gpt4 book ai didi

android - Google Play 和 OpenSSL 警告消息

转载 作者:行者123 更新时间:2023-12-03 06:06:38 29 4
gpt4 key购买 nike

我刚收到一封来自 Google Play 的电子邮件,内容是:

Hello,

One or more of your apps is running an outdated version of OpenSSL, which has multiple security vulnerabilities. You should update OpenSSL as soon as possible. For more information about the most recent security vulnerability in OpenSSL, please see http://www.openssl.org/news/secadv_20140605.txt.

Please note, while it's unclear whether these specific issues affect your application, applications with vulnerabilities that expose users to risk of compromise may be considered “dangerous products” and subject to removal from Google Play.

Regards,

Google Play Team

©2014 Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043

Email preferences: You have received this mandatory email service announcement to update you about important changes to your Google Play account.



我没有在我的任何应用程序中明确包含 OpenSSL。使用 Android NDK 的应用程序使用的是 NDK 9d(最新)。我使用的唯一外部 native 库是 ffmpeg 和 OpenCV 以及一些不包含 native 代码的广告库。

OpenSSL 还可以包含在哪里导致此警告?

问候,

最佳答案

我编写了一个 bash 脚本,它将显示应用程序中静态链接的任何内容的 OpenSSL 版本,以及是否包含 TLS 心跳方法。

这适用于我扔给它的一些 APK。 OpenSSL 版本字符串是专门提取的,带有版本号和日期。如果 Google 标记了 APK 并且无法找到它,请将 egrep 命令中的 OpenSSL 正则表达式放宽为“OpenSSL”,然后查看它的位置。

将以下内容放入文件中,例如测试openssl.sh

用法:./testopenssl.sh APK_File

#!/bin/bash
sslworkdir="ssl_work_dir"
if [ ! -d $sslworkdir ]; then
mkdir $sslworkdir
fi
unzip -q "$1" -d $sslworkdir
#Set delimiter to ignore spaces
IFS=$'\r\n'
#Create an array of OpenSSL version strings
opensslarr=($(egrep --binary-files=text -o -R -e "OpenSSL\s\d+\.\d+\.\d+\w+\s\d+\s\w+\s\d+" $sslworkdir/*))
#Stackoverflow syntax highlight fix closing 'block comment' */
if [ ${#opensslarr[@]} -gt 0 ]; then
echo "Found OpenSSL versions"
printf "%s\n" "${opensslarr[@]}"
heartbeatarr=($(grep -R -E "(tls1_process_heartbeat|dtls1_process_heartbeat|dtls1_heartbeat|tls1_hearbeat)" $sslworkdir/*))
#Stackoverflow syntax highlight fix closing 'block comment' */
if [ ${#heartbeatarr[@]} -gt 0 ]; then
echo "Files that contains heartbeat methods:"
printf "%s\n" "${heartbeatarr[@]}"
else
echo "No libraries contain heartbeat methods"
fi
else
echo "Did not find OpenSSL"
fi
rm -rf $sslworkdir

关于android - Google Play 和 OpenSSL 警告消息,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38390922/

29 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com