diff --git a/android/src/main/java/cn/reactnative/modules/update/DownloadTask.java b/android/src/main/java/cn/reactnative/modules/update/DownloadTask.java index 5aac5d58..abac0459 100644 --- a/android/src/main/java/cn/reactnative/modules/update/DownloadTask.java +++ b/android/src/main/java/cn/reactnative/modules/update/DownloadTask.java @@ -252,19 +252,41 @@ private void doFullPatch(DownloadTaskParams param) throws IOException { } } - private void copyFromResource(HashMap > resToCopy, HashMap> resToCopy2) throws IOException { + private void copyFromResource(HashMap > resToCopy) throws IOException { SafeZipFile zipFile = new SafeZipFile(new File(context.getPackageResourcePath())); Enumeration entries = zipFile.entries(); while (entries.hasMoreElements()) { ZipEntry ze = entries.nextElement(); + String fn = ze.getName(); + ArrayList targets = resToCopy.get(fn); + if (targets != null) { + File lastTarget = null; + for (File target: targets) { + if (UpdateContext.DEBUG) { + Log.d("react-native-update", "Copying from resource " + fn + " to " + target); + } + if (lastTarget != null) { + copyFile(lastTarget, target); + } else { + zipFile.unzipToFile(ze, target); + lastTarget = target; + } + } + } + } + zipFile.close(); + } + + private void copyFromResourceV2(HashMap> resToCopy2) throws IOException { + SafeZipFile zipFile = new SafeZipFile(new File(context.getPackageResourcePath())); + Enumeration entries = zipFile.entries(); + while (entries.hasMoreElements()) { + ZipEntry ze = entries.nextElement(); String fn = ze.getName(); long zipCrc32 = ze.getCrc(); String crc32Decimal = getCRC32AsDecimal(zipCrc32); ArrayList targets = resToCopy2.get(crc32Decimal); - if(targets==null || targets.isEmpty()){ - targets = resToCopy.get(fn); - } if (targets != null) { File lastTarget = null; for (File target: targets) { @@ -290,6 +312,7 @@ private void doPatchFromApk(DownloadTaskParams param) throws IOException, JSONEx param.unzipDirectory.mkdirs(); HashMap> copyList = new HashMap>(); HashMap> copiesv2List = new HashMap>(); + Boolean isV2 = false; boolean foundDiff = false; boolean foundBundlePatch = false; @@ -310,53 +333,56 @@ private void doPatchFromApk(DownloadTaskParams param) throws IOException, JSONEx JSONObject copies = obj.getJSONObject("copies"); JSONObject copiesv2 = obj.getJSONObject("copiesv2"); Iterator keys = copies.keys(); - Iterator keys2 = copiesv2.keys(); - while( keys.hasNext() ) { - String to = (String)keys.next(); - String from = copies.getString(to); - if (from.isEmpty()) { - from = to; + Iterator keysV2 = copiesv2.keys(); + if(keysV2.hasNext()){ + isV2 = true; + while( keysV2.hasNext() ) { + String from = (String)keysV2.next(); + String to = copiesv2.getString(from); + if (from.isEmpty()) { + from = to; + } + ArrayList target = null; + if (!copiesv2List.containsKey(from)) { + target = new ArrayList(); + copiesv2List.put(from, target); + } else { + target = copiesv2List.get((from)); + } + File toFile = new File(param.unzipDirectory, to); + + // Fixing a Zip Path Traversal Vulnerability + // https://support.google.com/faqs/answer/9294009 + String canonicalPath = toFile.getCanonicalPath(); + if (!canonicalPath.startsWith(param.unzipDirectory.getCanonicalPath() + File.separator)) { + throw new SecurityException("Illegal name: " + to); + } + target.add(toFile); } - ArrayList target = null; - if (!copyList.containsKey(from)) { - target = new ArrayList(); - copyList.put(from, target); - } else { - target = copyList.get((from)); - } - File toFile = new File(param.unzipDirectory, to); - - // Fixing a Zip Path Traversal Vulnerability - // https://support.google.com/faqs/answer/9294009 - String canonicalPath = toFile.getCanonicalPath(); - if (!canonicalPath.startsWith(param.unzipDirectory.getCanonicalPath() + File.separator)) { - throw new SecurityException("Illegal name: " + to); + }else{ + while( keys.hasNext() ) { + String to = (String)keys.next(); + String from = copies.getString(to); + if (from.isEmpty()) { + from = to; + } + ArrayList target = null; + if (!copyList.containsKey(from)) { + target = new ArrayList(); + copyList.put(from, target); + } else { + target = copyList.get((from)); + } + File toFile = new File(param.unzipDirectory, to); + + // Fixing a Zip Path Traversal Vulnerability + // https://support.google.com/faqs/answer/9294009 + String canonicalPath = toFile.getCanonicalPath(); + if (!canonicalPath.startsWith(param.unzipDirectory.getCanonicalPath() + File.separator)) { + throw new SecurityException("Illegal name: " + to); + } + target.add(toFile); } - target.add(toFile); - } - - while( keys2.hasNext() ) { - String from = (String)keys2.next(); - String to = copiesv2.getString(from); - if (from.isEmpty()) { - from = to; - } - ArrayList target = null; - if (!copiesv2List.containsKey(from)) { - target = new ArrayList(); - copiesv2List.put(from, target); - } else { - target = copiesv2List.get((from)); - } - File toFile = new File(param.unzipDirectory, to); - - // Fixing a Zip Path Traversal Vulnerability - // https://support.google.com/faqs/answer/9294009 - String canonicalPath = toFile.getCanonicalPath(); - if (!canonicalPath.startsWith(param.unzipDirectory.getCanonicalPath() + File.separator)) { - throw new SecurityException("Illegal name: " + to); - } - target.add(toFile); } continue; } @@ -385,7 +411,11 @@ private void doPatchFromApk(DownloadTaskParams param) throws IOException, JSONEx throw new Error("bundle patch not found"); } - copyFromResource(copyList, copiesv2List); + if(isV2){ + copyFromResourceV2(copiesv2List); + }else{ + copyFromResource(copyList); + } if (UpdateContext.DEBUG) { Log.d("react-native-update", "Unzip finished");