Last active
November 25, 2024 02:43
-
-
Save april/3da7c3720b0d9f3ee7dc9a95f623578d to your computer and use it in GitHub Desktop.
find all apps using Electron and their versions, on macOS systems
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# latest supported electron version as of october 2024 | |
LATEST_SUPPORTED_VERSION=30 | |
RED='\033[0;31m' | |
GREEN='\033[0;32m' | |
NC='\033[0m' # no color | |
mdfind "kind:app" 2>/dev/null | sort -u | while read app; | |
do | |
filename="$app/Contents/Frameworks/Electron Framework.framework/Electron Framework" | |
if [[ -f $filename ]]; then | |
appname=$(echo $app | awk -F'/' '{print $NF}') | |
electronVersion=$(strings "$filename" | grep "Chrome/" | grep -i Electron | grep -v '%s' | sort -u | cut -f 3 -d '/') | |
major=$(echo $electronVersion | awk -F'.' '{print $1}') | |
if [ "$major" -lt "$LATEST_SUPPORTED_VERSION" ]; then | |
printf "App Name: ${RED}${appname}${NC}\n" | |
else | |
printf "App Name: ${GREEN}${appname}${NC}\n" | |
fi | |
echo "Electron Version: ${electronVersion}" | |
echo -n "File Name: ${filename}" | |
echo -e "\n" | |
fi | |
done |
Just changed my mac to English and now it works
Wanted to share a slightly updated version of the script above that we used internally to help make running the script more actionable for our employees. The main change is that it outputs and highlights only the apps that are on unsafe electron versions.
#!/usr/bin/env bash
RED='\033[0;31m'
NC='\033[0m' # No Color
# patched versions for CVE-2023-4863: 22.3.24, 24.8.3, 25.8.1, 26.2.1
mdfind "kind:app" 2>/dev/null | sort -u | while read app;
do
filename="$app/Contents/Frameworks/Electron Framework.framework/Electron Framework"
if [[ -f $filename ]]; then
electronVersion=$(strings "$filename" | grep "Chrome/" | grep -i Electron | grep -v '%s' | sort -u | cut -f 3 -d '/')
semver=( ${electronVersion//./ } )
major="${semver[0]}"
minor="${semver[1]}"
patch="${semver[2]}"
echo "${major}.${minor}.${patch}"
if [[ ( $major -lt 22 ) || ( $major == 22 && $minor -lt 3 ) || ( $major == 22 && $minor == 3 && $patch -lt 26 )
|| ( $major == 23 )
|| ( $major == 24 && $minor -lt 8 ) || ( $major == 24 && $minor == 8 && $patch -lt 6 )
|| ( $major == 25 && $minor -lt 8 ) || ( $major == 25 && $minor == 8 && $patch -lt 4 )
|| ( $major == 26 && $minor -lt 2 ) || ( $major == 26 && $minor == 2 && $patch -lt 4 )
|| ( $major == 27 && $minor -lt 0 ) || ( $major == 27 && $minor == 0 && $patch -lt 0 )
]]; then
printf "App Name: ${RED}$(basename ${app})${NC}\n"
echo "Electron Version: $electronVersion"
echo -n "File Name: $filename "
echo -e "\n"
fi
fi
done
went ahead and updated the script today:
- it's no longer specifically looking for CVE versions (since they're all unsupported version now anyways)
- it does look for unsupported versions, and marks them in red versus green
- it should now be both
bash
andzsh
compatible
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
No that doesn't seem to change anything. Idk maybe mdfind uses the language set via system settings or something