From 3d8811717f2c70909c56000a5b1f94eb7447755e Mon Sep 17 00:00:00 2001
From: Desu Sai Venkat <venkat@rudderstack.com>
Date: Tue, 26 Sep 2023 19:21:08 +0530
Subject: [PATCH 1/2] fix: expose proguard rules as part of the library to
 ensure safer builds

---
 core/build.gradle                |  2 +-
 core/proguard-consumer-rules.pro | 31 +++++++++++++++++++++++++++----
 2 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/core/build.gradle b/core/build.gradle
index 4520085b8..a3232f571 100644
--- a/core/build.gradle
+++ b/core/build.gradle
@@ -5,7 +5,7 @@ android {
     defaultConfig {
         minSdkVersion 19
         targetSdkVersion 33
-//        consumerProguardFiles 'proguard-consumer-rules.pro'
+        consumerProguardFiles 'proguard-consumer-rules.pro'
         buildConfigField("String", "VERSION_NAME", "\"${VERSION_NAME}\"")
         buildConfigField("String", "VERSION_CODE", "\"${VERSION_CODE}\"")
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
diff --git a/core/proguard-consumer-rules.pro b/core/proguard-consumer-rules.pro
index cd6ff6a82..b0c35edf1 100644
--- a/core/proguard-consumer-rules.pro
+++ b/core/proguard-consumer-rules.pro
@@ -19,7 +19,30 @@
 # If you keep the line number information, uncomment this to
 # hide the original source file name.
 #-renamesourcefileattribute SourceFile
-#
-#-keep class com.rudderstack.android.sdk.core.* { *; }
-#-keep class com.rudderstack.android.sdk.core.ecomm.* { *; }
-#-keep class com.rudderstack.android.sdk.core.util.* { *; }
\ No newline at end of file
+
+# Required for the usage off TypeToken class in Utils.converToMap, Utils.convertToList
+-keep class com.google.gson.reflect.TypeToken { *; }
+-keep class * extends com.google.gson.reflect.TypeToken
+
+# Required for the serialization of SourceConfig once it is downloaded.
+-keep class com.google.gson.internal.LinkedTreeMap { *; }
+-keep class * implements java.io.Serializable { *; }
+-keep class com.rudderstack.rudderjsonadapter.RudderTypeAdapter { *; }
+-keep class * extends com.rudderstack.rudderjsonadapter.RudderTypeAdapter
+
+# Required to ensure the DefaultPersistenceProviderFactory is not removed by Proguard
+# and works as expected even when the customer is not using encryption feature.
+-dontwarn net.sqlcipher.Cursor
+-dontwarn net.sqlcipher.database.SQLiteDatabase$CursorFactory
+-dontwarn net.sqlcipher.database.SQLiteDatabase
+-dontwarn net.sqlcipher.database.SQLiteOpenHelper
+-keep class com.rudderstack.android.sdk.core.persistence.DefaultPersistenceProviderFactory { *; }
+
+# Required for Device Mode Transformations
+-keep class com.rudderstack.android.sdk.core.TransformationResponse { *; }
+-keep class com.rudderstack.android.sdk.core.TransformationResponseDeserializer { *; }
+
+# to make sure that serialized name annotations in model classes are not removed by the Proguard full mode.
+-keepclassmembers,allowobfuscation class * {
+  @com.google.gson.annotations.SerializedName <fields>;
+}
\ No newline at end of file

From f719043e039fc8f45a5d695b51e9a178d80d7ca2 Mon Sep 17 00:00:00 2001
From: Desu Sai Venkat <venkat@rudderstack.com>
Date: Wed, 27 Sep 2023 13:39:58 +0530
Subject: [PATCH 2/2] fix: updated proguard rules to fix improper serialization
 of event payload

---
 README.md                        | 27 +++++++++++++++++++--------
 core/proguard-consumer-rules.pro | 13 ++++++++++++-
 2 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 3797b2ca6..a6eb2dd5b 100644
--- a/README.md
+++ b/README.md
@@ -122,42 +122,53 @@ The variable `it` contains the intialized nativeSDK object.
 If you are using Proguard full mode to optimize your app, add the following lines to your Android ProGuard rules:
 
 ```java
-// Reporter Module
+# Reporter Module
 -keep class com.rudderstack.android.ruddermetricsreporterandroid.models.LabelEntity { *; }
 -keep class com.rudderstack.android.ruddermetricsreporterandroid.models.MetricEntity { *; }
 -keep class com.rudderstack.android.ruddermetricsreporterandroid.models.ErrorEntity { *; }
 
-// Required for the usage off TypeToken class in Utils.converToMap, Utils.convertToList
+# Required for the usage off TypeToken class in Utils.converToMap, Utils.convertToList
 -keep class com.google.gson.reflect.TypeToken { *; }
 -keep class * extends com.google.gson.reflect.TypeToken
 
-// Required for the serialization of SourceConfig once it is downloaded.
+# Required for the serialization of SourceConfig once it is downloaded.
 -keep class com.google.gson.internal.LinkedTreeMap { *; }
 -keep class * implements java.io.Serializable { *; }
 -keep class com.rudderstack.rudderjsonadapter.RudderTypeAdapter { *; }
 -keep class * extends com.rudderstack.rudderjsonadapter.RudderTypeAdapter
 
-// Required to ensure the DefaultPersistenceProviderFactory is not removed by Proguard 
-// and works as expected even when the customer is not using encryption feature.
+# Required to ensure the DefaultPersistenceProviderFactory is not removed by Proguard 
+# and works as expected even when the customer is not using encryption feature.
 -dontwarn net.sqlcipher.Cursor
 -dontwarn net.sqlcipher.database.SQLiteDatabase$CursorFactory
 -dontwarn net.sqlcipher.database.SQLiteDatabase
 -dontwarn net.sqlcipher.database.SQLiteOpenHelper
 -keep class com.rudderstack.android.sdk.core.persistence.DefaultPersistenceProviderFactory { *; }
 
-// Required for the usage of annotations across reporter and web modules
+# Required for the usage of annotations across reporter and web modules
 -dontwarn com.fasterxml.jackson.annotation.JsonIgnore
 -dontwarn com.squareup.moshi.Json
 -dontwarn com.fasterxml.jackson.annotation.JsonProperty
 
-// Required for Device Mode Transformations
+# Required for Device Mode Transformations
 -keep class com.rudderstack.android.sdk.core.TransformationResponse { *; }
 -keep class com.rudderstack.android.sdk.core.TransformationResponseDeserializer { *; }
 
-// to make sure that serialized name annotations are not removed by the Proguard full mode.
+# to make sure that serialized name annotations are not removed by the Proguard full mode.
 -keepclassmembers,allowobfuscation class * {
   @com.google.gson.annotations.SerializedName <fields>;
 }
+
+# Required for proper serialization of the custom traits and custom context
+-keep class * implements com.google.gson.JsonSerializer { *; }
+
+# to make sure that the customContextMap, custom traits are sent in the proper format
+-keepclassmembers class com.rudderstack.android.sdk.core.RudderContext { java.util.Map customContextMap; }
+-keepclassmembers class com.rudderstack.android.sdk.core.RudderTraits { java.util.Map extras; }
+
+# Required for DBEncryption feature using SQLCipher
+-keep class net.sqlcipher.** { *; }
+-keep class net.sqlcipher.database.* { *; }
 ```
 
 ## Contribute
diff --git a/core/proguard-consumer-rules.pro b/core/proguard-consumer-rules.pro
index b0c35edf1..ddc88ea27 100644
--- a/core/proguard-consumer-rules.pro
+++ b/core/proguard-consumer-rules.pro
@@ -45,4 +45,15 @@
 # to make sure that serialized name annotations in model classes are not removed by the Proguard full mode.
 -keepclassmembers,allowobfuscation class * {
   @com.google.gson.annotations.SerializedName <fields>;
-}
\ No newline at end of file
+}
+
+# Required for proper serialization of the custom traits and custom context
+-keep class * implements com.google.gson.JsonSerializer { *; }
+
+# to make sure that the customContextMap, custom traits are sent in the proper format
+-keepclassmembers class com.rudderstack.android.sdk.core.RudderContext { java.util.Map customContextMap; }
+-keepclassmembers class com.rudderstack.android.sdk.core.RudderTraits { java.util.Map extras; }
+
+# Required for DBEncryption feature using SQLCipher
+-keep class net.sqlcipher.** { *; }
+-keep class net.sqlcipher.database.* { *; }
\ No newline at end of file