GSoC/2024/StatusReports/ShellWen
Appearance
Update SSHD library in KDE Connect Android app
The KDE Connect Android App utilizes Apache Mina SSHD for file system sharing over a local network. However, the current version (0.14.0) is outdated, posing security and stability risks. This project aims to update the library to the latest version (2.12.1). Idea from https://community.kde.org/GSoC/2024/Ideas#Update_SSH_library_in_the_Android_app.
Work report
Task Analysis & Objectives:
- Identified that the current version of Apache Mina SSHD (0.14.0) used for file system sharing in the KDE Connect Android app is outdated, posing potential security and stability risks.
- The goal of this project is to update the Apache Mina SSHD library to version 2.12.1 to enhance the app's security, stability, and performance.
Update Process:
- Located the dependencies and configuration files related to the Apache Mina SSHD library within the Android project, which uses Gradle for dependency management and a Gradle version catalog to manage versions across the project.
- Migrated the library step-by-step across major versions to Apache Mina SSHD 2.12.1, adapting to upstream changes and ensuring compatibility throughout the process.
- One of the major challenges was that the newer SSHD version switched to using
java.nio
as the backend for the file system, whereas the older version used its own file system backend implementation. Since Android's Storage Access Framework (SAF) lacks a correspondingjava.nio
implementation, it required writing a custom mapping of SAF tojava.nio
, which proved to be highly complex.
Testing & Validation:
- Conducted manual testing of the file system sharing feature, validating performance and stability across various devices and network environments.
- Used security scanning tools to confirm that known security vulnerabilities were mitigated and verified that the new version did not introduce new security issues.
Results & Future Plans:
- Successfully completed the upgrade of the Apache Mina SSHD library and merged the changes into the main branch (see kdeconnect-android#451).
- Future plans include continued monitoring of the app's performance and addressing any potential edge cases that may arise.