zendesk_apps_support 4.21.4 → 4.22.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.md +7 -1
- data/lib/zendesk_apps_support/validations/requests.rb +43 -18
- metadata +17 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: f5e7624f0698a1aff9b173819bca559434dd3baffe49e9fa4d7276867dbed41f
|
4
|
+
data.tar.gz: b98003482ec9bb0b011d228d61a9385df451ea569c71fd775eccafb30e731b23
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e4b9b3fd92f5fc1de2198f99e8442de953f4e23e77833cb8a67e0100c5fdefc01f98662c6377112f08ca9daf7eb04fb4b9c924406ce9bbd5d01fe3faa1532d29
|
7
|
+
data.tar.gz: 518d3295fca2a66d0035e1c2a6859db891b2ac3d6cb6548bd98f1638bc0311616369f25bcfb8ce8530ac503adde61ca65f05de414728f972ed36a9b7bd56a50c
|
data/README.md
CHANGED
@@ -9,10 +9,16 @@ This repo is owned and maintained by the Zendesk Apps team. You can reach us on
|
|
9
9
|
## Getting Started
|
10
10
|
When you want to help **develop** this tool, you will need to clone this repo.
|
11
11
|
|
12
|
+
Since ZAS is used in ZAT, which supports Ruby 2.1, the Bundler Gem Version 1.17.3 is required for bundling dependencies. If you are working with a version that is higher than `1.17.3`, you will need to downgrade it.
|
13
|
+
```
|
14
|
+
$ gem install bundler --version 1.17.3
|
15
|
+
$ bundle install
|
16
|
+
```
|
17
|
+
|
12
18
|
Very likely you want to try out your changes with the use of ZAT. See [ZAT](https://github.com/zendesk/zendesk_apps_tools/) for how to get ZAT/ZAS in development.
|
13
19
|
|
14
20
|
## Testing
|
15
|
-
This project uses
|
21
|
+
This project uses Rspec, which can be run with `bundle exec rake`.
|
16
22
|
|
17
23
|
## Contribute
|
18
24
|
* Put up a PR into the master branch.
|
@@ -12,45 +12,70 @@ module ZendeskAppsSupport
|
|
12
12
|
def call(package)
|
13
13
|
errors = []
|
14
14
|
files = package.js_files + package.html_files
|
15
|
+
private_app = package.manifest.private?
|
15
16
|
|
16
17
|
files.each do |file|
|
17
18
|
file_content = file.read
|
18
19
|
|
19
20
|
http_protocol_urls = find_address_containing_http(file_content)
|
20
21
|
if http_protocol_urls.any?
|
21
|
-
package.warnings <<
|
22
|
-
|
23
|
-
|
24
|
-
file: file.relative_path
|
22
|
+
package.warnings << insecure_http_requests_warning(
|
23
|
+
http_protocol_urls,
|
24
|
+
file.relative_path
|
25
25
|
)
|
26
26
|
end
|
27
27
|
|
28
28
|
ip_addresses = file_content.scan(IP_ADDRESS)
|
29
|
-
|
30
|
-
|
31
|
-
|
29
|
+
next unless ip_addresses.any?
|
30
|
+
|
31
|
+
ip_validation_messages = ip_validation_messages(
|
32
|
+
file.relative_path,
|
33
|
+
ip_addresses,
|
34
|
+
private_app
|
35
|
+
)
|
36
|
+
|
37
|
+
validation_group = private_app ? package.warnings : errors
|
38
|
+
validation_group << ip_validation_messages
|
32
39
|
end
|
33
40
|
|
41
|
+
package.warnings.flatten!
|
34
42
|
errors
|
35
43
|
end
|
36
44
|
|
37
45
|
private
|
38
46
|
|
39
|
-
def
|
40
|
-
ip_addresses.each_with_object([]) do |ip_address,
|
41
|
-
|
42
|
-
next unless
|
47
|
+
def ip_validation_messages(file_path, ip_addresses, private_app)
|
48
|
+
ip_addresses.each_with_object([]) do |ip_address, messages|
|
49
|
+
ip_type_string = ip_type_string(ip_address)
|
50
|
+
next unless ip_type_string
|
43
51
|
|
44
|
-
|
45
|
-
:
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
52
|
+
string_params = {
|
53
|
+
type: ip_type_string, uri: ip_address, file: file_path
|
54
|
+
}
|
55
|
+
validation_message =
|
56
|
+
if private_app
|
57
|
+
I18n.t('txt.apps.admin.error.app_build.blocked_request', string_params)
|
58
|
+
else
|
59
|
+
ValidationError.new(:blocked_request, string_params)
|
60
|
+
end
|
61
|
+
|
62
|
+
messages << validation_message
|
50
63
|
end
|
51
64
|
end
|
52
65
|
|
53
|
-
def
|
66
|
+
def insecure_http_requests_warning(http_protocol_urls, relative_path)
|
67
|
+
http_protocol_urls = http_protocol_urls.join(
|
68
|
+
I18n.t('txt.apps.admin.error.app_build.listing_comma')
|
69
|
+
)
|
70
|
+
|
71
|
+
I18n.t(
|
72
|
+
'txt.apps.admin.warning.app_build.insecure_http_request',
|
73
|
+
uri: http_protocol_urls,
|
74
|
+
file: relative_path
|
75
|
+
)
|
76
|
+
end
|
77
|
+
|
78
|
+
def ip_type_string(ip_address)
|
54
79
|
block_type =
|
55
80
|
case IPAddress.parse(ip_address)
|
56
81
|
when proc(&:private?) then 'private'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: zendesk_apps_support
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.22.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- James A. Rosen
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2019-
|
14
|
+
date: 2019-10-11 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: i18n
|
@@ -237,6 +237,20 @@ dependencies:
|
|
237
237
|
- - "~>"
|
238
238
|
- !ruby/object:Gem::Version
|
239
239
|
version: 9.0.6
|
240
|
+
- !ruby/object:Gem::Dependency
|
241
|
+
name: bundler
|
242
|
+
requirement: !ruby/object:Gem::Requirement
|
243
|
+
requirements:
|
244
|
+
- - '='
|
245
|
+
- !ruby/object:Gem::Version
|
246
|
+
version: 1.17.3
|
247
|
+
type: :development
|
248
|
+
prerelease: false
|
249
|
+
version_requirements: !ruby/object:Gem::Requirement
|
250
|
+
requirements:
|
251
|
+
- - '='
|
252
|
+
- !ruby/object:Gem::Version
|
253
|
+
version: 1.17.3
|
240
254
|
description: Support to help you develop Zendesk Apps.
|
241
255
|
email:
|
242
256
|
- dev@zendesk.com
|
@@ -305,8 +319,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
305
319
|
- !ruby/object:Gem::Version
|
306
320
|
version: 1.3.6
|
307
321
|
requirements: []
|
308
|
-
|
309
|
-
rubygems_version: 2.6.8
|
322
|
+
rubygems_version: 3.0.6
|
310
323
|
signing_key:
|
311
324
|
specification_version: 4
|
312
325
|
summary: Support to help you develop Zendesk Apps.
|