update", "Copying from resource " + fn + " to " + target);
+                    }
+                    if (lastTarget != null) {
+                        copyFile(lastTarget, target);
+                    } else {
+                        zipFile.unzipToFile(ze, target);
+                        lastTarget = target;
+                    }
+                }
+            }
+        }
+        zipFile.close();
+    }
+
     private void doPatchFromApk(DownloadTaskParams param) throws IOException, JSONException {
         downloadFile(param);
 
         removeDirectory(param.unzipDirectory);
         param.unzipDirectory.mkdirs();
         HashMap<String, ArrayList<File>> copyList = new HashMap<String, ArrayList<File>>();
+        HashMap<String, ArrayList<File>> copiesv2List = new HashMap<String, ArrayList<File>>();
+        Boolean isV2 = false;
 
         boolean foundDiff = false;
         boolean foundBundlePatch = false;
@@ -297,29 +331,58 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
                 JSONObject obj = (JSONObject)new JSONTokener(json).nextValue();
 
                 JSONObject copies = obj.getJSONObject("copies");
+                JSONObject copiesv2 = obj.getJSONObject("copiesv2");
                 Iterator<?> keys = copies.keys();
-                while( keys.hasNext() ) {
-                    String to = (String)keys.next();
-                    String from = copies.getString(to);
-                    if (from.isEmpty()) {
-                        from = to;
+                Iterator<?> keysV2 = copiesv2.keys();
+                if(keysV2.hasNext()){
+                    isV2 = true;
+                    while( keysV2.hasNext() ) {
+                        String from = (String)keysV2.next();
+                        String to = copiesv2.getString(from);
+                        if (from.isEmpty()) {
+                            from = to;
+                        }
+                        ArrayList<File> target = null;
+                        if (!copiesv2List.containsKey(from)) {
+                            target = new ArrayList<File>();
+                            copiesv2List.put(from, target);
+                        } else {
+                            target = copiesv2List.get((from));
+                        }
+                        File toFile = new File(param.unzipDirectory, to);
+
+                        // Fixing a Zip Path Traversal Vulnerability
+                        // https://support.google.com/faqs/answer/9294009
+                        String canonicalPath = toFile.getCanonicalPath();
+                        if (!canonicalPath.startsWith(param.unzipDirectory.getCanonicalPath() + File.separator)) {
+                            throw new SecurityException("Illegal name: " + to);
+                        }
+                        target.add(toFile);
                     }
-                    ArrayList<File> target = null;
-                    if (!copyList.containsKey(from)) {
-                        target = new ArrayList<File>();
-                        copyList.put(from, target);
-                    } else {
-                        target = copyList.get((from));
-                    }
-                    File toFile = new File(param.unzipDirectory, to);
-
-                    // Fixing a Zip Path Traversal Vulnerability
-                    // https://support.google.com/faqs/answer/9294009
-                    String canonicalPath = toFile.getCanonicalPath();
-                    if (!canonicalPath.startsWith(param.unzipDirectory.getCanonicalPath() + File.separator)) {
-                        throw new SecurityException("Illegal name: " + to);
+                }else{
+                    while( keys.hasNext() ) {
+                        String to = (String)keys.next();
+                        String from = copies.getString(to);
+                        if (from.isEmpty()) {
+                            from = to;
+                        }
+                        ArrayList<File> target = null;
+                        if (!copyList.containsKey(from)) {
+                            target = new ArrayList<File>();
+                            copyList.put(from, target);
+                        } else {
+                            target = copyList.get((from));
+                        }
+                        File toFile = new File(param.unzipDirectory, to);
+
+                        // Fixing a Zip Path Traversal Vulnerability
+                        // https://support.google.com/faqs/answer/9294009
+                        String canonicalPath = toFile.getCanonicalPath();
+                        if (!canonicalPath.startsWith(param.unzipDirectory.getCanonicalPath() + File.separator)) {
+                            throw new SecurityException("Illegal name: " + to);
+                        }
+                        target.add(toFile);
                     }
-                    target.add(toFile);
                 }
                 continue;
             }
@@ -348,7 +411,11 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
             throw new Error("bundle patch not found");
         }
 
-        copyFromResource(copyList);
+        if(isV2){
+            copyFromResourceV2(copiesv2List);
+        }else{
+            copyFromResource(copyList);
+        }
 
         if (UpdateContext.DEBUG) {
             Log.d("react-native-update", "Unzip finished");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "react-native-update",
-  "version": "10.32.0",
+  "version": "10.33.0",
   "description": "react-native hot update",
   "main": "src/index",
   "scripts": {