react-native-update 10.35.8 → 10.36.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1,7 +1,10 @@
|
|
|
1
1
|
package cn.reactnative.modules.update;
|
|
2
2
|
|
|
3
3
|
import android.content.Context;
|
|
4
|
+
import android.content.pm.ApplicationInfo;
|
|
5
|
+
import android.content.pm.PackageManager;
|
|
4
6
|
import android.os.AsyncTask;
|
|
7
|
+
import android.os.Build;
|
|
5
8
|
import android.util.Log;
|
|
6
9
|
import com.facebook.react.bridge.Arguments;
|
|
7
10
|
import com.facebook.react.bridge.WritableMap;
|
|
@@ -25,7 +28,6 @@ import java.util.ArrayList;
|
|
|
25
28
|
import java.util.Enumeration;
|
|
26
29
|
import java.util.Iterator;
|
|
27
30
|
import java.util.zip.ZipEntry;
|
|
28
|
-
import java.util.zip.CRC32;
|
|
29
31
|
import java.util.HashMap;
|
|
30
32
|
|
|
31
33
|
import okio.BufferedSink;
|
|
@@ -98,9 +100,6 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
|
|
|
98
100
|
while ((bytesRead = source.read(sink.buffer(), DOWNLOAD_CHUNK_SIZE)) != -1) {
|
|
99
101
|
received += bytesRead;
|
|
100
102
|
sink.emit();
|
|
101
|
-
if (UpdateContext.DEBUG) {
|
|
102
|
-
Log.d("react-native-update", "Progress " + received + "/" + contentLength);
|
|
103
|
-
}
|
|
104
103
|
|
|
105
104
|
int percentage = (int)(received * 100.0 / contentLength + 0.5);
|
|
106
105
|
if (percentage > currentPercentage) {
|
|
@@ -199,10 +198,6 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
|
|
|
199
198
|
return fout.toByteArray();
|
|
200
199
|
}
|
|
201
200
|
|
|
202
|
-
private String getCRC32AsDecimal(long crc32Value) {
|
|
203
|
-
return String.valueOf(crc32Value & 0xFFFFFFFFL);
|
|
204
|
-
}
|
|
205
|
-
|
|
206
201
|
private void copyFilesWithBlacklist(String current, File from, File to, JSONObject blackList) throws IOException {
|
|
207
202
|
File[] files = from.listFiles();
|
|
208
203
|
for (File file : files) {
|
|
@@ -252,57 +247,209 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
|
|
|
252
247
|
}
|
|
253
248
|
}
|
|
254
249
|
|
|
255
|
-
private
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
250
|
+
private String findDrawableFallback(String originalToPath, HashMap<String, String> copiesMap, HashMap<String, ZipEntry> availableEntries) {
|
|
251
|
+
// 检查是否是 drawable 路径
|
|
252
|
+
if (!originalToPath.contains("drawable")) {
|
|
253
|
+
return null;
|
|
254
|
+
}
|
|
260
255
|
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
256
|
+
// 提取文件名(路径的最后部分)
|
|
257
|
+
int lastSlash = originalToPath.lastIndexOf('/');
|
|
258
|
+
if (lastSlash == -1) {
|
|
259
|
+
return null;
|
|
260
|
+
}
|
|
261
|
+
String fileName = originalToPath.substring(lastSlash + 1);
|
|
262
|
+
|
|
263
|
+
// 定义密度优先级(从高到低)
|
|
264
|
+
String[] densities = {"xxxhdpi", "xxhdpi", "xhdpi", "hdpi", "mdpi", "ldpi"};
|
|
265
|
+
|
|
266
|
+
// 尝试找到相同文件名但不同密度的 key
|
|
267
|
+
for (String density : densities) {
|
|
268
|
+
// 构建可能的 key 路径(替换密度部分)
|
|
269
|
+
String fallbackToPath = originalToPath.replaceFirst("drawable-[^/]+", "drawable-" + density);
|
|
270
|
+
|
|
271
|
+
// 检查这个 key 是否在 copies 映射中
|
|
272
|
+
if (copiesMap.containsKey(fallbackToPath)) {
|
|
273
|
+
String fallbackFromPath = copiesMap.get(fallbackToPath);
|
|
274
|
+
// 检查对应的 value 路径是否在 APK 中存在
|
|
275
|
+
if (availableEntries.containsKey(fallbackFromPath)) {
|
|
266
276
|
if (UpdateContext.DEBUG) {
|
|
267
|
-
Log.d("react-native-update", "
|
|
268
|
-
}
|
|
269
|
-
if (lastTarget != null) {
|
|
270
|
-
copyFile(lastTarget, target);
|
|
271
|
-
} else {
|
|
272
|
-
zipFile.unzipToFile(ze, target);
|
|
273
|
-
lastTarget = target;
|
|
277
|
+
Log.d("react-native-update", "Found fallback for " + originalToPath + ": " + fallbackToPath + " -> " + fallbackFromPath);
|
|
274
278
|
}
|
|
279
|
+
return fallbackFromPath;
|
|
275
280
|
}
|
|
276
281
|
}
|
|
277
282
|
}
|
|
278
|
-
|
|
283
|
+
|
|
284
|
+
return null;
|
|
279
285
|
}
|
|
280
286
|
|
|
281
|
-
private void
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
287
|
+
private void copyFromResource(HashMap<String, ArrayList<File> > resToCopy, HashMap<String, String> copiesMap) throws IOException {
|
|
288
|
+
if (UpdateContext.DEBUG) {
|
|
289
|
+
Log.d("react-native-update", "copyFromResource called, resToCopy size: " + resToCopy.size());
|
|
290
|
+
}
|
|
291
|
+
|
|
292
|
+
// 收集所有 APK 路径(包括基础 APK 和所有 split APK)
|
|
293
|
+
ArrayList<String> apkPaths = new ArrayList<>();
|
|
294
|
+
apkPaths.add(context.getPackageResourcePath());
|
|
295
|
+
|
|
296
|
+
// 获取所有 split APK 路径(用于资源分割的情况)
|
|
297
|
+
try {
|
|
298
|
+
ApplicationInfo appInfo = context.getPackageManager().getApplicationInfo(
|
|
299
|
+
context.getPackageName(), 0);
|
|
300
|
+
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP && appInfo.splitSourceDirs != null) {
|
|
301
|
+
for (String splitPath : appInfo.splitSourceDirs) {
|
|
302
|
+
apkPaths.add(splitPath);
|
|
303
|
+
if (UpdateContext.DEBUG) {
|
|
304
|
+
Log.d("react-native-update", "Found split APK: " + splitPath);
|
|
305
|
+
}
|
|
306
|
+
}
|
|
307
|
+
}
|
|
308
|
+
} catch (PackageManager.NameNotFoundException e) {
|
|
309
|
+
if (UpdateContext.DEBUG) {
|
|
310
|
+
Log.w("react-native-update", "Failed to get application info: " + e.getMessage());
|
|
311
|
+
}
|
|
312
|
+
}
|
|
313
|
+
|
|
314
|
+
// 第一遍:从所有 APK 中收集所有可用的 zip 条目
|
|
315
|
+
HashMap<String, ZipEntry> availableEntries = new HashMap<>();
|
|
316
|
+
HashMap<String, SafeZipFile> zipFileMap = new HashMap<>(); // 保存每个路径对应的 ZipFile
|
|
317
|
+
HashMap<String, SafeZipFile> entryToZipFileMap = new HashMap<>(); // 保存每个条目对应的 ZipFile
|
|
318
|
+
|
|
319
|
+
for (String apkPath : apkPaths) {
|
|
320
|
+
SafeZipFile zipFile = new SafeZipFile(new File(apkPath));
|
|
321
|
+
zipFileMap.put(apkPath, zipFile);
|
|
322
|
+
Enumeration<? extends ZipEntry> entries = zipFile.entries();
|
|
323
|
+
while (entries.hasMoreElements()) {
|
|
324
|
+
ZipEntry ze = entries.nextElement();
|
|
325
|
+
String entryName = ze.getName();
|
|
326
|
+
// 如果条目已存在,保留第一个(基础 APK 优先)
|
|
327
|
+
if (!availableEntries.containsKey(entryName)) {
|
|
328
|
+
availableEntries.put(entryName, ze);
|
|
329
|
+
entryToZipFileMap.put(entryName, zipFile);
|
|
330
|
+
}
|
|
331
|
+
}
|
|
332
|
+
}
|
|
333
|
+
|
|
334
|
+
// 使用基础 APK 的 ZipFile 作为主要操作对象
|
|
335
|
+
SafeZipFile zipFile = zipFileMap.get(context.getPackageResourcePath());
|
|
336
|
+
|
|
337
|
+
// 处理所有需要复制的文件
|
|
338
|
+
HashMap<String, ArrayList<File>> remainingFiles = new HashMap<>(resToCopy);
|
|
339
|
+
|
|
340
|
+
for (String fromPath : new ArrayList<>(remainingFiles.keySet())) {
|
|
341
|
+
if (UpdateContext.DEBUG) {
|
|
342
|
+
Log.d("react-native-update", "Processing fromPath: " + fromPath);
|
|
343
|
+
}
|
|
344
|
+
ArrayList<File> targets = remainingFiles.get(fromPath);
|
|
345
|
+
if (targets == null || targets.isEmpty()) {
|
|
346
|
+
continue;
|
|
347
|
+
}
|
|
348
|
+
|
|
349
|
+
ZipEntry ze = availableEntries.get(fromPath);
|
|
350
|
+
String actualSourcePath = fromPath;
|
|
351
|
+
|
|
352
|
+
// 如果文件不存在,尝试 fallback
|
|
353
|
+
if (ze == null) {
|
|
354
|
+
if (UpdateContext.DEBUG) {
|
|
355
|
+
Log.d("react-native-update", "File not found in APK: " + fromPath + ", trying fallback");
|
|
356
|
+
}
|
|
357
|
+
// 找到对应的 to 路径(从 copiesMap 的反向查找)
|
|
358
|
+
String toPath = null;
|
|
359
|
+
for (String to : copiesMap.keySet()) {
|
|
360
|
+
if (copiesMap.get(to).equals(fromPath)) {
|
|
361
|
+
toPath = to;
|
|
362
|
+
break;
|
|
363
|
+
}
|
|
364
|
+
}
|
|
365
|
+
|
|
366
|
+
if (toPath != null) {
|
|
367
|
+
if (UpdateContext.DEBUG) {
|
|
368
|
+
Log.d("react-native-update", "Found toPath: " + toPath + " for fromPath: " + fromPath);
|
|
369
|
+
}
|
|
370
|
+
String fallbackFromPath = findDrawableFallback(toPath, copiesMap, availableEntries);
|
|
371
|
+
if (fallbackFromPath != null) {
|
|
372
|
+
ze = availableEntries.get(fallbackFromPath);
|
|
373
|
+
actualSourcePath = fallbackFromPath;
|
|
374
|
+
// 确保 fallback 路径也在 entryToZipFileMap 中
|
|
375
|
+
if (!entryToZipFileMap.containsKey(fallbackFromPath)) {
|
|
376
|
+
// 查找包含该 fallback 路径的 ZipFile
|
|
377
|
+
for (String apkPath : apkPaths) {
|
|
378
|
+
SafeZipFile testZipFile = zipFileMap.get(apkPath);
|
|
379
|
+
if (testZipFile != null) {
|
|
380
|
+
try {
|
|
381
|
+
ZipEntry testEntry = testZipFile.getEntry(fallbackFromPath);
|
|
382
|
+
if (testEntry != null) {
|
|
383
|
+
entryToZipFileMap.put(fallbackFromPath, testZipFile);
|
|
384
|
+
break;
|
|
385
|
+
}
|
|
386
|
+
} catch (Exception e) {
|
|
387
|
+
// 继续查找
|
|
388
|
+
}
|
|
389
|
+
}
|
|
390
|
+
}
|
|
391
|
+
}
|
|
392
|
+
if (UpdateContext.DEBUG) {
|
|
393
|
+
Log.w("react-native-update", "Using fallback: " + fallbackFromPath + " for " + fromPath);
|
|
394
|
+
}
|
|
395
|
+
} else {
|
|
396
|
+
if (UpdateContext.DEBUG) {
|
|
397
|
+
Log.w("react-native-update", "No fallback found for: " + fromPath + " (toPath: " + toPath + ")");
|
|
398
|
+
}
|
|
399
|
+
}
|
|
400
|
+
} else {
|
|
401
|
+
if (UpdateContext.DEBUG) {
|
|
402
|
+
Log.w("react-native-update", "No toPath found for fromPath: " + fromPath);
|
|
403
|
+
}
|
|
404
|
+
}
|
|
405
|
+
}
|
|
406
|
+
|
|
407
|
+
if (ze != null) {
|
|
291
408
|
File lastTarget = null;
|
|
292
409
|
for (File target: targets) {
|
|
293
410
|
if (UpdateContext.DEBUG) {
|
|
294
|
-
Log.d("react-native-update", "Copying from resource " +
|
|
411
|
+
Log.d("react-native-update", "Copying from resource " + actualSourcePath + " to " + target);
|
|
295
412
|
}
|
|
296
|
-
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
413
|
+
try {
|
|
414
|
+
// 确保目标文件的父目录存在
|
|
415
|
+
File parentDir = target.getParentFile();
|
|
416
|
+
if (parentDir != null && !parentDir.exists()) {
|
|
417
|
+
parentDir.mkdirs();
|
|
418
|
+
}
|
|
419
|
+
|
|
420
|
+
if (lastTarget != null) {
|
|
421
|
+
copyFile(lastTarget, target);
|
|
422
|
+
} else {
|
|
423
|
+
// 从保存的映射中获取包含该条目的 ZipFile
|
|
424
|
+
SafeZipFile sourceZipFile = entryToZipFileMap.get(actualSourcePath);
|
|
425
|
+
if (sourceZipFile == null) {
|
|
426
|
+
sourceZipFile = zipFile; // 回退到基础 APK
|
|
427
|
+
}
|
|
428
|
+
sourceZipFile.unzipToFile(ze, target);
|
|
429
|
+
lastTarget = target;
|
|
430
|
+
}
|
|
431
|
+
} catch (IOException e) {
|
|
432
|
+
if (UpdateContext.DEBUG) {
|
|
433
|
+
Log.w("react-native-update", "Failed to copy resource " + actualSourcePath + " to " + target + ": " + e.getMessage());
|
|
434
|
+
}
|
|
435
|
+
// 继续处理下一个目标
|
|
301
436
|
}
|
|
302
437
|
}
|
|
438
|
+
remainingFiles.remove(fromPath);
|
|
303
439
|
}
|
|
304
440
|
}
|
|
305
|
-
|
|
441
|
+
|
|
442
|
+
// 处理剩余的文件(如果还有的话)
|
|
443
|
+
if (!remainingFiles.isEmpty() && UpdateContext.DEBUG) {
|
|
444
|
+
for (String fromPath : remainingFiles.keySet()) {
|
|
445
|
+
Log.w("react-native-update", "Resource not found and no fallback available: " + fromPath);
|
|
446
|
+
}
|
|
447
|
+
}
|
|
448
|
+
|
|
449
|
+
// 关闭所有 ZipFile
|
|
450
|
+
for (SafeZipFile zf : zipFileMap.values()) {
|
|
451
|
+
zf.close();
|
|
452
|
+
}
|
|
306
453
|
}
|
|
307
454
|
|
|
308
455
|
private void doPatchFromApk(DownloadTaskParams param) throws IOException, JSONException {
|
|
@@ -311,8 +458,7 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
|
|
|
311
458
|
removeDirectory(param.unzipDirectory);
|
|
312
459
|
param.unzipDirectory.mkdirs();
|
|
313
460
|
HashMap<String, ArrayList<File>> copyList = new HashMap<String, ArrayList<File>>();
|
|
314
|
-
HashMap<String,
|
|
315
|
-
Boolean isV2 = false;
|
|
461
|
+
HashMap<String, String> copiesMap = new HashMap<String, String>(); // to -> from 映射
|
|
316
462
|
|
|
317
463
|
boolean foundDiff = false;
|
|
318
464
|
boolean foundBundlePatch = false;
|
|
@@ -331,58 +477,32 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
|
|
|
331
477
|
JSONObject obj = (JSONObject)new JSONTokener(json).nextValue();
|
|
332
478
|
|
|
333
479
|
JSONObject copies = obj.getJSONObject("copies");
|
|
334
|
-
JSONObject copiesv2 = obj.getJSONObject("copiesv2");
|
|
335
480
|
Iterator<?> keys = copies.keys();
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
String to = copiesv2.getString(from);
|
|
342
|
-
if (from.isEmpty()) {
|
|
343
|
-
from = to;
|
|
344
|
-
}
|
|
345
|
-
ArrayList<File> target = null;
|
|
346
|
-
if (!copiesv2List.containsKey(from)) {
|
|
347
|
-
target = new ArrayList<File>();
|
|
348
|
-
copiesv2List.put(from, target);
|
|
349
|
-
} else {
|
|
350
|
-
target = copiesv2List.get((from));
|
|
351
|
-
}
|
|
352
|
-
File toFile = new File(param.unzipDirectory, to);
|
|
353
|
-
|
|
354
|
-
// Fixing a Zip Path Traversal Vulnerability
|
|
355
|
-
// https://support.google.com/faqs/answer/9294009
|
|
356
|
-
String canonicalPath = toFile.getCanonicalPath();
|
|
357
|
-
if (!canonicalPath.startsWith(param.unzipDirectory.getCanonicalPath() + File.separator)) {
|
|
358
|
-
throw new SecurityException("Illegal name: " + to);
|
|
359
|
-
}
|
|
360
|
-
target.add(toFile);
|
|
481
|
+
while( keys.hasNext() ) {
|
|
482
|
+
String to = (String)keys.next();
|
|
483
|
+
String from = copies.getString(to);
|
|
484
|
+
if (from.isEmpty()) {
|
|
485
|
+
from = to;
|
|
361
486
|
}
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
|
|
366
|
-
|
|
367
|
-
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
} else {
|
|
374
|
-
target = copyList.get((from));
|
|
375
|
-
}
|
|
376
|
-
File toFile = new File(param.unzipDirectory, to);
|
|
487
|
+
// 保存 copies 映射关系(to -> from)
|
|
488
|
+
copiesMap.put(to, from);
|
|
489
|
+
|
|
490
|
+
ArrayList<File> target = null;
|
|
491
|
+
if (!copyList.containsKey(from)) {
|
|
492
|
+
target = new ArrayList<File>();
|
|
493
|
+
copyList.put(from, target);
|
|
494
|
+
} else {
|
|
495
|
+
target = copyList.get((from));
|
|
496
|
+
}
|
|
497
|
+
File toFile = new File(param.unzipDirectory, to);
|
|
377
498
|
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
382
|
-
|
|
383
|
-
}
|
|
384
|
-
target.add(toFile);
|
|
499
|
+
// Fixing a Zip Path Traversal Vulnerability
|
|
500
|
+
// https://support.google.com/faqs/answer/9294009
|
|
501
|
+
String canonicalPath = toFile.getCanonicalPath();
|
|
502
|
+
if (!canonicalPath.startsWith(param.unzipDirectory.getCanonicalPath() + File.separator)) {
|
|
503
|
+
throw new SecurityException("Illegal name: " + to);
|
|
385
504
|
}
|
|
505
|
+
target.add(toFile);
|
|
386
506
|
}
|
|
387
507
|
continue;
|
|
388
508
|
}
|
|
@@ -411,12 +531,15 @@ class DownloadTask extends AsyncTask<DownloadTaskParams, long[], Void> {
|
|
|
411
531
|
throw new Error("bundle patch not found");
|
|
412
532
|
}
|
|
413
533
|
|
|
414
|
-
if(
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
534
|
+
if (UpdateContext.DEBUG) {
|
|
535
|
+
Log.d("react-native-update", "copyList size: " + copyList.size() + ", copiesMap size: " + copiesMap.size());
|
|
536
|
+
for (String from : copyList.keySet()) {
|
|
537
|
+
Log.d("react-native-update", "copyList entry: " + from + " -> " + copyList.get(from).size() + " targets");
|
|
538
|
+
}
|
|
418
539
|
}
|
|
419
540
|
|
|
541
|
+
copyFromResource(copyList, copiesMap);
|
|
542
|
+
|
|
420
543
|
if (UpdateContext.DEBUG) {
|
|
421
544
|
Log.d("react-native-update", "Unzip finished");
|
|
422
545
|
}
|
|
@@ -66,9 +66,8 @@ public class SafeZipFile extends ZipFile {
|
|
|
66
66
|
throw new SecurityException("Illegal name: " + name);
|
|
67
67
|
}
|
|
68
68
|
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
}
|
|
69
|
+
|
|
70
|
+
Log.d("react-native-update", "Unzipping " + name);
|
|
72
71
|
|
|
73
72
|
if (ze.isDirectory()) {
|
|
74
73
|
target.mkdirs();
|
|
@@ -19,7 +19,7 @@ public class UpdateContext {
|
|
|
19
19
|
private File rootDir;
|
|
20
20
|
private Executor executor;
|
|
21
21
|
|
|
22
|
-
public static boolean DEBUG =
|
|
22
|
+
public static boolean DEBUG = true;
|
|
23
23
|
private static ReactInstanceManager mReactInstanceManager;
|
|
24
24
|
private static boolean isUsingBundleUrl = false;
|
|
25
25
|
|