zendesk_apps_support 4.29.7 → 4.29.8
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '05133378592731040e3105b29a3624fe85d190ba5ed7bfc872d99da645aad8c5'
|
|
4
|
+
data.tar.gz: 5e3bb520f055e87596585d2cd93821e801ad79a509f5c6bff1a12555d69214f4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5c4b261f98f1b4ee30324ba70f7f78b24a9d4fbefc0e5e6c209cecd5764218b6aa738ef6fbdb6989cb5de170f40af454a32d738d371b6ce385a8b14f598ca0cb
|
|
7
|
+
data.tar.gz: 7c283902ea1fe0907abbcb12679fc12fe2ec3d41884babb1e8a6ee50c781b2b78d76c12ee070302ac46fbe2a6d4a52b4c443d641b90754e3a15419dddb0a5ec6
|
data/config/locales/en.yml
CHANGED
|
@@ -123,6 +123,9 @@ en:
|
|
|
123
123
|
do not match products in translations (%{translation_products})
|
|
124
124
|
insecure_token_parameter_in_manifest: 'Make sure to set secure to true
|
|
125
125
|
when using keys in Settings. Learn more: %{link}'
|
|
126
|
+
default_secure_or_hidden_parameter_in_manifest: Default values for secure
|
|
127
|
+
or hidden parameters are not stored securely. Be sure to review them
|
|
128
|
+
and confirm they do not contain sensitive data
|
|
126
129
|
stylesheet_error: 'Sass error: %{sass_error}'
|
|
127
130
|
invalid_type_parameter:
|
|
128
131
|
one: "%{invalid_types} is an invalid parameter type."
|
|
@@ -351,6 +351,11 @@ parts:
|
|
|
351
351
|
title: "Validation message to indicate missing secure(true) field in manifest's token parameter. Do not translate 'secure' and 'true'. Secure(true) in manifest refers to https://developer.zendesk.com/apps/docs/developer-guide/using_sdk#using-secure-settings"
|
|
352
352
|
value: "Make sure to set secure to true when using keys in Settings. Learn more: %{link}"
|
|
353
353
|
screenshot: "https://drive.google.com/open?id=1ss3nNN2RG29R7StjCtiH8qjuwFBlRApJ"
|
|
354
|
+
- translation:
|
|
355
|
+
key: "txt.apps.admin.error.app_build.translation.default_secure_or_hidden_parameter_in_manifest"
|
|
356
|
+
title: "Validation message to indicate that a hidden or secure manifest parameter has a default value. Do not translate 'secure' and 'hidden'. Secure(true) in manifest refers to https://developer.zendesk.com/apps/docs/developer-guide/using_sdk#using-secure-settings"
|
|
357
|
+
value: "Default values for secure or hidden parameters are not stored securely. Be sure to review them and confirm they do not contain sensitive data"
|
|
358
|
+
screenshot: "https://drive.google.com/file/d/1MI6ci6Jz6xtwOXjcbHFCfNi1FjXKOuv9/view?usp=sharing"
|
|
354
359
|
- translation:
|
|
355
360
|
key: "txt.apps.admin.error.app_build.stylesheet_error"
|
|
356
361
|
title: "App builder job: invalid stylesheet syntax"
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require '
|
|
3
|
+
require 'marcel'
|
|
4
4
|
|
|
5
5
|
module ZendeskAppsSupport
|
|
6
6
|
module Validations
|
|
@@ -20,9 +20,8 @@ module ZendeskAppsSupport
|
|
|
20
20
|
private
|
|
21
21
|
|
|
22
22
|
def block_listed?(app_file)
|
|
23
|
-
mime_type =
|
|
24
|
-
|
|
25
|
-
content_subtype = mime_type.subtype if mime_type
|
|
23
|
+
mime_type = Marcel::MimeType.for(StringIO.new(app_file.read))
|
|
24
|
+
content_subtype = mime_type.split('/', 2).last if mime_type
|
|
26
25
|
extension_name = app_file.extension.delete('.')
|
|
27
26
|
|
|
28
27
|
([content_subtype, extension_name] & UNSUPPORTED_MIME_TYPES).any?
|
|
@@ -11,12 +11,18 @@ module ZendeskAppsSupport
|
|
|
11
11
|
manifest_params = package.manifest.parameters
|
|
12
12
|
|
|
13
13
|
insecure_params_found = manifest_params.any? { |param| insecure_param?(param) }
|
|
14
|
-
|
|
15
14
|
package.warnings << secure_settings_warning if insecure_params_found
|
|
15
|
+
|
|
16
|
+
secure_or_hidden_default_param_found = manifest_params.any? { |param| secure_or_hidden_default_param?(param) }
|
|
17
|
+
package.warnings << hidden_default_parameter_warning if secure_or_hidden_default_param_found
|
|
16
18
|
end
|
|
17
19
|
|
|
18
20
|
private
|
|
19
21
|
|
|
22
|
+
def secure_or_hidden_default_param?(parameter)
|
|
23
|
+
parameter.default? && (parameter.secure || parameter.type == 'hidden')
|
|
24
|
+
end
|
|
25
|
+
|
|
20
26
|
def insecure_param?(parameter)
|
|
21
27
|
parameter.name =~ SECURABLE_KEYWORDS_REGEXP && type_password_or_text?(parameter.type) && !parameter.secure
|
|
22
28
|
end
|
|
@@ -25,6 +31,12 @@ module ZendeskAppsSupport
|
|
|
25
31
|
parameter_type == 'text' || parameter_type == 'password'
|
|
26
32
|
end
|
|
27
33
|
|
|
34
|
+
def hidden_default_parameter_warning
|
|
35
|
+
I18n.t(
|
|
36
|
+
'txt.apps.admin.error.app_build.translation.default_secure_or_hidden_parameter_in_manifest'
|
|
37
|
+
)
|
|
38
|
+
end
|
|
39
|
+
|
|
28
40
|
def secure_settings_warning
|
|
29
41
|
I18n.t(
|
|
30
42
|
'txt.apps.admin.error.app_build.translation.insecure_token_parameter_in_manifest',
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zendesk_apps_support
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.29.
|
|
4
|
+
version: 4.29.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- James A. Rosen
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2021-
|
|
14
|
+
date: 2021-05-20 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: i18n
|
|
@@ -146,19 +146,19 @@ dependencies:
|
|
|
146
146
|
- !ruby/object:Gem::Version
|
|
147
147
|
version: 0.9.10
|
|
148
148
|
- !ruby/object:Gem::Dependency
|
|
149
|
-
name:
|
|
149
|
+
name: marcel
|
|
150
150
|
requirement: !ruby/object:Gem::Requirement
|
|
151
151
|
requirements:
|
|
152
|
-
- - "
|
|
152
|
+
- - ">="
|
|
153
153
|
- !ruby/object:Gem::Version
|
|
154
|
-
version: 0
|
|
154
|
+
version: '0'
|
|
155
155
|
type: :runtime
|
|
156
156
|
prerelease: false
|
|
157
157
|
version_requirements: !ruby/object:Gem::Requirement
|
|
158
158
|
requirements:
|
|
159
|
-
- - "
|
|
159
|
+
- - ">="
|
|
160
160
|
- !ruby/object:Gem::Version
|
|
161
|
-
version: 0
|
|
161
|
+
version: '0'
|
|
162
162
|
- !ruby/object:Gem::Dependency
|
|
163
163
|
name: ipaddress_2
|
|
164
164
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -257,6 +257,20 @@ dependencies:
|
|
|
257
257
|
- - '='
|
|
258
258
|
- !ruby/object:Gem::Version
|
|
259
259
|
version: 1.17.3
|
|
260
|
+
- !ruby/object:Gem::Dependency
|
|
261
|
+
name: parallel
|
|
262
|
+
requirement: !ruby/object:Gem::Requirement
|
|
263
|
+
requirements:
|
|
264
|
+
- - '='
|
|
265
|
+
- !ruby/object:Gem::Version
|
|
266
|
+
version: 1.12.1
|
|
267
|
+
type: :development
|
|
268
|
+
prerelease: false
|
|
269
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
270
|
+
requirements:
|
|
271
|
+
- - '='
|
|
272
|
+
- !ruby/object:Gem::Version
|
|
273
|
+
version: 1.12.1
|
|
260
274
|
description: Support to help you develop Zendesk Apps.
|
|
261
275
|
email:
|
|
262
276
|
- dev@zendesk.com
|
|
@@ -325,7 +339,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
325
339
|
- !ruby/object:Gem::Version
|
|
326
340
|
version: 1.3.6
|
|
327
341
|
requirements: []
|
|
328
|
-
rubygems_version: 3.
|
|
342
|
+
rubygems_version: 3.2.17
|
|
329
343
|
signing_key:
|
|
330
344
|
specification_version: 4
|
|
331
345
|
summary: Support to help you develop Zendesk Apps.
|