Skip to content

Commit

Permalink
fix: expose proguard rules as part of the library to ensure safer bui…
Browse files Browse the repository at this point in the history 
…lds (#321)

* fix: expose proguard rules as part of the library to ensure safer builds

* fix: updated proguard rules to fix improper serialization of event payload

---------

Co-authored-by: Desu Sai Venkat <[email protected]>
  • Loading branch information
@desusai7
desusai7 and Desu Sai Venkat authored Sep 29, 2023
1 parent acb6dfa commit 46a5413
Show file tree
Hide file tree
Showing 3 changed files with 58 additions and 13 deletions.
27 changes: 19 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,42 +122,53 @@ The variable `it` contains the intialized nativeSDK object.
If you are using Proguard full mode to optimize your app, add the following lines to your Android ProGuard rules:

```java
// Reporter Module
# Reporter Module
-keep class com.rudderstack.android.ruddermetricsreporterandroid.models.LabelEntity { *; }
-keep class com.rudderstack.android.ruddermetricsreporterandroid.models.MetricEntity { *; }
-keep class com.rudderstack.android.ruddermetricsreporterandroid.models.ErrorEntity { *; }

// Required for the usage off TypeToken class in Utils.converToMap, Utils.convertToList
# Required for the usage off TypeToken class in Utils.converToMap, Utils.convertToList
-keep class com.google.gson.reflect.TypeToken { *; }
-keep class * extends com.google.gson.reflect.TypeToken

// Required for the serialization of SourceConfig once it is downloaded.
# Required for the serialization of SourceConfig once it is downloaded.
-keep class com.google.gson.internal.LinkedTreeMap { *; }
-keep class * implements java.io.Serializable { *; }
-keep class com.rudderstack.rudderjsonadapter.RudderTypeAdapter { *; }
-keep class * extends com.rudderstack.rudderjsonadapter.RudderTypeAdapter

// Required to ensure the DefaultPersistenceProviderFactory is not removed by Proguard
// and works as expected even when the customer is not using encryption feature.
# Required to ensure the DefaultPersistenceProviderFactory is not removed by Proguard
# and works as expected even when the customer is not using encryption feature.
-dontwarn net.sqlcipher.Cursor
-dontwarn net.sqlcipher.database.SQLiteDatabase$CursorFactory
-dontwarn net.sqlcipher.database.SQLiteDatabase
-dontwarn net.sqlcipher.database.SQLiteOpenHelper
-keep class com.rudderstack.android.sdk.core.persistence.DefaultPersistenceProviderFactory { *; }

// Required for the usage of annotations across reporter and web modules
# Required for the usage of annotations across reporter and web modules
-dontwarn com.fasterxml.jackson.annotation.JsonIgnore
-dontwarn com.squareup.moshi.Json
-dontwarn com.fasterxml.jackson.annotation.JsonProperty

// Required for Device Mode Transformations
# Required for Device Mode Transformations
-keep class com.rudderstack.android.sdk.core.TransformationResponse { *; }
-keep class com.rudderstack.android.sdk.core.TransformationResponseDeserializer { *; }

// to make sure that serialized name annotations are not removed by the Proguard full mode.
# to make sure that serialized name annotations are not removed by the Proguard full mode.
-keepclassmembers,allowobfuscation class * {
@com.google.gson.annotations.SerializedName <fields>;
}

# Required for proper serialization of the custom traits and custom context
-keep class * implements com.google.gson.JsonSerializer { *; }

# to make sure that the customContextMap, custom traits are sent in the proper format
-keepclassmembers class com.rudderstack.android.sdk.core.RudderContext { java.util.Map customContextMap; }
-keepclassmembers class com.rudderstack.android.sdk.core.RudderTraits { java.util.Map extras; }

# Required for DBEncryption feature using SQLCipher
-keep class net.sqlcipher.** { *; }
-keep class net.sqlcipher.database.* { *; }
```

## Contribute
Expand Down
2 changes: 1 addition & 1 deletion core/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ android {
defaultConfig {
minSdkVersion 19
targetSdkVersion 33
// consumerProguardFiles 'proguard-consumer-rules.pro'
consumerProguardFiles 'proguard-consumer-rules.pro'
buildConfigField("String", "VERSION_NAME", "\"${VERSION_NAME}\"")
buildConfigField("String", "VERSION_CODE", "\"${VERSION_CODE}\"")
testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
Expand Down
42 changes: 38 additions & 4 deletions core/proguard-consumer-rules.pro
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,41 @@
# If you keep the line number information, uncomment this to
# hide the original source file name.
#-renamesourcefileattribute SourceFile
#
#-keep class com.rudderstack.android.sdk.core.* { *; }
#-keep class com.rudderstack.android.sdk.core.ecomm.* { *; }
#-keep class com.rudderstack.android.sdk.core.util.* { *; }

# Required for the usage off TypeToken class in Utils.converToMap, Utils.convertToList
-keep class com.google.gson.reflect.TypeToken { *; }
-keep class * extends com.google.gson.reflect.TypeToken

# Required for the serialization of SourceConfig once it is downloaded.
-keep class com.google.gson.internal.LinkedTreeMap { *; }
-keep class * implements java.io.Serializable { *; }
-keep class com.rudderstack.rudderjsonadapter.RudderTypeAdapter { *; }
-keep class * extends com.rudderstack.rudderjsonadapter.RudderTypeAdapter

# Required to ensure the DefaultPersistenceProviderFactory is not removed by Proguard
# and works as expected even when the customer is not using encryption feature.
-dontwarn net.sqlcipher.Cursor
-dontwarn net.sqlcipher.database.SQLiteDatabase$CursorFactory
-dontwarn net.sqlcipher.database.SQLiteDatabase
-dontwarn net.sqlcipher.database.SQLiteOpenHelper
-keep class com.rudderstack.android.sdk.core.persistence.DefaultPersistenceProviderFactory { *; }

# Required for Device Mode Transformations
-keep class com.rudderstack.android.sdk.core.TransformationResponse { *; }
-keep class com.rudderstack.android.sdk.core.TransformationResponseDeserializer { *; }

# to make sure that serialized name annotations in model classes are not removed by the Proguard full mode.
-keepclassmembers,allowobfuscation class * {
@com.google.gson.annotations.SerializedName <fields>;
}

# Required for proper serialization of the custom traits and custom context
-keep class * implements com.google.gson.JsonSerializer { *; }

# to make sure that the customContextMap, custom traits are sent in the proper format
-keepclassmembers class com.rudderstack.android.sdk.core.RudderContext { java.util.Map customContextMap; }
-keepclassmembers class com.rudderstack.android.sdk.core.RudderTraits { java.util.Map extras; }

# Required for DBEncryption feature using SQLCipher
-keep class net.sqlcipher.** { *; }
-keep class net.sqlcipher.database.* { *; }

0 comments on commit 46a5413

Please sign in to comment.