zendesk_apps_support 4.29.5 → 4.29.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/config/locales/en.yml +5 -0
- data/config/locales/translations/zendesk_apps_support.yml +9 -0
- data/lib/zendesk_apps_support/manifest/location_options.rb +1 -0
- data/lib/zendesk_apps_support/sass_functions.rb +2 -2
- data/lib/zendesk_apps_support/validations/manifest.rb +10 -0
- data/lib/zendesk_apps_support/validations/mime.rb +3 -4
- data/lib/zendesk_apps_support/validations/secure_settings.rb +13 -1
- metadata +29 -15
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f7aff48dd5eff958501e5e21f78713b7e2906f9e
|
4
|
+
data.tar.gz: d267db414baabe7ced86ec3e1b196c08fb0346e2
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a87b22e67e6489bb6d619b24d5ba7ac670e9322a500b06aaf32014328917bdf496d779ae554c83a39258979a6583dfa5a57f2ec3ffd0c432d024d4c14430ab4b
|
7
|
+
data.tar.gz: 19b7439b1574327c9b53cac0448db136cc1d2f3be29da878d75d597d5cba7f038c8204bf270295ec6e6ba32c0980ffcd4e20737d3121ca269fa58522d4ffd908
|
data/config/locales/en.yml
CHANGED
@@ -96,6 +96,8 @@ en:
|
|
96
96
|
blank_location_uri: "%{location} location does not specify a URI."
|
97
97
|
invalid_location_uri: "%{uri} is either an invalid location URI, refers
|
98
98
|
to a missing asset, or does not use HTTPS."
|
99
|
+
invalid_location_flexible_type: "%{flexible} is an invalid type for the
|
100
|
+
flexible location parameter."
|
99
101
|
name_as_parameter_name: Can't call a parameter 'name'
|
100
102
|
invalid_hidden_parameter:
|
101
103
|
one: "%{invalid_params} is set to hidden and cannot be required."
|
@@ -123,6 +125,9 @@ en:
|
|
123
125
|
do not match products in translations (%{translation_products})
|
124
126
|
insecure_token_parameter_in_manifest: 'Make sure to set secure to true
|
125
127
|
when using keys in Settings. Learn more: %{link}'
|
128
|
+
default_secure_or_hidden_parameter_in_manifest: Default values for secure
|
129
|
+
or hidden parameters are not stored securely. Be sure to review them
|
130
|
+
and confirm they do not contain sensitive data
|
126
131
|
stylesheet_error: 'Sass error: %{sass_error}'
|
127
132
|
invalid_type_parameter:
|
128
133
|
one: "%{invalid_types} is an invalid parameter type."
|
@@ -234,6 +234,10 @@ parts:
|
|
234
234
|
key: "txt.apps.admin.error.app_build.invalid_location_uri"
|
235
235
|
title: "App builder job: invalid URI for an iframe in the manifest"
|
236
236
|
value: "%{uri} is either an invalid location URI, refers to a missing asset, or does not use HTTPS."
|
237
|
+
- translation:
|
238
|
+
key: "txt.apps.admin.error.app_build.invalid_location_flexible_type"
|
239
|
+
title: "App builder job: invalid flexible type for an iframe in the manifest"
|
240
|
+
value: "%{flexible} is an invalid type for the flexible location parameter."
|
237
241
|
- translation:
|
238
242
|
key: "txt.apps.admin.error.app_build.name_as_parameter_name"
|
239
243
|
title: "App builder job: error message when developer names a parameter 'name'"
|
@@ -351,6 +355,11 @@ parts:
|
|
351
355
|
title: "Validation message to indicate missing secure(true) field in manifest's token parameter. Do not translate 'secure' and 'true'. Secure(true) in manifest refers to https://developer.zendesk.com/apps/docs/developer-guide/using_sdk#using-secure-settings"
|
352
356
|
value: "Make sure to set secure to true when using keys in Settings. Learn more: %{link}"
|
353
357
|
screenshot: "https://drive.google.com/open?id=1ss3nNN2RG29R7StjCtiH8qjuwFBlRApJ"
|
358
|
+
- translation:
|
359
|
+
key: "txt.apps.admin.error.app_build.translation.default_secure_or_hidden_parameter_in_manifest"
|
360
|
+
title: "Validation message to indicate that a hidden or secure manifest parameter has a default value. Do not translate 'secure' and 'hidden'. Secure(true) in manifest refers to https://developer.zendesk.com/apps/docs/developer-guide/using_sdk#using-secure-settings"
|
361
|
+
value: "Default values for secure or hidden parameters are not stored securely. Be sure to review them and confirm they do not contain sensitive data"
|
362
|
+
screenshot: "https://drive.google.com/file/d/1MI6ci6Jz6xtwOXjcbHFCfNi1FjXKOuv9/view?usp=sharing"
|
354
363
|
- translation:
|
355
364
|
key: "txt.apps.admin.error.app_build.stylesheet_error"
|
356
365
|
title: "App builder job: invalid stylesheet syntax"
|
@@ -26,9 +26,9 @@ require 'sassc'
|
|
26
26
|
module SassC::Script::Functions
|
27
27
|
module AppAssetUrl
|
28
28
|
def app_asset_url(name)
|
29
|
-
raise ArgumentError, "Expected #{name} to be a string" unless name.is_a?
|
29
|
+
raise ArgumentError, "Expected #{name} to be a string" unless name.is_a? SassC::Script::Value::String
|
30
30
|
result = %{url("#{app_asset_url_helper(name)}")}
|
31
|
-
SassC::Script::String.new(result)
|
31
|
+
SassC::Script::Value::String.new(result)
|
32
32
|
end
|
33
33
|
|
34
34
|
private
|
@@ -271,6 +271,10 @@ module ZendeskAppsSupport
|
|
271
271
|
elsif location_options.auto_load?
|
272
272
|
errors << ValidationError.new(:blank_location_uri, location: location_options.location.name)
|
273
273
|
end
|
274
|
+
|
275
|
+
if !([true, false].include? location_options.flexible) && !location_options.flexible.nil?
|
276
|
+
errors << invalid_location_flexible_error(location_options)
|
277
|
+
end
|
274
278
|
end
|
275
279
|
|
276
280
|
Product::PRODUCTS_AVAILABLE.each do |product|
|
@@ -319,6 +323,12 @@ module ZendeskAppsSupport
|
|
319
323
|
validation_error
|
320
324
|
end
|
321
325
|
|
326
|
+
def invalid_location_flexible_error(location_options)
|
327
|
+
flexible_flag = location_options.flexible
|
328
|
+
validation_error = ValidationError.new(:invalid_location_flexible_type, flexible: flexible_flag)
|
329
|
+
validation_error
|
330
|
+
end
|
331
|
+
|
322
332
|
def valid_absolute_uri?(uri)
|
323
333
|
uri.scheme == 'https' || uri.host == 'localhost'
|
324
334
|
end
|
@@ -1,6 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require '
|
3
|
+
require 'marcel'
|
4
4
|
|
5
5
|
module ZendeskAppsSupport
|
6
6
|
module Validations
|
@@ -20,9 +20,8 @@ module ZendeskAppsSupport
|
|
20
20
|
private
|
21
21
|
|
22
22
|
def block_listed?(app_file)
|
23
|
-
mime_type =
|
24
|
-
|
25
|
-
content_subtype = mime_type.subtype if mime_type
|
23
|
+
mime_type = Marcel::MimeType.for(StringIO.new(app_file.read))
|
24
|
+
content_subtype = mime_type.split('/', 2).last if mime_type
|
26
25
|
extension_name = app_file.extension.delete('.')
|
27
26
|
|
28
27
|
([content_subtype, extension_name] & UNSUPPORTED_MIME_TYPES).any?
|
@@ -11,12 +11,18 @@ module ZendeskAppsSupport
|
|
11
11
|
manifest_params = package.manifest.parameters
|
12
12
|
|
13
13
|
insecure_params_found = manifest_params.any? { |param| insecure_param?(param) }
|
14
|
-
|
15
14
|
package.warnings << secure_settings_warning if insecure_params_found
|
15
|
+
|
16
|
+
secure_or_hidden_default_param_found = manifest_params.any? { |param| secure_or_hidden_default_param?(param) }
|
17
|
+
package.warnings << hidden_default_parameter_warning if secure_or_hidden_default_param_found
|
16
18
|
end
|
17
19
|
|
18
20
|
private
|
19
21
|
|
22
|
+
def secure_or_hidden_default_param?(parameter)
|
23
|
+
parameter.default? && (parameter.secure || parameter.type == 'hidden')
|
24
|
+
end
|
25
|
+
|
20
26
|
def insecure_param?(parameter)
|
21
27
|
parameter.name =~ SECURABLE_KEYWORDS_REGEXP && type_password_or_text?(parameter.type) && !parameter.secure
|
22
28
|
end
|
@@ -25,6 +31,12 @@ module ZendeskAppsSupport
|
|
25
31
|
parameter_type == 'text' || parameter_type == 'password'
|
26
32
|
end
|
27
33
|
|
34
|
+
def hidden_default_parameter_warning
|
35
|
+
I18n.t(
|
36
|
+
'txt.apps.admin.error.app_build.translation.default_secure_or_hidden_parameter_in_manifest'
|
37
|
+
)
|
38
|
+
end
|
39
|
+
|
28
40
|
def secure_settings_warning
|
29
41
|
I18n.t(
|
30
42
|
'txt.apps.admin.error.app_build.translation.insecure_token_parameter_in_manifest',
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: zendesk_apps_support
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.29.
|
4
|
+
version: 4.29.9
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- James A. Rosen
|
@@ -11,7 +11,7 @@ authors:
|
|
11
11
|
autorequire:
|
12
12
|
bindir: bin
|
13
13
|
cert_chain: []
|
14
|
-
date:
|
14
|
+
date: 2021-08-19 00:00:00.000000000 Z
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
17
17
|
name: i18n
|
@@ -31,16 +31,16 @@ dependencies:
|
|
31
31
|
name: sassc
|
32
32
|
requirement: !ruby/object:Gem::Requirement
|
33
33
|
requirements:
|
34
|
-
- - "
|
34
|
+
- - ">="
|
35
35
|
- !ruby/object:Gem::Version
|
36
|
-
version:
|
36
|
+
version: '0'
|
37
37
|
type: :runtime
|
38
38
|
prerelease: false
|
39
39
|
version_requirements: !ruby/object:Gem::Requirement
|
40
40
|
requirements:
|
41
|
-
- - "
|
41
|
+
- - ">="
|
42
42
|
- !ruby/object:Gem::Version
|
43
|
-
version:
|
43
|
+
version: '0'
|
44
44
|
- !ruby/object:Gem::Dependency
|
45
45
|
name: sass
|
46
46
|
requirement: !ruby/object:Gem::Requirement
|
@@ -103,14 +103,14 @@ dependencies:
|
|
103
103
|
requirements:
|
104
104
|
- - "~>"
|
105
105
|
- !ruby/object:Gem::Version
|
106
|
-
version: 2.
|
106
|
+
version: 2.3.1
|
107
107
|
type: :runtime
|
108
108
|
prerelease: false
|
109
109
|
version_requirements: !ruby/object:Gem::Requirement
|
110
110
|
requirements:
|
111
111
|
- - "~>"
|
112
112
|
- !ruby/object:Gem::Version
|
113
|
-
version: 2.
|
113
|
+
version: 2.3.1
|
114
114
|
- !ruby/object:Gem::Dependency
|
115
115
|
name: nokogiri
|
116
116
|
requirement: !ruby/object:Gem::Requirement
|
@@ -146,19 +146,19 @@ dependencies:
|
|
146
146
|
- !ruby/object:Gem::Version
|
147
147
|
version: 0.9.10
|
148
148
|
- !ruby/object:Gem::Dependency
|
149
|
-
name:
|
149
|
+
name: marcel
|
150
150
|
requirement: !ruby/object:Gem::Requirement
|
151
151
|
requirements:
|
152
|
-
- - "
|
152
|
+
- - ">="
|
153
153
|
- !ruby/object:Gem::Version
|
154
|
-
version: 0
|
154
|
+
version: '0'
|
155
155
|
type: :runtime
|
156
156
|
prerelease: false
|
157
157
|
version_requirements: !ruby/object:Gem::Requirement
|
158
158
|
requirements:
|
159
|
-
- - "
|
159
|
+
- - ">="
|
160
160
|
- !ruby/object:Gem::Version
|
161
|
-
version: 0
|
161
|
+
version: '0'
|
162
162
|
- !ruby/object:Gem::Dependency
|
163
163
|
name: ipaddress_2
|
164
164
|
requirement: !ruby/object:Gem::Requirement
|
@@ -249,14 +249,28 @@ dependencies:
|
|
249
249
|
requirements:
|
250
250
|
- - '='
|
251
251
|
- !ruby/object:Gem::Version
|
252
|
-
version:
|
252
|
+
version: 2.2.26
|
253
|
+
type: :development
|
254
|
+
prerelease: false
|
255
|
+
version_requirements: !ruby/object:Gem::Requirement
|
256
|
+
requirements:
|
257
|
+
- - '='
|
258
|
+
- !ruby/object:Gem::Version
|
259
|
+
version: 2.2.26
|
260
|
+
- !ruby/object:Gem::Dependency
|
261
|
+
name: parallel
|
262
|
+
requirement: !ruby/object:Gem::Requirement
|
263
|
+
requirements:
|
264
|
+
- - '='
|
265
|
+
- !ruby/object:Gem::Version
|
266
|
+
version: 1.12.1
|
253
267
|
type: :development
|
254
268
|
prerelease: false
|
255
269
|
version_requirements: !ruby/object:Gem::Requirement
|
256
270
|
requirements:
|
257
271
|
- - '='
|
258
272
|
- !ruby/object:Gem::Version
|
259
|
-
version: 1.
|
273
|
+
version: 1.12.1
|
260
274
|
description: Support to help you develop Zendesk Apps.
|
261
275
|
email:
|
262
276
|
- dev@zendesk.com
|