search

paypal / android-checkout-sdk

Apache License 2.0
77 stars 38 forks source link

Duplicate class a.a found in modules jetified-android-sdk-1.3.0-runtime #329

Open sforsberg opened 7 months ago

sforsberg commented 7 months ago

Describe the bug After upgrading com.paypal.checkout:android-sdk:1.3.0, we are unable to build our application due to the following gradle error:

> Task :app:checkDebugDuplicateClasses FAILED
...
FAILURE: Build failed with an exception.

* What went wrong:
Execution failed for task ':app:checkDebugDuplicateClasses'.
> A failure occurred while executing com.android.build.gradle.internal.tasks.CheckDuplicatesRunnable
   > Duplicate class a.a found in modules jetified-android-sdk-1.3.0-runtime (com.paypal.checkout:android-sdk:1.3.0) and jetified-msdk-3.0.5-runtime (com.perimeterx.sdk:msdk:3.0.5)
     Duplicate class a.b found in modules jetified-android-sdk-1.3.0-runtime (com.paypal.checkout:android-sdk:1.3.0) and jetified-msdk-3.0.5-runtime (com.perimeterx.sdk:msdk:3.0.5)
     Duplicate class a.c found in modules jetified-android-sdk-1.3.0-runtime (com.paypal.checkout:android-sdk:1.3.0) and jetified-msdk-3.0.5-runtime (com.perimeterx.sdk:msdk:3.0.5)
     Duplicate class a.d found in modules jetified-android-sdk-1.3.0-runtime (com.paypal.checkout:android-sdk:1.3.0) and jetified-msdk-3.0.5-runtime (com.perimeterx.sdk:msdk:3.0.5)
...

As seen in the error there are class conflicts with another package installed by com.perimeterx.sdk:msdk:3.0.5 which was not upgraded, and seems to also have a globally scoped package and classes (I will raise an issue over there as well).

Looking at the changes made in 1.3.0, the updated version of android-magnessdk-5.5.0.jar seems to have introduced a new globally scoped obfuscated package called a with 4 new classes a.a, a.b, a.c, and a.d. Looking at the external libraries installed, we can see the mentioned packages have the same globally scoped a module in both com.perimeterx.sdk:msdk:3.0.5 and com.paypal.checkout:android-sdk:1.3.0.

Screenshot 2024-04-08 at 2 36 22 PM

To Reproduce Steps to reproduce the behavior:

  1. Install com.paypal.checkout:android-sdk:1.3.0 and com.perimeterx.sdk:msdk:3.0.5
    1. For the latter, requires the following repository: maven { url "https://perimeterx.jfrog.io/artifactory/px-Android-SDK/" }
  2. Attempt to build this project.
  3. See the above error.

Expected behavior Both modules should be able to be installed together without class conflicts, perhaps Magnes SDK needs to be updated to not have obfuscated those globally scoped classes.

Looking at the previous version android-magnessdk-5.4.0.jar, there is no trace of this globally scoped a module seen in this jar dump:

jar -tvf ~/Downloads/android-magnessdk-5.4.0.jar
  1234 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/Environment.class
   636 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/InvalidInputException.class
  1045 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/MagnesResult.class
  9851 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/MagnesSDK.class
  4838 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/MagnesSettings$Builder.class
   342 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/MagnesSettings$a.class
  3153 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/MagnesSettings.class
  1548 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/MagnesSource.class
  1308 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/a.class
  3785 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/b.class
  ...

Compared to android-magnessdk-5.5.0.jar we find the global a classes:

jar -tvf ~/Downloads/android-magnessdk-5.5.0.jar
  2243 Thu Jan 01 01:01:02 EST 1981 a/a.class
   676 Thu Jan 01 01:01:02 EST 1981 a/b.class
  3578 Thu Jan 01 01:01:02 EST 1981 a/c.class
  1408 Thu Jan 01 01:01:02 EST 1981 a/d.class
  1192 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/Environment.class
   631 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/InvalidInputException.class
  1040 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/MagnesResult.class
  9675 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/MagnesSDK.class
  4966 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/MagnesSettings$Builder.class
   378 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/MagnesSettings$a.class
  3286 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/MagnesSettings.class
  1506 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/MagnesSource.class
  1344 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/a.class
  3661 Thu Jan 01 01:01:02 EST 1981 lib/android/paypal/com/magnessdk/b.class
  ...
github-actions[bot] commented 7 months ago

Thank you for reaching out to the Native Checkout SDK team. This integration path is now inactive for new merchants. If you are an existing merchant, please contact us here for further assistance.

New merchants can integrate the Native Checkout experience via the Braintree Android SDK or PayPal Android SDK. For more information please see their respective developer documentation linked below.

sforsberg commented 7 months ago

An update on the status of this, I was able to work with the PerimeterX team to get this resolved in their library and we are now able to install their latest version alongside the latest PayPal Checkout SDK version. However I still consider this a bug in the PayPal SDK as it could be causing similar issues for other consumers.