@@ -69,6 +69,7 @@ private void removeDirectory(File file) throws IOException {
6969
7070 private void downloadFile (DownloadTaskParams param ) throws IOException {
7171 String url = param .url ;
72+ Log .d ("😁downloadFile" , url );
7273 File writePath = param .targetFile ;
7374 this .hash = param .hash ;
7475 OkHttpClient client = new OkHttpClient ();
@@ -252,19 +253,41 @@ private void doFullPatch(DownloadTaskParams param) throws IOException {
252253 }
253254 }
254255
255- private void copyFromResource (HashMap <String , ArrayList <File > > resToCopy , HashMap < String , ArrayList < File >> resToCopy2 ) throws IOException {
256+ private void copyFromResource (HashMap <String , ArrayList <File > > resToCopy ) throws IOException {
256257 SafeZipFile zipFile = new SafeZipFile (new File (context .getPackageResourcePath ()));
257258 Enumeration <? extends ZipEntry > entries = zipFile .entries ();
258259 while (entries .hasMoreElements ()) {
259260 ZipEntry ze = entries .nextElement ();
260261
262+ String fn = ze .getName ();
263+ ArrayList <File > targets = resToCopy .get (fn );
264+ if (targets != null ) {
265+ File lastTarget = null ;
266+ for (File target : targets ) {
267+ if (UpdateContext .DEBUG ) {
268+ Log .d ("react-native-update" , "Copying from resource " + fn + " to " + target );
269+ }
270+ if (lastTarget != null ) {
271+ copyFile (lastTarget , target );
272+ } else {
273+ zipFile .unzipToFile (ze , target );
274+ lastTarget = target ;
275+ }
276+ }
277+ }
278+ }
279+ zipFile .close ();
280+ }
281+
282+ private void copyFromResourceV2 (HashMap <String , ArrayList <File >> resToCopy2 ) throws IOException {
283+ SafeZipFile zipFile = new SafeZipFile (new File (context .getPackageResourcePath ()));
284+ Enumeration <? extends ZipEntry > entries = zipFile .entries ();
285+ while (entries .hasMoreElements ()) {
286+ ZipEntry ze = entries .nextElement ();
261287 String fn = ze .getName ();
262288 long zipCrc32 = ze .getCrc ();
263289 String crc32Decimal = getCRC32AsDecimal (zipCrc32 );
264290 ArrayList <File > targets = resToCopy2 .get (crc32Decimal );
265- if (targets ==null || targets .isEmpty ()){
266- targets = resToCopy .get (fn );
267- }
268291 if (targets != null ) {
269292 File lastTarget = null ;
270293 for (File target : targets ) {
@@ -290,6 +313,7 @@ private void doPatchFromApk(DownloadTaskParams param) throws IOException, JSONEx
290313 param .unzipDirectory .mkdirs ();
291314 HashMap <String , ArrayList <File >> copyList = new HashMap <String , ArrayList <File >>();
292315 HashMap <String , ArrayList <File >> copiesv2List = new HashMap <String , ArrayList <File >>();
316+ Boolean isV2 = false ;
293317
294318 boolean foundDiff = false ;
295319 boolean foundBundlePatch = false ;
@@ -310,53 +334,56 @@ private void doPatchFromApk(DownloadTaskParams param) throws IOException, JSONEx
310334 JSONObject copies = obj .getJSONObject ("copies" );
311335 JSONObject copiesv2 = obj .getJSONObject ("copiesv2" );
312336 Iterator <?> keys = copies .keys ();
313- Iterator <?> keys2 = copiesv2 .keys ();
314- while ( keys .hasNext () ) {
315- String to = (String )keys .next ();
316- String from = copies .getString (to );
317- if (from .isEmpty ()) {
318- from = to ;
337+ Iterator <?> keysV2 = copiesv2 .keys ();
338+ if (keysV2 .hasNext ()){
339+ isV2 = true ;
340+ while ( keysV2 .hasNext () ) {
341+ String from = (String )keysV2 .next ();
342+ String to = copiesv2 .getString (from );
343+ if (from .isEmpty ()) {
344+ from = to ;
345+ }
346+ ArrayList <File > target = null ;
347+ if (!copiesv2List .containsKey (from )) {
348+ target = new ArrayList <File >();
349+ copiesv2List .put (from , target );
350+ } else {
351+ target = copiesv2List .get ((from ));
352+ }
353+ File toFile = new File (param .unzipDirectory , to );
354+
355+ // Fixing a Zip Path Traversal Vulnerability
356+ // https://support.google.com/faqs/answer/9294009
357+ String canonicalPath = toFile .getCanonicalPath ();
358+ if (!canonicalPath .startsWith (param .unzipDirectory .getCanonicalPath () + File .separator )) {
359+ throw new SecurityException ("Illegal name: " + to );
360+ }
361+ target .add (toFile );
319362 }
320- ArrayList <File > target = null ;
321- if (!copyList .containsKey (from )) {
322- target = new ArrayList <File >();
323- copyList .put (from , target );
324- } else {
325- target = copyList .get ((from ));
326- }
327- File toFile = new File (param .unzipDirectory , to );
328-
329- // Fixing a Zip Path Traversal Vulnerability
330- // https://support.google.com/faqs/answer/9294009
331- String canonicalPath = toFile .getCanonicalPath ();
332- if (!canonicalPath .startsWith (param .unzipDirectory .getCanonicalPath () + File .separator )) {
333- throw new SecurityException ("Illegal name: " + to );
363+ }else {
364+ while ( keys .hasNext () ) {
365+ String to = (String )keys .next ();
366+ String from = copies .getString (to );
367+ if (from .isEmpty ()) {
368+ from = to ;
369+ }
370+ ArrayList <File > target = null ;
371+ if (!copyList .containsKey (from )) {
372+ target = new ArrayList <File >();
373+ copyList .put (from , target );
374+ } else {
375+ target = copyList .get ((from ));
376+ }
377+ File toFile = new File (param .unzipDirectory , to );
378+
379+ // Fixing a Zip Path Traversal Vulnerability
380+ // https://support.google.com/faqs/answer/9294009
381+ String canonicalPath = toFile .getCanonicalPath ();
382+ if (!canonicalPath .startsWith (param .unzipDirectory .getCanonicalPath () + File .separator )) {
383+ throw new SecurityException ("Illegal name: " + to );
384+ }
385+ target .add (toFile );
334386 }
335- target .add (toFile );
336- }
337-
338- while ( keys2 .hasNext () ) {
339- String from = (String )keys2 .next ();
340- String to = copiesv2 .getString (from );
341- if (from .isEmpty ()) {
342- from = to ;
343- }
344- ArrayList <File > target = null ;
345- if (!copiesv2List .containsKey (from )) {
346- target = new ArrayList <File >();
347- copiesv2List .put (from , target );
348- } else {
349- target = copiesv2List .get ((from ));
350- }
351- File toFile = new File (param .unzipDirectory , to );
352-
353- // Fixing a Zip Path Traversal Vulnerability
354- // https://support.google.com/faqs/answer/9294009
355- String canonicalPath = toFile .getCanonicalPath ();
356- if (!canonicalPath .startsWith (param .unzipDirectory .getCanonicalPath () + File .separator )) {
357- throw new SecurityException ("Illegal name: " + to );
358- }
359- target .add (toFile );
360387 }
361388 continue ;
362389 }
@@ -385,7 +412,11 @@ private void doPatchFromApk(DownloadTaskParams param) throws IOException, JSONEx
385412 throw new Error ("bundle patch not found" );
386413 }
387414
388- copyFromResource (copyList , copiesv2List );
415+ if (isV2 ){
416+ copyFromResourceV2 (copiesv2List );
417+ }else {
418+ copyFromResource (copyList );
419+ }
389420
390421 if (UpdateContext .DEBUG ) {
391422 Log .d ("react-native-update" , "Unzip finished" );
0 commit comments