Commit Graph

2147 Commits

Author SHA1 Message Date
Connor Tumbleson
cc501d05a5
fix: remove enforcement on aligned namespaces (#3587) 2024-05-03 06:41:40 -04:00
Connor Tumbleson
53aa743014
build: support kotlin during CodeQL processing 2024-04-29 06:47:11 -04:00
dependabot[bot]
b272705da2
build(deps): bump gradle/actions from 3.3.1 to 3.3.2 (#3586)
Bumps [gradle/actions](https://github.com/gradle/actions) from 3.3.1 to 3.3.2.
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](https://github.com/gradle/actions/compare/v3.3.1...v3.3.2)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-29 06:38:30 -04:00
dependabot[bot]
938d1730f0
build(deps): bump org.xmlunit:xmlunit-legacy from 2.9.1 to 2.10.0 (#3585)
Bumps [org.xmlunit:xmlunit-legacy](https://github.com/xmlunit/xmlunit) from 2.9.1 to 2.10.0.
- [Release notes](https://github.com/xmlunit/xmlunit/releases)
- [Changelog](https://github.com/xmlunit/xmlunit/blob/main/RELEASE_NOTES.md)
- [Commits](https://github.com/xmlunit/xmlunit/compare/v2.9.1...v2.10.0)

---
updated-dependencies:
- dependency-name: org.xmlunit:xmlunit-legacy
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-29 06:29:56 -04:00
Connor Tumbleson
a2df2541e7
fix: properly record compression of non-main classes.dex files (#3584) 2024-04-26 07:19:43 -04:00
Pavel
6436e7c090
Correct wording in CLI usage messages (#3579)
Co-authored-by: ProgerXP <proger.xp@gmail.com>
2024-04-26 05:59:52 -04:00
dependabot[bot]
fbe717f793
build(deps): bump commons-cli:commons-cli from 1.6.0 to 1.7.0 (#3577)
Bumps commons-cli:commons-cli from 1.6.0 to 1.7.0.

---
updated-dependencies:
- dependency-name: commons-cli:commons-cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-22 07:16:12 -04:00
dependabot[bot]
edd3323ac3
build(deps): bump org.apache.commons:commons-text from 1.11.0 to 1.12.0 (#3576)
Bumps org.apache.commons:commons-text from 1.11.0 to 1.12.0.

---
updated-dependencies:
- dependency-name: org.apache.commons:commons-text
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-22 06:55:25 -04:00
dependabot[bot]
1a9713653c
build(deps): bump gradle/actions from 3.3.0 to 3.3.1 (#3575)
Bumps [gradle/actions](https://github.com/gradle/actions) from 3.3.0 to 3.3.1.
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](https://github.com/gradle/actions/compare/v3.3.0...v3.3.1)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-22 06:54:34 -04:00
dependabot[bot]
a2c2d011ff
build(deps): bump gradle/wrapper-validation-action from 2.1.2 to 3.3.0 (#3572)
* build(deps): bump gradle/wrapper-validation-action from 2.1.2 to 3.3.0

Bumps [gradle/wrapper-validation-action](https://github.com/gradle/wrapper-validation-action) from 2.1.2 to 3.3.0.
- [Release notes](https://github.com/gradle/wrapper-validation-action/releases)
- [Commits](https://github.com/gradle/wrapper-validation-action/compare/v2.1.2...v3.3.0)

---
updated-dependencies:
- dependency-name: gradle/wrapper-validation-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* build: move to 'gradle/actions/wrapper-validation'

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Connor Tumbleson <connor.tumbleson@gmail.com>
2024-04-16 06:35:20 -04:00
dependabot[bot]
f253142828
build(deps): bump gradle/actions from 3.2.0 to 3.3.0 (#3571)
Bumps [gradle/actions](https://github.com/gradle/actions) from 3.2.0 to 3.3.0.
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](https://github.com/gradle/actions/compare/v3.2.0...v3.3.0)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-16 06:16:38 -04:00
dependabot[bot]
89548038b9
build(deps): bump commons-io:commons-io from 2.16.0 to 2.16.1 (#3570)
Bumps commons-io:commons-io from 2.16.0 to 2.16.1.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-16 06:10:16 -04:00
dependabot[bot]
0144f9c83a
build(deps): bump gradle/actions from 3.1.0 to 3.2.0 (#3566)
Bumps [gradle/actions](https://github.com/gradle/actions) from 3.1.0 to 3.2.0.
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](https://github.com/gradle/actions/compare/v3.1.0...v3.2.0)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-08 06:38:39 -04:00
Connor Tumbleson
e69ecb578d
Reproducible Builds (#3559)
* fix: remove ShadowJar plugin

 - unable to control file dates of archive entries

* refactor: use native Gradle "fatJar" method

* refactor: drop proguard for r8

* fix: wire up R8

* wip: remove fail-fast

* Revert "wip: remove fail-fast"

This reverts commit 5d005bf82e87c89efa5552ee8f8e9c0a569aea0d.

* fix: suppress unused proguard keep messages

* fix: require java11+ for r8
2024-04-07 11:45:55 -04:00
Connor Tumbleson
25826db417
feat: update internal framework to API 34 (Vanilla Ice Cream Preview) (#3537) 2024-04-01 19:51:10 -04:00
dependabot[bot]
1de5c9800a
build(deps): bump commons-io:commons-io from 2.15.1 to 2.16.0 (#3560)
Bumps commons-io:commons-io from 2.15.1 to 2.16.0.

---
updated-dependencies:
- dependency-name: commons-io:commons-io
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-04-01 19:46:10 -04:00
dependabot[bot]
36760ac2a9
build(deps): bump gradle/wrapper-validation-action from 2.1.1 to 2.1.2 (#3550)
Bumps [gradle/wrapper-validation-action](https://github.com/gradle/wrapper-validation-action) from 2.1.1 to 2.1.2.
- [Release notes](https://github.com/gradle/wrapper-validation-action/releases)
- [Commits](https://github.com/gradle/wrapper-validation-action/compare/v2.1.1...v2.1.2)

---
updated-dependencies:
- dependency-name: gradle/wrapper-validation-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-25 06:34:27 -04:00
Connor Tumbleson
c784f4416e
fix: properly handle stamp-cert-sha256 (#3538) 2024-03-13 20:15:59 -04:00
topminipie
5422bd708a
build(deps): bump actions/upload-artifact from 3 to 4 (#3528) 2024-02-26 06:56:51 -05:00
Connor Tumbleson
a86e0429bc
build: jump to smali/baksmali 3.0.5 (#3519) 2024-02-19 06:45:35 -05:00
dependabot[bot]
cb6bb93218
build(deps): bump gradle/actions from 3.0.0 to 3.1.0 (#3522)
Bumps [gradle/actions](https://github.com/gradle/actions) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](https://github.com/gradle/actions/compare/v3.0.0...v3.1.0)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-19 06:33:56 -05:00
Connor Tumbleson
d892f3daf9
fix: remove validation on start/end tag matching (#3513) 2024-02-13 06:03:31 -05:00
dependabot[bot]
93e100e0fc
build(deps): bump gradle/wrapper-validation-action from 2.0.0 to 2.1.1 (#3515)
Bumps [gradle/wrapper-validation-action](https://github.com/gradle/wrapper-validation-action) from 2.0.0 to 2.1.1.
- [Release notes](https://github.com/gradle/wrapper-validation-action/releases)
- [Commits](https://github.com/gradle/wrapper-validation-action/compare/v2.0.0...v2.1.1)

---
updated-dependencies:
- dependency-name: gradle/wrapper-validation-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-12 06:09:47 -05:00
dependabot[bot]
420eaf719e
build(deps): bump gradle/gradle-build-action from 2.12.0 to 3.0.0 (#3511)
Bumps [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) from 2.12.0 to 3.0.0.
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.12.0...v3.0.0)

---
updated-dependencies:
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-05 19:03:18 -05:00
dependabot[bot]
b5c44028de
build(deps): bump gradle/wrapper-validation-action from 1.1.0 to 2.0.0 (#3510)
Bumps [gradle/wrapper-validation-action](https://github.com/gradle/wrapper-validation-action) from 1.1.0 to 2.0.0.
- [Release notes](https://github.com/gradle/wrapper-validation-action/releases)
- [Commits](https://github.com/gradle/wrapper-validation-action/compare/v1.1.0...v2.0.0)

---
updated-dependencies:
- dependency-name: gradle/wrapper-validation-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-05 06:15:18 -05:00
dependabot[bot]
9dee7cffd2
build(deps): bump com.guardsquare:proguard-gradle from 7.4.1 to 7.4.2 (#3509)
Bumps [com.guardsquare:proguard-gradle](https://github.com/Guardsquare/proguard) from 7.4.1 to 7.4.2.
- [Release notes](https://github.com/Guardsquare/proguard/releases)
- [Commits](https://github.com/Guardsquare/proguard/compare/v7.4.1...v7.4.2)

---
updated-dependencies:
- dependency-name: com.guardsquare:proguard-gradle
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-02-05 06:09:47 -05:00
Matvei
69e54cc952
chore: minor clarity improvement in README.md (#3501) 2024-01-30 11:14:19 -05:00
dependabot[bot]
ecd1b24431
build(deps): bump gradle/gradle-build-action from 2.11.1 to 2.12.0 (#3500)
Bumps [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) from 2.11.1 to 2.12.0.
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.11.1...v2.12.0)

---
updated-dependencies:
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-01-29 06:42:43 -05:00
Connor Tumbleson
fc8498b1d4 test: run path traversal test on Windows 2024-01-18 21:35:00 -05:00
Connor Tumbleson
ea391dcd79 fix: tighten up detectPossibleDirectoryTraversal for Windows 2024-01-18 21:35:00 -05:00
Connor Tumbleson
0a9ec3427b
chore: correct warnings from Qodana scan (#3491) 2024-01-15 07:26:53 -05:00
Connor Tumbleson
69914eb596
refactor: inline runnable on smali disassemble (#3490) 2024-01-14 11:10:10 -05:00
Connor Tumbleson
e08ba75776
build: start new dev cycle (2.10.0-SNAPSHOT) 2024-01-05 07:21:23 -05:00
Connor Tumbleson
6ab728d3eb
Merge branch 'release-2.9.2' 2024-01-05 06:37:52 -05:00
Connor Tumbleson
841db5061a
build: version bump (2.9.2) 2024-01-05 06:29:04 -05:00
Connor Tumbleson
f56de45f38
build: start new dev cycle (2.9.2-SNAPSHOT) 2024-01-05 06:28:51 -05:00
Connor Tumbleson
93e7d6bdbf
Prevent arbitrary file writes with malicious resource names. (#3484)
* refactor: rename sanitize function

* fix: expose getDir

* fix: safe handling of untrusted resource names

 - fixes: GHSA-2hqv-2xv4-5h5w

* test: sample file for GHSA-2hqv-2xv4-5h5w

* refactor: avoid detection of absolute files for resource check

* chore: enable info mode on gradle

* test: skip test on windows

* chore: debug windows handling

* fix: normalize entry with file separators

* fix: normalize filepath after cleansing

* chore: Android paths are not OS specific

* refactor: use java.nio for path traversal checking

* chore: align path separator on Windows for Zip files

* chore: rework towards basic directory traversal

* chore: remove '--info' on build.yml
2024-01-05 06:28:07 -05:00
Connor Tumbleson
d348c43b24
Prevent arbitrary file writes with malicious resource names. (#3484)
* refactor: rename sanitize function

* fix: expose getDir

* fix: safe handling of untrusted resource names

 - fixes: GHSA-2hqv-2xv4-5h5w

* test: sample file for GHSA-2hqv-2xv4-5h5w

* refactor: avoid detection of absolute files for resource check

* chore: enable info mode on gradle

* test: skip test on windows

* chore: debug windows handling

* fix: normalize entry with file separators

* fix: normalize filepath after cleansing

* chore: Android paths are not OS specific

* refactor: use java.nio for path traversal checking

* chore: align path separator on Windows for Zip files

* chore: rework towards basic directory traversal

* chore: remove '--info' on build.yml
2024-01-02 06:11:03 -05:00
dependabot[bot]
e5c88ece1b
build(deps): bump gradle/gradle-build-action from 2.11.0 to 2.11.1 (#3479)
Bumps [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) from 2.11.0 to 2.11.1.
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.11.0...v2.11.1)

---
updated-dependencies:
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-26 07:23:15 -05:00
Connor Tumbleson
85f8de87d2
fix: deprecated is lowercase (#3481) 2023-12-26 07:22:45 -05:00
Connor Tumbleson
e56cb4f743
Support for configuring job count. (#3480)
* feat: make jobs configurable

* chore: remove unused method
2023-12-26 07:11:16 -05:00
Cregrant
81aae6936a
Feature: Parallel Building (#3476)
* perf: process smali code in parallel

Note: backsmali can't be properly multithreaded because of the synchronized methods inside

* perf: start backsmali concurrently with a resources decompiler

* perf: speed up apk building by skipping temp archive creation

Now we're not compressing the same data twice

* refactor: extract duplicated code

* refactor: rename methods and inline some comments
2023-12-26 06:20:26 -05:00
dependabot[bot]
0741664808
build(deps): bump github/codeql-action from 2 to 3 (#3471)
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 06:33:04 -05:00
dependabot[bot]
c916f51252
build(deps): bump gradle/gradle-build-action from 2.10.0 to 2.11.0 (#3470)
Bumps [gradle/gradle-build-action](https://github.com/gradle/gradle-build-action) from 2.10.0 to 2.11.0.
- [Release notes](https://github.com/gradle/gradle-build-action/releases)
- [Commits](https://github.com/gradle/gradle-build-action/compare/v2.10.0...v2.11.0)

---
updated-dependencies:
- dependency-name: gradle/gradle-build-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-18 06:14:45 -05:00
Connor Tumbleson
a9eacf657c
test: assert miui aapt1 patch exists (#3462) 2023-12-08 07:29:28 -05:00
ArjunaKumarMohanta
69dbb335e3
feat: Upgrade gradle to v8.5 (#3459) 2023-12-08 06:05:28 -05:00
Connor Tumbleson
cd9f72938e
docs: update INTERNAL.md with version change guide 2023-12-06 07:05:10 -05:00
Connor Tumbleson
1c3cd41565
build: start new dev cycle (2.9.2-SNAPSHOT) 2023-12-06 06:46:56 -05:00
Connor Tumbleson
077b2009da
build: version bump (2.9.1) 2023-12-05 18:26:28 -05:00
dependabot[bot]
98b34fdd03
build(deps): bump actions/setup-java from 3 to 4 (#3454)
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 3 to 4.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-04 06:08:40 -05:00