zendesk_apps_support 4.29.3 → 4.29.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/config/locales/en.yml +4 -0
- data/config/locales/translations/zendesk_apps_support.yml +5 -0
- data/lib/zendesk_apps_support/sass_functions.rb +2 -2
- data/lib/zendesk_apps_support/validations/manifest.rb +10 -2
- data/lib/zendesk_apps_support/validations/mime.rb +3 -4
- data/lib/zendesk_apps_support/validations/secure_settings.rb +13 -1
- metadata +43 -23
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '05133378592731040e3105b29a3624fe85d190ba5ed7bfc872d99da645aad8c5'
|
|
4
|
+
data.tar.gz: 5e3bb520f055e87596585d2cd93821e801ad79a509f5c6bff1a12555d69214f4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5c4b261f98f1b4ee30324ba70f7f78b24a9d4fbefc0e5e6c209cecd5764218b6aa738ef6fbdb6989cb5de170f40af454a32d738d371b6ce385a8b14f598ca0cb
|
|
7
|
+
data.tar.gz: 7c283902ea1fe0907abbcb12679fc12fe2ec3d41884babb1e8a6ee50c781b2b78d76c12ee070302ac46fbe2a6d4a52b4c443d641b90754e3a15419dddb0a5ec6
|
data/config/locales/en.yml
CHANGED
|
@@ -62,6 +62,7 @@ en:
|
|
|
62
62
|
other: Unsupported MIME types detected in %{file_names}.
|
|
63
63
|
multiple_channel_integrations: Specifying multiple channel integrations
|
|
64
64
|
in requirements.json is not supported.
|
|
65
|
+
oauth_parameter_required: "Please upgrade to our new oauth format. Learn more: %{link}"
|
|
65
66
|
invalid_cr_schema_keys:
|
|
66
67
|
one: 'Custom resources schema contains an invalid key: %{invalid_keys}'
|
|
67
68
|
other: 'Custom resources schema contains invalid keys: %{invalid_keys}'
|
|
@@ -122,6 +123,9 @@ en:
|
|
|
122
123
|
do not match products in translations (%{translation_products})
|
|
123
124
|
insecure_token_parameter_in_manifest: 'Make sure to set secure to true
|
|
124
125
|
when using keys in Settings. Learn more: %{link}'
|
|
126
|
+
default_secure_or_hidden_parameter_in_manifest: Default values for secure
|
|
127
|
+
or hidden parameters are not stored securely. Be sure to review them
|
|
128
|
+
and confirm they do not contain sensitive data
|
|
125
129
|
stylesheet_error: 'Sass error: %{sass_error}'
|
|
126
130
|
invalid_type_parameter:
|
|
127
131
|
one: "%{invalid_types} is an invalid parameter type."
|
|
@@ -351,6 +351,11 @@ parts:
|
|
|
351
351
|
title: "Validation message to indicate missing secure(true) field in manifest's token parameter. Do not translate 'secure' and 'true'. Secure(true) in manifest refers to https://developer.zendesk.com/apps/docs/developer-guide/using_sdk#using-secure-settings"
|
|
352
352
|
value: "Make sure to set secure to true when using keys in Settings. Learn more: %{link}"
|
|
353
353
|
screenshot: "https://drive.google.com/open?id=1ss3nNN2RG29R7StjCtiH8qjuwFBlRApJ"
|
|
354
|
+
- translation:
|
|
355
|
+
key: "txt.apps.admin.error.app_build.translation.default_secure_or_hidden_parameter_in_manifest"
|
|
356
|
+
title: "Validation message to indicate that a hidden or secure manifest parameter has a default value. Do not translate 'secure' and 'hidden'. Secure(true) in manifest refers to https://developer.zendesk.com/apps/docs/developer-guide/using_sdk#using-secure-settings"
|
|
357
|
+
value: "Default values for secure or hidden parameters are not stored securely. Be sure to review them and confirm they do not contain sensitive data"
|
|
358
|
+
screenshot: "https://drive.google.com/file/d/1MI6ci6Jz6xtwOXjcbHFCfNi1FjXKOuv9/view?usp=sharing"
|
|
354
359
|
- translation:
|
|
355
360
|
key: "txt.apps.admin.error.app_build.stylesheet_error"
|
|
356
361
|
title: "App builder job: invalid stylesheet syntax"
|
|
@@ -26,9 +26,9 @@ require 'sassc'
|
|
|
26
26
|
module SassC::Script::Functions
|
|
27
27
|
module AppAssetUrl
|
|
28
28
|
def app_asset_url(name)
|
|
29
|
-
raise ArgumentError, "Expected #{name} to be a string" unless name.is_a?
|
|
29
|
+
raise ArgumentError, "Expected #{name} to be a string" unless name.is_a? SassC::Script::Value::String
|
|
30
30
|
result = %{url("#{app_asset_url_helper(name)}")}
|
|
31
|
-
SassC::Script::String.new(result)
|
|
31
|
+
SassC::Script::Value::String.new(result)
|
|
32
32
|
end
|
|
33
33
|
|
|
34
34
|
private
|
|
@@ -10,6 +10,7 @@ module ZendeskAppsSupport
|
|
|
10
10
|
REQUIRED_MANIFEST_FIELDS = RUBY_TO_JSON.select { |k| %i[author default_locale].include? k }.freeze
|
|
11
11
|
OAUTH_REQUIRED_FIELDS = %w[client_id client_secret authorize_uri access_token_uri].freeze
|
|
12
12
|
PARAMETER_TYPES = ZendeskAppsSupport::Manifest::Parameter::TYPES
|
|
13
|
+
OAUTH_MANIFEST_LINK = 'https://developer.zendesk.com/apps/docs/developer-guide/manifest#oauth'
|
|
13
14
|
|
|
14
15
|
class << self
|
|
15
16
|
def call(package)
|
|
@@ -197,14 +198,21 @@ module ZendeskAppsSupport
|
|
|
197
198
|
|
|
198
199
|
def oauth_error(manifest)
|
|
199
200
|
return unless manifest.oauth
|
|
200
|
-
|
|
201
|
+
oauth_errors = []
|
|
201
202
|
missing = OAUTH_REQUIRED_FIELDS.select do |key|
|
|
202
203
|
manifest.oauth[key].nil? || manifest.oauth[key].empty?
|
|
203
204
|
end
|
|
204
205
|
|
|
205
206
|
if missing.any?
|
|
206
|
-
|
|
207
|
+
oauth_errors << \
|
|
208
|
+
ValidationError.new('oauth_keys.missing', missing_keys: missing.join(', '), count: missing.length)
|
|
209
|
+
end
|
|
210
|
+
|
|
211
|
+
unless manifest.parameters.any? { |param| param.type == 'oauth' }
|
|
212
|
+
oauth_errors << ValidationError.new('oauth_parameter_required',
|
|
213
|
+
link: OAUTH_MANIFEST_LINK)
|
|
207
214
|
end
|
|
215
|
+
oauth_errors
|
|
208
216
|
end
|
|
209
217
|
|
|
210
218
|
def parameters_error(manifest)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require '
|
|
3
|
+
require 'marcel'
|
|
4
4
|
|
|
5
5
|
module ZendeskAppsSupport
|
|
6
6
|
module Validations
|
|
@@ -20,9 +20,8 @@ module ZendeskAppsSupport
|
|
|
20
20
|
private
|
|
21
21
|
|
|
22
22
|
def block_listed?(app_file)
|
|
23
|
-
mime_type =
|
|
24
|
-
|
|
25
|
-
content_subtype = mime_type.subtype if mime_type
|
|
23
|
+
mime_type = Marcel::MimeType.for(StringIO.new(app_file.read))
|
|
24
|
+
content_subtype = mime_type.split('/', 2).last if mime_type
|
|
26
25
|
extension_name = app_file.extension.delete('.')
|
|
27
26
|
|
|
28
27
|
([content_subtype, extension_name] & UNSUPPORTED_MIME_TYPES).any?
|
|
@@ -11,12 +11,18 @@ module ZendeskAppsSupport
|
|
|
11
11
|
manifest_params = package.manifest.parameters
|
|
12
12
|
|
|
13
13
|
insecure_params_found = manifest_params.any? { |param| insecure_param?(param) }
|
|
14
|
-
|
|
15
14
|
package.warnings << secure_settings_warning if insecure_params_found
|
|
15
|
+
|
|
16
|
+
secure_or_hidden_default_param_found = manifest_params.any? { |param| secure_or_hidden_default_param?(param) }
|
|
17
|
+
package.warnings << hidden_default_parameter_warning if secure_or_hidden_default_param_found
|
|
16
18
|
end
|
|
17
19
|
|
|
18
20
|
private
|
|
19
21
|
|
|
22
|
+
def secure_or_hidden_default_param?(parameter)
|
|
23
|
+
parameter.default? && (parameter.secure || parameter.type == 'hidden')
|
|
24
|
+
end
|
|
25
|
+
|
|
20
26
|
def insecure_param?(parameter)
|
|
21
27
|
parameter.name =~ SECURABLE_KEYWORDS_REGEXP && type_password_or_text?(parameter.type) && !parameter.secure
|
|
22
28
|
end
|
|
@@ -25,6 +31,12 @@ module ZendeskAppsSupport
|
|
|
25
31
|
parameter_type == 'text' || parameter_type == 'password'
|
|
26
32
|
end
|
|
27
33
|
|
|
34
|
+
def hidden_default_parameter_warning
|
|
35
|
+
I18n.t(
|
|
36
|
+
'txt.apps.admin.error.app_build.translation.default_secure_or_hidden_parameter_in_manifest'
|
|
37
|
+
)
|
|
38
|
+
end
|
|
39
|
+
|
|
28
40
|
def secure_settings_warning
|
|
29
41
|
I18n.t(
|
|
30
42
|
'txt.apps.admin.error.app_build.translation.insecure_token_parameter_in_manifest',
|
metadata
CHANGED
|
@@ -1,17 +1,17 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zendesk_apps_support
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.29.
|
|
4
|
+
version: 4.29.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- James A. Rosen
|
|
8
8
|
- Likun Liu
|
|
9
9
|
- Sean Caffery
|
|
10
10
|
- Daniel Ribeiro
|
|
11
|
-
autorequire:
|
|
11
|
+
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date:
|
|
14
|
+
date: 2021-05-20 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: i18n
|
|
@@ -31,16 +31,16 @@ dependencies:
|
|
|
31
31
|
name: sassc
|
|
32
32
|
requirement: !ruby/object:Gem::Requirement
|
|
33
33
|
requirements:
|
|
34
|
-
- - "
|
|
34
|
+
- - ">="
|
|
35
35
|
- !ruby/object:Gem::Version
|
|
36
|
-
version:
|
|
36
|
+
version: '0'
|
|
37
37
|
type: :runtime
|
|
38
38
|
prerelease: false
|
|
39
39
|
version_requirements: !ruby/object:Gem::Requirement
|
|
40
40
|
requirements:
|
|
41
|
-
- - "
|
|
41
|
+
- - ">="
|
|
42
42
|
- !ruby/object:Gem::Version
|
|
43
|
-
version:
|
|
43
|
+
version: '0'
|
|
44
44
|
- !ruby/object:Gem::Dependency
|
|
45
45
|
name: sass
|
|
46
46
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -73,16 +73,16 @@ dependencies:
|
|
|
73
73
|
name: image_size
|
|
74
74
|
requirement: !ruby/object:Gem::Requirement
|
|
75
75
|
requirements:
|
|
76
|
-
- - "
|
|
76
|
+
- - "~>"
|
|
77
77
|
- !ruby/object:Gem::Version
|
|
78
|
-
version:
|
|
78
|
+
version: 2.0.2
|
|
79
79
|
type: :runtime
|
|
80
80
|
prerelease: false
|
|
81
81
|
version_requirements: !ruby/object:Gem::Requirement
|
|
82
82
|
requirements:
|
|
83
|
-
- - "
|
|
83
|
+
- - "~>"
|
|
84
84
|
- !ruby/object:Gem::Version
|
|
85
|
-
version:
|
|
85
|
+
version: 2.0.2
|
|
86
86
|
- !ruby/object:Gem::Dependency
|
|
87
87
|
name: erubis
|
|
88
88
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -103,28 +103,34 @@ dependencies:
|
|
|
103
103
|
requirements:
|
|
104
104
|
- - "~>"
|
|
105
105
|
- !ruby/object:Gem::Version
|
|
106
|
-
version: 2.
|
|
106
|
+
version: 2.3.1
|
|
107
107
|
type: :runtime
|
|
108
108
|
prerelease: false
|
|
109
109
|
version_requirements: !ruby/object:Gem::Requirement
|
|
110
110
|
requirements:
|
|
111
111
|
- - "~>"
|
|
112
112
|
- !ruby/object:Gem::Version
|
|
113
|
-
version: 2.
|
|
113
|
+
version: 2.3.1
|
|
114
114
|
- !ruby/object:Gem::Dependency
|
|
115
115
|
name: nokogiri
|
|
116
116
|
requirement: !ruby/object:Gem::Requirement
|
|
117
117
|
requirements:
|
|
118
|
-
- - "
|
|
118
|
+
- - ">="
|
|
119
119
|
- !ruby/object:Gem::Version
|
|
120
120
|
version: 1.8.5
|
|
121
|
+
- - "<"
|
|
122
|
+
- !ruby/object:Gem::Version
|
|
123
|
+
version: 1.11.0
|
|
121
124
|
type: :runtime
|
|
122
125
|
prerelease: false
|
|
123
126
|
version_requirements: !ruby/object:Gem::Requirement
|
|
124
127
|
requirements:
|
|
125
|
-
- - "
|
|
128
|
+
- - ">="
|
|
126
129
|
- !ruby/object:Gem::Version
|
|
127
130
|
version: 1.8.5
|
|
131
|
+
- - "<"
|
|
132
|
+
- !ruby/object:Gem::Version
|
|
133
|
+
version: 1.11.0
|
|
128
134
|
- !ruby/object:Gem::Dependency
|
|
129
135
|
name: rb-inotify
|
|
130
136
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -140,19 +146,19 @@ dependencies:
|
|
|
140
146
|
- !ruby/object:Gem::Version
|
|
141
147
|
version: 0.9.10
|
|
142
148
|
- !ruby/object:Gem::Dependency
|
|
143
|
-
name:
|
|
149
|
+
name: marcel
|
|
144
150
|
requirement: !ruby/object:Gem::Requirement
|
|
145
151
|
requirements:
|
|
146
|
-
- - "
|
|
152
|
+
- - ">="
|
|
147
153
|
- !ruby/object:Gem::Version
|
|
148
|
-
version: 0
|
|
154
|
+
version: '0'
|
|
149
155
|
type: :runtime
|
|
150
156
|
prerelease: false
|
|
151
157
|
version_requirements: !ruby/object:Gem::Requirement
|
|
152
158
|
requirements:
|
|
153
|
-
- - "
|
|
159
|
+
- - ">="
|
|
154
160
|
- !ruby/object:Gem::Version
|
|
155
|
-
version: 0
|
|
161
|
+
version: '0'
|
|
156
162
|
- !ruby/object:Gem::Dependency
|
|
157
163
|
name: ipaddress_2
|
|
158
164
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -251,6 +257,20 @@ dependencies:
|
|
|
251
257
|
- - '='
|
|
252
258
|
- !ruby/object:Gem::Version
|
|
253
259
|
version: 1.17.3
|
|
260
|
+
- !ruby/object:Gem::Dependency
|
|
261
|
+
name: parallel
|
|
262
|
+
requirement: !ruby/object:Gem::Requirement
|
|
263
|
+
requirements:
|
|
264
|
+
- - '='
|
|
265
|
+
- !ruby/object:Gem::Version
|
|
266
|
+
version: 1.12.1
|
|
267
|
+
type: :development
|
|
268
|
+
prerelease: false
|
|
269
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
270
|
+
requirements:
|
|
271
|
+
- - '='
|
|
272
|
+
- !ruby/object:Gem::Version
|
|
273
|
+
version: 1.12.1
|
|
254
274
|
description: Support to help you develop Zendesk Apps.
|
|
255
275
|
email:
|
|
256
276
|
- dev@zendesk.com
|
|
@@ -304,7 +324,7 @@ homepage: http://github.com/zendesk/zendesk_apps_support
|
|
|
304
324
|
licenses:
|
|
305
325
|
- Apache License Version 2.0
|
|
306
326
|
metadata: {}
|
|
307
|
-
post_install_message:
|
|
327
|
+
post_install_message:
|
|
308
328
|
rdoc_options: []
|
|
309
329
|
require_paths:
|
|
310
330
|
- lib
|
|
@@ -319,8 +339,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
319
339
|
- !ruby/object:Gem::Version
|
|
320
340
|
version: 1.3.6
|
|
321
341
|
requirements: []
|
|
322
|
-
rubygems_version: 3.
|
|
323
|
-
signing_key:
|
|
342
|
+
rubygems_version: 3.2.17
|
|
343
|
+
signing_key:
|
|
324
344
|
specification_version: 4
|
|
325
345
|
summary: Support to help you develop Zendesk Apps.
|
|
326
346
|
test_files: []
|