[app] Don't treat apps with known-vulnerabilities like real updates

2026-05-02 12:44:05 -04:00 · 2023-01-18 10:36:31 -03:00
parent 6a4b2768c5
commit 7ff61fde50
4 changed files with 61 additions and 19 deletions
--- a/libs/database/src/main/java/org/fdroid/database/DbUpdateChecker.kt
+++ b/libs/database/src/main/java/org/fdroid/database/DbUpdateChecker.kt
@@ -26,7 +26,11 @@ public class DbUpdateChecker @JvmOverloads constructor(
     * @param releaseChannels optional list of release channels to consider on top of stable.
     * If this is null or empty, only versions without channel (stable) will be considered.
     */
-    public fun getUpdatableApps(releaseChannels: List<String>? = null): List<UpdatableApp> {
+    @JvmOverloads
+    public fun getUpdatableApps(
+        releaseChannels: List<String>? = null,
+        includeKnownVulnerabilities: Boolean = false,
+    ): List<UpdatableApp> {
        val updatableApps = ArrayList<UpdatableApp>()

        @Suppress("DEPRECATION") // we'll use this as long as it works, new one was broken
@@ -40,7 +44,14 @@ public class DbUpdateChecker @JvmOverloads constructor(
        installedPackages.iterator().forEach { packageInfo ->
            val packageName = packageInfo.packageName
            val versions = versionsByPackage[packageName] ?: return@forEach // continue
-            val version = getVersion(versions, packageName, packageInfo, null, releaseChannels)
+            val version = getVersion(
+                versions = versions,
+                packageName = packageName,
+                packageInfo = packageInfo,
+                preferredSigner = null,
+                releaseChannels = releaseChannels,
+                includeKnownVulnerabilities = includeKnownVulnerabilities,
+            )
            if (version != null) {
                val versionCode = PackageInfoCompat.getLongVersionCode(packageInfo)
                val app = getUpdatableApp(version, versionCode)
@@ -70,8 +81,13 @@ public class DbUpdateChecker @JvmOverloads constructor(
        } catch (e: PackageManager.NameNotFoundException) {
            null
        }
-        val version = getVersion(versions, packageName, packageInfo, preferredSigner,
-            releaseChannels) ?: return null
+        val version = getVersion(
+            versions = versions,
+            packageName = packageName,
+            packageInfo = packageInfo,
+            preferredSigner = preferredSigner,
+            releaseChannels = releaseChannels,
+        ) ?: return null
        val versionedStrings = versionDao.getVersionedStrings(
            repoId = version.repoId,
            packageName = version.packageName,
@@ -86,6 +102,7 @@ public class DbUpdateChecker @JvmOverloads constructor(
        packageInfo: PackageInfo?,
        preferredSigner: String?,
        releaseChannels: List<String>?,
+        includeKnownVulnerabilities: Boolean = false,
    ): Version? {
        val preferencesGetter: (() -> PackagePreference?) = {
            appPrefsDao.getAppPrefsOrNull(packageName)
@@ -102,6 +119,7 @@ public class DbUpdateChecker @JvmOverloads constructor(
                versions = versions,
                packageInfo = packageInfo,
                releaseChannels = releaseChannels,
+                includeKnownVulnerabilities = includeKnownVulnerabilities,
                preferencesGetter = preferencesGetter,
            )
        }