Skip to content

Instantly share code, notes, and snippets.

@april
Last active November 25, 2024 02:43
Show Gist options
  • Save april/3da7c3720b0d9f3ee7dc9a95f623578d to your computer and use it in GitHub Desktop.
Save april/3da7c3720b0d9f3ee7dc9a95f623578d to your computer and use it in GitHub Desktop.
find all apps using Electron and their versions, on macOS systems
# latest supported electron version as of october 2024
LATEST_SUPPORTED_VERSION=30
RED='\033[0;31m'
GREEN='\033[0;32m'
NC='\033[0m' # no color
mdfind "kind:app" 2>/dev/null | sort -u | while read app;
do
filename="$app/Contents/Frameworks/Electron Framework.framework/Electron Framework"
if [[ -f $filename ]]; then
appname=$(echo $app | awk -F'/' '{print $NF}')
electronVersion=$(strings "$filename" | grep "Chrome/" | grep -i Electron | grep -v '%s' | sort -u | cut -f 3 -d '/')
major=$(echo $electronVersion | awk -F'.' '{print $1}')
if [ "$major" -lt "$LATEST_SUPPORTED_VERSION" ]; then
printf "App Name: ${RED}${appname}${NC}\n"
else
printf "App Name: ${GREEN}${appname}${NC}\n"
fi
echo "Electron Version: ${electronVersion}"
echo -n "File Name: ${filename}"
echo -e "\n"
fi
done
@janvhs
Copy link

janvhs commented Sep 30, 2023

No that doesn't seem to change anything. Idk maybe mdfind uses the language set via system settings or something

@janvhs
Copy link

janvhs commented Sep 30, 2023

Just changed my mac to English and now it works

@FnTm
Copy link

FnTm commented Oct 5, 2023

Wanted to share a slightly updated version of the script above that we used internally to help make running the script more actionable for our employees. The main change is that it outputs and highlights only the apps that are on unsafe electron versions.

#!/usr/bin/env bash

RED='\033[0;31m'
NC='\033[0m' # No Color

# patched versions for CVE-2023-4863: 22.3.24, 24.8.3, 25.8.1, 26.2.1
mdfind "kind:app" 2>/dev/null | sort -u | while read app;
do
  filename="$app/Contents/Frameworks/Electron Framework.framework/Electron Framework"
  if [[ -f $filename ]]; then

    electronVersion=$(strings "$filename" | grep "Chrome/" | grep -i Electron | grep -v '%s' | sort -u | cut -f 3 -d '/')

    semver=( ${electronVersion//./ } )
    major="${semver[0]}"
    minor="${semver[1]}"
    patch="${semver[2]}"
    echo "${major}.${minor}.${patch}"

    if [[ ( $major -lt 22 ) || ( $major == 22 && $minor -lt 3 ) || ( $major == 22 && $minor == 3 && $patch -lt 26 )
    || ( $major == 23 )
    || ( $major == 24 && $minor -lt 8 ) || ( $major == 24 && $minor == 8 && $patch -lt 6 )
    || ( $major == 25 && $minor -lt 8 ) || ( $major == 25 && $minor == 8 && $patch -lt 4 )
    || ( $major == 26 && $minor -lt 2 ) || ( $major == 26 && $minor == 2 && $patch -lt 4 )
    || ( $major == 27 && $minor -lt 0 ) || ( $major == 27 && $minor == 0 && $patch -lt 0 )
     ]]; then
      printf "App Name:          ${RED}$(basename ${app})${NC}\n"
      echo "Electron Version:  $electronVersion"
      echo -n "File Name:         $filename "
      echo -e "\n"
    fi
  fi
done

@april
Copy link
Author

april commented Oct 23, 2024

went ahead and updated the script today:

  • it's no longer specifically looking for CVE versions (since they're all unsupported version now anyways)
  • it does look for unsupported versions, and marks them in red versus green
  • it should now be both bash and zsh compatible

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment