zendesk_apps_support 4.28.0 → 4.29.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: e0ede6523497ff0fbf8d8768ea7a00b90ad1011c3eeb5ed0db26c9b7f22e49fc
|
4
|
+
data.tar.gz: 9a5577cdb2dfac58db29921c5b1b76291a33de58376d7b4c3a9d2ade650c0b91
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6b256559f9f1fc4948e3921bd711b9cdedff8b98a3d1bc8573d3e83fc961023acfbec1994e713a72edff82970c13f1266cbf2aea933f1ee2cb8b65a384b52e97
|
7
|
+
data.tar.gz: 35555b53118ea3d124778b5f129fbcc3dc9ef891f3eefadb89c7cb619c8ead585262f61f58594c3001f438c1ae9106abbaf6b5ad01cff61153cf4e3426103cd1
|
@@ -40,10 +40,10 @@ module ZendeskAppsSupport
|
|
40
40
|
errors << Validations::Source.call(self)
|
41
41
|
errors << Validations::Translations.call(self, skip_marketplace_translations: skip_marketplace_translations)
|
42
42
|
errors << Validations::Requirements.call(self)
|
43
|
-
errors << Validations::Requests.call(self)
|
44
43
|
|
45
44
|
# only adds warnings
|
46
45
|
Validations::SecureSettings.call(self)
|
46
|
+
Validations::Requests.call(self)
|
47
47
|
|
48
48
|
unless manifest.requirements_only? || manifest.marketing_only? || manifest.iframe_only?
|
49
49
|
errors << Validations::Templates.call(self)
|
@@ -7,62 +7,25 @@ module ZendeskAppsSupport
|
|
7
7
|
module Validations
|
8
8
|
module Requests
|
9
9
|
class << self
|
10
|
-
IP_ADDRESS = /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/
|
11
|
-
|
12
10
|
def call(package)
|
13
|
-
errors = []
|
14
11
|
files = package.js_files + package.html_files
|
15
|
-
private_app = package.manifest.private?
|
16
12
|
|
17
13
|
files.each do |file|
|
18
14
|
file_content = file.read
|
19
15
|
|
20
16
|
http_protocol_urls = find_address_containing_http(file_content)
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
)
|
26
|
-
end
|
27
|
-
|
28
|
-
ip_addresses = file_content.scan(IP_ADDRESS)
|
29
|
-
next unless ip_addresses.any?
|
30
|
-
|
31
|
-
ip_validation_messages = ip_validation_messages(
|
32
|
-
file.relative_path,
|
33
|
-
ip_addresses,
|
34
|
-
private_app
|
17
|
+
next unless http_protocol_urls.any?
|
18
|
+
package.warnings << insecure_http_requests_warning(
|
19
|
+
http_protocol_urls,
|
20
|
+
file.relative_path
|
35
21
|
)
|
36
|
-
|
37
|
-
validation_group = private_app ? package.warnings : errors
|
38
|
-
validation_group << ip_validation_messages
|
39
22
|
end
|
40
23
|
|
41
24
|
package.warnings.flatten!
|
42
|
-
errors
|
43
25
|
end
|
44
26
|
|
45
27
|
private
|
46
28
|
|
47
|
-
def ip_validation_messages(file_path, ip_addresses, private_app)
|
48
|
-
ip_addresses.each_with_object([]) do |ip_address, messages|
|
49
|
-
ip_type_string = ip_type_string(ip_address)
|
50
|
-
next unless ip_type_string
|
51
|
-
|
52
|
-
string_params = {
|
53
|
-
type: ip_type_string, uri: ip_address, file: file_path
|
54
|
-
}
|
55
|
-
validation_message =
|
56
|
-
if private_app
|
57
|
-
I18n.t('txt.apps.admin.error.app_build.blocked_request', string_params)
|
58
|
-
else
|
59
|
-
ValidationError.new(:blocked_request, string_params)
|
60
|
-
end
|
61
|
-
|
62
|
-
messages << validation_message
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
29
|
def insecure_http_requests_warning(http_protocol_urls, relative_path)
|
67
30
|
http_protocol_urls = http_protocol_urls.join(
|
68
31
|
I18n.t('txt.apps.admin.error.app_build.listing_comma')
|
@@ -75,19 +38,6 @@ module ZendeskAppsSupport
|
|
75
38
|
)
|
76
39
|
end
|
77
40
|
|
78
|
-
def ip_type_string(ip_address)
|
79
|
-
block_type =
|
80
|
-
case IPAddress.parse(ip_address)
|
81
|
-
when proc(&:private?) then 'private'
|
82
|
-
when proc(&:loopback?) then 'loopback'
|
83
|
-
when proc(&:link_local?) then 'link_local'
|
84
|
-
end
|
85
|
-
|
86
|
-
block_type && I18n.t("txt.apps.admin.error.app_build.blocked_request_#{block_type}")
|
87
|
-
rescue ArgumentError
|
88
|
-
nil # Ignore numbers which are not an IP address
|
89
|
-
end
|
90
|
-
|
91
41
|
def find_address_containing_http(file_content)
|
92
42
|
file_content.scan(URI.regexp(['http'])).map(&:compact).map(&:last)
|
93
43
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: zendesk_apps_support
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.
|
4
|
+
version: 4.29.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- James A. Rosen
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date: 2020-
|
14
|
+
date: 2020-02-06 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: i18n
|
@@ -319,8 +319,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
319
319
|
- !ruby/object:Gem::Version
|
320
320
|
version: 1.3.6
|
321
321
|
requirements: []
|
322
|
-
|
323
|
-
rubygems_version: 2.6.8
|
322
|
+
rubygems_version: 3.0.6
|
324
323
|
signing_key:
|
325
324
|
specification_version: 4
|
326
325
|
summary: Support to help you develop Zendesk Apps.
|