Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Setting] 난독화 #233

Open
wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

[Setting] 난독화 #233

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4a2653d
setting: 난독화
HI-JIN2 Oct 25, 2024
ee18cfe
setting: proguard
HI-JIN2 Oct 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 2 additions & 4 deletions app/build.gradle.kts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,11 +45,9 @@ android {
buildConfigField("String", "KAKAO_NATIVE_APP_KEY", "\"$kakaoKey\"")
manifestPlaceholders["KAKAO_NATIVE_APP_KEY"] = kakaoKey

isMinifyEnabled = false
isMinifyEnabled = true
isShrinkResources = true
proguardFiles(getDefaultProguardFile("proguard-android-optimize.txt"), "proguard-rules.pro")

var shrinkResources = false
var minifyEnabled = false
}
Comment on lines +48 to 51
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

ProGuard 규칙이 불완전합니다. 추가 규칙이 필요합니다.

현재 proguard-rules.pro 파일에는 Kakao SDK에 대한 규칙만 포함되어 있습니다. 다음 라이브러리들에 대한 ProGuard 규칙이 누락되어 있습니다:

  • Retrofit2 및 OkHttp
  • Hilt
  • Firebase Analytics
  • Gson
  • Coroutines
  • AndroidX 컴포넌트

특히 다음 규칙들의 추가가 필요합니다:

  • Retrofit 인터페이스와 데이터 모델 클래스 보존
  • Hilt 의존성 주입 관련 클래스 보존
  • Coroutines 관련 클래스 보존
  • Firebase Analytics 이벤트 추적 클래스 보존
🔗 Analysis chain

ProGuard 규칙 검증이 필요합니다.

현재 프로젝트에서 사용 중인 주요 라이브러리들에 대한 ProGuard 규칙이 필요합니다:

  • Retrofit 인터페이스
  • Hilt 의존성 주입
  • Kakao SDK
  • Firebase Analytics
  • Kotlin Serialization

다음 사항들을 확인해주세요:

  1. proguard-rules.pro 파일에 필요한 keep 규칙들이 모두 포함되어 있는지 검토
  2. 테스트 빌드를 통해 런타임 오류가 발생하지 않는지 확인
  3. 난독화 후에도 주요 기능들이 정상 동작하는지 검증
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify ProGuard rules existence and content
echo "Checking ProGuard rules file..."
if [ -f "app/proguard-rules.pro" ]; then
    echo "Content of proguard-rules.pro:"
    cat app/proguard-rules.pro
else
    echo "Warning: proguard-rules.pro file not found!"
fi

Length of output: 971

Script:

#!/bin/bash
# Let's check for the proguard rules file and its content
echo "Checking proguard-rules.pro..."
find . -name "proguard-rules.pro" -type f -exec cat {} \;

# Check for Hilt usage
echo -e "\nChecking Hilt usage..."
rg -l "dagger.hilt" .

# Check for Kotlin Serialization usage
echo -e "\nChecking Kotlin Serialization usage..."
rg -l "@Serializable" .

# Check build.gradle files for dependencies
echo -e "\nChecking dependencies in build files..."
find . -name "build.gradle*" -type f -exec cat {} \;

Length of output: 8422


debug {
Expand Down
55 changes: 55 additions & 0 deletions app/proguard-rules.pro
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,58 @@
# https://developers.kakao.com/docs/latest/en/getting-started/sdk-android#configure-for-shrinking-and-obfuscation-(optional)
-keep class com.kakao.sdk.**.model.* { <fields>; }
-keep class * extends com.google.gson.TypeAdapter

# Retrofit2 인터페이스와 데이터 모델 클래스 보존
-keep interface com.eatssu.android.data.service.** { *; }
-keep class com.eatssu.android.data.dto.** { *; }
-dontwarn retrofit2.**
-dontwarn okhttp3.**
-keepattributes Signature
-keepattributes Exceptions

Comment on lines +27 to +34
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Signature와 Exceptions 속성 규칙을 더 구체적으로 지정하세요.

현재 구성은 기본적인 보호를 제공하지만, Retrofit 관련 속성을 더 명확하게 지정하면 좋을 것 같습니다.

다음과 같이 수정하는 것을 고려해보세요:

 -keepattributes Signature
 -keepattributes Exceptions
+-keepattributes InnerClasses
+-keepattributes EnclosingMethod
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Retrofit2 인터페이스와 데이터 모델 클래스 보존
-keep interface com.eatssu.android.data.service.** { *; }
-keep class com.eatssu.android.data.dto.** { *; }
-dontwarn retrofit2.**
-dontwarn okhttp3.**
-keepattributes Signature
-keepattributes Exceptions
# Retrofit2 인터페이스와 데이터 모델 클래스 보존
-keep interface com.eatssu.android.data.service.** { *; }
-keep class com.eatssu.android.data.dto.** { *; }
-dontwarn retrofit2.**
-dontwarn okhttp3.**
-keepattributes Signature
-keepattributes Exceptions
-keepattributes InnerClasses
-keepattributes EnclosingMethod

# OkHttp 보존
-keep class okhttp3.** { *; }
-keep interface okhttp3.** { *; }
-dontwarn okhttp3.**

Comment on lines +35 to +39
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

중복된 OkHttp 경고 무시 규칙이 있습니다.

-dontwarn okhttp3.** 규칙이 31번 줄과 38번 줄에 중복되어 있습니다.

다음과 같이 중복된 규칙을 제거하세요:

 # OkHttp 보존
 -keep class okhttp3.** { *; }
 -keep interface okhttp3.** { *; }
--dontwarn okhttp3.**
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# OkHttp 보존
-keep class okhttp3.** { *; }
-keep interface okhttp3.** { *; }
-dontwarn okhttp3.**
# OkHttp 보존
-keep class okhttp3.** { *; }
-keep interface okhttp3.** { *; }

# Hilt 의존성 주입 관련 클래스 보존
-keep class dagger.hilt.** { *; }
-keep class * extends dagger.hilt.EntryPoint
-keep class * extends dagger.hilt.InstallIn
-keep class * extends dagger.hilt.components.SingletonComponent
#-keep class * extends dagger.hilt.components.ActivityComponent
-dontwarn dagger.hilt.**

# Firebase Analytics 관련 클래스 보존
-keep class com.google.firebase.analytics.** { *; }
#-keepclassmembers class * {
# @com.google.firebase.analytics.FirebaseEvent *;
#}
-dontwarn com.google.firebase.analytics.**

# Gson 보존 (필드명 직렬화/역직렬화 보호)
-keep class com.google.gson.** { *; }
-keepattributes Signature
-keepattributes *Annotation*
-dontwarn com.google.gson.**

Comment on lines +55 to +60
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

중복된 Signature 속성 규칙이 있습니다.

-keepattributes Signature 규칙이 32번 줄과 57번 줄에 중복되어 있습니다.

다음과 같이 중복된 규칙을 제거하세요:

 # Gson 보존 (필드명 직렬화/역직렬화 보호)
 -keep class com.google.gson.** { *; }
--keepattributes Signature
 -keepattributes *Annotation*
 -dontwarn com.google.gson.**
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Gson 보존 (필드명 직렬화/역직렬화 보호)
-keep class com.google.gson.** { *; }
-keepattributes Signature
-keepattributes *Annotation*
-dontwarn com.google.gson.**
# Gson 보존 (필드명 직렬화/역직렬화 보호)
-keep class com.google.gson.** { *; }
-keepattributes *Annotation*
-dontwarn com.google.gson.**

# Coroutines 관련 클래스 보존
-keep class kotlinx.coroutines.** { *; }
-keepclassmembers class kotlinx.coroutines.** { *; }
-dontwarn kotlinx.coroutines.**

# AndroidX 관련 보존
-keep class androidx.** { *; }
-dontwarn androidx.**

Comment on lines +66 to +69
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

AndroidX 규칙을 더 구체적으로 지정하는 것이 좋습니다.

현재 모든 AndroidX 클래스를 보존하고 있어 APK 크기가 불필요하게 커질 수 있습니다.

실제로 사용하는 AndroidX 컴포넌트만 보존하도록 규칙을 수정하는 것을 추천합니다. 예시:

-# AndroidX 관련 보존
--keep class androidx.** { *; }
--dontwarn androidx.**
+# AndroidX 필수 컴포넌트 보존
+-keep class androidx.core.** { *; }
+-keep class androidx.appcompat.** { *; }
+-keep class androidx.fragment.app.** { *; }
+-dontwarn androidx.**
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# AndroidX 관련 보존
-keep class androidx.** { *; }
-dontwarn androidx.**
# AndroidX 필수 컴포넌트 보존
-keep class androidx.core.** { *; }
-keep class androidx.appcompat.** { *; }
-keep class androidx.fragment.app.** { *; }
-dontwarn androidx.**

# Retrofit의 어노테이션 보존
-keepattributes RuntimeVisibleAnnotations
-keepattributes RuntimeVisibleParameterAnnotations

# 일반적인 자바 어노테이션 보존
-keepattributes *Annotation*

# 모든 직렬화된 클래스 보존
-keepclassmembers class * {
@com.google.gson.annotations.SerializedName <fields>;
}
Comment on lines +70 to +80
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

중복된 어노테이션 속성 규칙을 통합하세요.

-keepattributes *Annotation* 규칙이 58번 줄과 75번 줄에 중복되어 있습니다. 또한, 어노테이션 관련 규칙들을 한 곳에 모으면 가독성이 향상될 것 같습니다.

다음과 같이 어노테이션 관련 규칙을 통합하세요:

+# 어노테이션 관련 규칙
+-keepattributes *Annotation*
+-keepattributes RuntimeVisibleAnnotations
+-keepattributes RuntimeVisibleParameterAnnotations

 # Retrofit의 어노테이션 보존
--keepattributes RuntimeVisibleAnnotations
--keepattributes RuntimeVisibleParameterAnnotations

 # 일반적인 자바 어노테이션 보존
--keepattributes *Annotation*
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Retrofit의 어노테이션 보존
-keepattributes RuntimeVisibleAnnotations
-keepattributes RuntimeVisibleParameterAnnotations
# 일반적인 자바 어노테이션 보존
-keepattributes *Annotation*
# 모든 직렬화된 클래스 보존
-keepclassmembers class * {
@com.google.gson.annotations.SerializedName <fields>;
}
# 어노테이션 관련 규칙
-keepattributes *Annotation*
-keepattributes RuntimeVisibleAnnotations
-keepattributes RuntimeVisibleParameterAnnotations
# 모든 직렬화된 클래스 보존
-keepclassmembers class * {
@com.google.gson.annotations.SerializedName <fields>;
}

Loading