Skip to content

Prevent arbitrary file writes with malicious resource names. #751

Prevent arbitrary file writes with malicious resource names.

Prevent arbitrary file writes with malicious resource names. #751

Workflow file for this run

name: CI
on:
push:
branches:
- master
pull_request:
paths:
- '**.java'
- '**.kts'
- 'brut.apktool/apktool-lib/src/main/resources/**'
- 'brut.apktool/apktool-lib/src/test/**'
- '.github/workflows/**'
- 'gradle/libs.versions.toml'
- 'gradle/wrapper/**'
- 'gradlew'
- 'gradlew.bat'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
BINARY_PATH: brut.apktool/apktool-lib/src/main/resources/prebuilt
jobs:
analyze-mac-aapt:
runs-on: macos-latest
strategy:
matrix:
file: [ aapt_64, aapt2_64 ]
steps:
- uses: actions/checkout@v4
- name: Verify Executable
run: ${{ env.BINARY_PATH }}/macosx/${{ matrix.file }} version
- name: Output Static
run: otool -L ${{ env.BINARY_PATH }}/macosx/${{ matrix.file }} || true
analyze-linux-aapt:
runs-on: ubuntu-latest
strategy:
matrix:
file: [ aapt, aapt_64, aapt2, aapt2_64 ]
steps:
- uses: actions/checkout@v4
- name: Verify Executable
run: ${{ env.BINARY_PATH }}/linux/${{ matrix.file }} version
- name: Output Static
run: ldd ${{ env.BINARY_PATH }}/linux/${{ matrix.file }} || true
analyze-windows-aapt:
runs-on: windows-latest
strategy:
matrix:
file: [ aapt.exe, aapt_64.exe, aapt2.exe, aapt2_64.exe ]
steps:
- uses: actions/checkout@v4
- name: Verify Executable
run: ${{ env.BINARY_PATH }}/windows/${{ matrix.file }} version
- name: Output Static
run: ldd ${{ env.BINARY_PATH }}/windows/${{ matrix.file }} || true
build-and-test-with-Java-8-and-later:
runs-on: ${{ matrix.os }}
needs:
- analyze-mac-aapt
- analyze-linux-aapt
- analyze-windows-aapt
name: Build/Test (JDK ${{ matrix.java }}, ${{ matrix.os }})
strategy:
fail-fast: true
matrix:
os: [ ubuntu-latest, macOS-latest, windows-latest ]
java: [ 8, 11, 17, 21 ]
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: ${{ matrix.java }}
- name: Build and test
uses: gradle/[email protected]
with:
arguments: build shadowJar proguard
upload-artifact:
runs-on: ubuntu-latest
name: Build apktool.jar
if: github.repository == 'iBotPeaches/Apktool' && github.ref == 'refs/heads/master'
needs:
- build-and-test-with-Java-8-and-later
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: 17
- name: Build
uses: gradle/[email protected]
with:
dependency-graph: generate-and-submit
arguments: build shadowJar proguard
- name: Upload
uses: actions/upload-artifact@v3
with:
name: apktool.jar
path: brut.apktool/apktool-cli/build/libs/apktool-v*