How do I search the .jar files for Openssl on my MAC?
You can check the JAR files with the following script:
#!/usr/bin/env bash
JAR_FILES=("httpmime-4.1.3.jar"
"libGoogleAnalyticsServices.jar"
"opentok-android-sdk-2.3.1.jar"
"sc-light-jdk15on-1.47.0.2.jar"
"scpkix-jdk15on-1.47.0.2.jar"
"scprov-jdk15on-1.47.0.2.jar"
"socketio.jar")
for jar_file in "${JAR_FILES[@]}"
do
echo "************ $jar_file ************"
grep '1.0.1h' "$jar_file"
done
You should replace the string '1.0.1h' with the vulnerable OpenSSL version being reported to you. Be sure to retain the single quote because the period is a literal in 1.0.1h.
Another way to do it is:
find /Users/joon/work/androidApp/ -name '*.jar' -exec grep 'Openssl.class' {} \;
Or:
find /Users/joon/work/androidApp/ -name '*.jar' -exec grep '1.0.1h' {} \;
On OS X, this is helpful too:
find "$HOME" -name '.DS_Store' -exec rm -f {} \;
It removes those .DS_Store files that get created in every directory and subsequently added to archives like ZIP files.