@forge/lint 5.10.0-next.8 → 5.10.0

package/CHANGELOG.md

@@ -1,5 +1,111 @@
 # @forge/lint
 
+## 5.10.0
+
+### Minor Changes
+
+- 0402460: Upgraded archiver from 6.0.2 to 7.0.1, moved atlassian-openapi to @atlassian/atlassian-openapi, bumped get-folder-size from 2.0.1 to 5.0.0
+- e002ecd: Added checking for image strings in conditionals
+- cfde21e: Add CSP Urls for IC environment
+
+### Patch Changes
+
+- a26c603: revert package upgrades
+- Updated dependencies [0402460]
+- Updated dependencies [8d843ca]
+- Updated dependencies [cfde21e]
+- Updated dependencies [4623865]
+- Updated dependencies [5144b15]
+- Updated dependencies [5069c3c]
+- Updated dependencies [e118b07]
+- Updated dependencies [a26c603]
+- Updated dependencies [8e9a8b5]
+- Updated dependencies [73f3108]
+- Updated dependencies [d544fc6]
+- Updated dependencies [5bfa872]
+- Updated dependencies [13e5daa]
+- Updated dependencies [e029de1]
+- Updated dependencies [426dfe1]
+  - @forge/cli-shared@8.2.0
+  - @forge/csp@4.2.0
+  - @forge/manifest@10.2.0
+
+## 5.10.0-next.16
+
+### Minor Changes
+
+- e002ecd: Added checking for image strings in conditionals
+
+### Patch Changes
+
+- Updated dependencies [5bfa872]
+  - @forge/manifest@10.2.0-next.5
+  - @forge/cli-shared@8.2.0-next.16
+
+## 5.10.0-next.15
+
+### Patch Changes
+
+- Updated dependencies [5144b15]
+  - @forge/manifest@10.2.0-next.4
+  - @forge/cli-shared@8.2.0-next.15
+
+## 5.10.0-next.14
+
+### Patch Changes
+
+- Updated dependencies [13e5daa]
+  - @forge/manifest@10.1.1-next.3
+  - @forge/cli-shared@8.2.0-next.14
+
+## 5.10.0-next.13
+
+### Patch Changes
+
+- Updated dependencies [4623865]
+  - @forge/cli-shared@8.2.0-next.13
+
+## 5.10.0-next.12
+
+### Patch Changes
+
+- Updated dependencies [8d843ca]
+  - @forge/cli-shared@8.2.0-next.12
+
+## 5.10.0-next.11
+
+### Minor Changes
+
+- 0402460: Upgraded archiver from 6.0.2 to 7.0.1, moved atlassian-openapi to @atlassian/atlassian-openapi, bumped get-folder-size from 2.0.1 to 5.0.0
+
+### Patch Changes
+
+- Updated dependencies [0402460]
+  - @forge/cli-shared@8.2.0-next.11
+
+## 5.10.0-next.10
+
+### Minor Changes
+
+- cfde21e: Add CSP Urls for IC environment
+
+### Patch Changes
+
+- Updated dependencies [cfde21e]
+  - @forge/cli-shared@8.2.0-next.10
+  - @forge/csp@4.2.0-next.0
+
+## 5.10.0-next.9
+
+### Minor Changes
+
+- 0402460: Upgraded archiver from 6.0.2 to 7.0.1, moved atlassian-openapi to @atlassian/atlassian-openapi, bumped get-folder-size from 2.0.1 to 5.0.0
+
+### Patch Changes
+
+- Updated dependencies [0402460]
+  - @forge/cli-shared@8.2.0-next.9
+
 ## 5.10.0-next.8
 
 ### Patch Changes

package/out/lint/linters/permission-linter/verifiers/image-url-verifier.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"image-url-verifier.d.ts","sourceRoot":"","sources":["../../../../../src/lint/linters/permission-linter/verifiers/image-url-verifier.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,IAAI,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAGlE,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AACtE,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AACpF,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAiBjD,qBAAa,gBAAiB,SAAQ,qBAAsB,YAAW,iBAAiB,CAAC,QAAQ,EAAE,CAAC;IAClG,OAAO,CAAC,sBAAsB,CAAyB;gBAE3C,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ;IAkBnD,SAAS,CAAC,YAAY,IAAI,SAAS;IAItB,OAAO,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;CAcvE"}
+{"version":3,"file":"image-url-verifier.d.ts","sourceRoot":"","sources":["../../../../../src/lint/linters/permission-linter/verifiers/image-url-verifier.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,IAAI,QAAQ,EAAE,MAAM,iBAAiB,CAAC;AAGlE,OAAO,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AACtE,OAAO,EAAE,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AACpF,OAAO,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAiBjD,qBAAa,gBAAiB,SAAQ,qBAAsB,YAAW,iBAAiB,CAAC,QAAQ,EAAE,CAAC;IAClG,OAAO,CAAC,sBAAsB,CAAyB;gBAE3C,WAAW,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ;IAoBnD,SAAS,CAAC,YAAY,IAAI,SAAS;IAItB,OAAO,CAAC,SAAS,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;CAcvE"}

package/out/lint/linters/permission-linter/verifiers/image-url-verifier.js

@@ -31,9 +31,10 @@ class ImageUrlVerifier extends verifier_interface_1.BaseLintIssueVerifier {
         const allowList = (this.manifest?.permissions?.external?.images ?? [])
             .map((item) => (typeof item === 'object' && 'address' in item ? item.address : item))
             .filter((item) => typeof item === 'string');
+        const icOptions = { icLabel: '*', serviceName: 'forge-cdn' };
         const collectedUrls = [
             ...allowList,
-            ...csp_1.ATLASSIAN_IMAGES_HOSTS[microsEnv],
+            ...(0, csp_1.getAtlassianImageHost)(microsEnv, icOptions),
             ...csp_1.EXTERNAL_ALLOW_LISTED_IMAGES_HOSTS
         ].filter((item) => typeof item === 'string');
         this.egressFilteringService = new egress_1.EgressFilteringService(collectedUrls);

package/out/lint/linters/permission-linter/verifiers/product-verifier.d.ts

@@ -2,7 +2,7 @@ import { LintResultRule, LintClass } from '../../../linter-interface';
 import { ApiCall, ProductApiCall } from '../api-call-interface';
 import { LintIssueVerifier, BaseLintIssueVerifier } from '../../verifier-interface';
 import { ManifestSchema as Manifest } from '@forge/manifest';
-import { Swagger } from 'atlassian-openapi';
+import { Swagger } from '@atlassian/atlassian-openapi';
 import OAuth2ScopesWithState = Swagger.OAuth2ScopesWithState;
 export interface ProductMethod {
     originalPath: string;

package/out/lint/linters/permission-linter/verifiers/product-verifier.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"product-verifier.d.ts","sourceRoot":"","sources":["../../../../../src/lint/linters/permission-linter/verifiers/product-verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtE,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAGpF,OAAO,EAAE,cAAc,IAAI,QAAQ,EAAoB,MAAM,iBAAiB,CAAC;AAE/E,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC;AAC5C,OAAO,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,CAAC;AAE7D,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,WAAW,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,CAAC,MAAM,EAAE,MAAM,GAAG;QAChB,QAAQ,EAAE,aAAa,EAAE,CAAC;QAC1B,2BAA2B,CAAC,EAAE,qBAAqB,EAAE,CAAC;KACvD,CAAC;CACH;AAED,UAAU,aAAa;IACrB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAED,oBAAY,uBAAuB,GAAG,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;AAEjE,qBAAa,eAAgB,SAAQ,qBAAsB,YAAW,iBAAiB,CAAC,OAAO,EAAE,CAAC;IAI9F,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,OAAO;gBAHxB,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,QAAQ,EACD,OAAO,EAAE,uBAAuB,EAChC,OAAO,EAAE,MAAM;IAKlC,SAAS,CAAC,YAAY,IAAI,SAAS;IAItB,OAAO,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAuC3E,OAAO,CAAC,aAAa;IAerB,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,iBAAiB;IAqBzB,OAAO,CAAC,aAAa;CAWtB"}
+{"version":3,"file":"product-verifier.d.ts","sourceRoot":"","sources":["../../../../../src/lint/linters/permission-linter/verifiers/product-verifier.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACtE,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAGpF,OAAO,EAAE,cAAc,IAAI,QAAQ,EAAoB,MAAM,iBAAiB,CAAC;AAE/E,OAAO,EAAE,OAAO,EAAE,MAAM,8BAA8B,CAAC;AACvD,OAAO,qBAAqB,GAAG,OAAO,CAAC,qBAAqB,CAAC;AAE7D,MAAM,WAAW,aAAa;IAC5B,YAAY,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,WAAW,CAAC;CACtB;AAED,MAAM,WAAW,WAAW;IAC1B,CAAC,MAAM,EAAE,MAAM,GAAG;QAChB,QAAQ,EAAE,aAAa,EAAE,CAAC;QAC1B,2BAA2B,CAAC,EAAE,qBAAqB,EAAE,CAAC;KACvD,CAAC;CACH;AAED,UAAU,aAAa;IACrB,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CAC9B;AAED,oBAAY,uBAAuB,GAAG,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;AAEjE,qBAAa,eAAgB,SAAQ,qBAAsB,YAAW,iBAAiB,CAAC,OAAO,EAAE,CAAC;IAI9F,OAAO,CAAC,QAAQ,CAAC,OAAO;IACxB,OAAO,CAAC,QAAQ,CAAC,OAAO;gBAHxB,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,QAAQ,EACD,OAAO,EAAE,uBAAuB,EAChC,OAAO,EAAE,MAAM;IAKlC,SAAS,CAAC,YAAY,IAAI,SAAS;IAItB,OAAO,CAAC,QAAQ,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC;IAuC3E,OAAO,CAAC,aAAa;IAerB,OAAO,CAAC,0BAA0B;IAOlC,OAAO,CAAC,iBAAiB;IAqBzB,OAAO,CAAC,aAAa;CAWtB"}

package/out/lint/linters/permission-linter/visitors/image-url-visitor.d.ts

@@ -7,5 +7,6 @@ export declare class ImageUrlVisitor implements NodeVisitor<ApiCall> {
     private getImageUrlNode;
     private isBundledUri;
     private isAbsoluteUrl;
+    private addUrlToLintingList;
 }
 //# sourceMappingURL=image-url-visitor.d.ts.map

package/out/lint/linters/permission-linter/visitors/image-url-visitor.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"image-url-visitor.d.ts","sourceRoot":"","sources":["../../../../../src/lint/linters/permission-linter/visitors/image-url-visitor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAkB,QAAQ,EAAE,MAAM,sCAAsC,CAAC;AAEhF,OAAO,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAC3D,OAAO,EAAE,OAAO,EAA0B,MAAM,uBAAuB,CAAC;AAExE,qBAAa,eAAgB,YAAW,WAAW,CAAC,OAAO,CAAC;IAC1D,MAAM,CAAC,kBAAkB,SAAyB;IAE3C,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,GAAG,SAAS,EAAE,QAAQ,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,GAAG,IAAI;IAgCjH,OAAO,CAAC,eAAe;IAoBvB,OAAO,CAAC,YAAY;IAIpB,OAAO,CAAC,aAAa;CAGtB"}
+{"version":3,"file":"image-url-visitor.d.ts","sourceRoot":"","sources":["../../../../../src/lint/linters/permission-linter/visitors/image-url-visitor.ts"],"names":[],"mappings":"AAAA,OAAO,EAAkB,QAAQ,EAAE,MAAM,sCAAsC,CAAC;AAEhF,OAAO,EAAE,WAAW,EAAE,MAAM,8BAA8B,CAAC;AAC3D,OAAO,EAAE,OAAO,EAA0B,MAAM,uBAAuB,CAAC;AAExE,qBAAa,eAAgB,YAAW,WAAW,CAAC,OAAO,CAAC;IAC1D,MAAM,CAAC,kBAAkB,SAAyB;IAE3C,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,QAAQ,CAAC,IAAI,GAAG,SAAS,EAAE,QAAQ,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,IAAI,GAAG,IAAI;IAmCjH,OAAO,CAAC,eAAe;IAoBvB,OAAO,CAAC,YAAY;IAIpB,OAAO,CAAC,aAAa;IAIrB,OAAO,CAAC,mBAAmB;CAkB5B"}

package/out/lint/linters/permission-linter/visitors/image-url-visitor.js

@@ -11,20 +11,23 @@ class ImageUrlVisitor {
             return undefined;
         }
         if (imageUrlNode?.type === typescript_estree_1.AST_NODE_TYPES.JSXAttribute) {
-            const imageUrlAttribute = imageUrlNode.value;
-            if (imageUrlAttribute &&
-                imageUrlAttribute.type === typescript_estree_1.AST_NODE_TYPES.Literal &&
-                typeof imageUrlAttribute.value === 'string') {
-                if (imageUrlAttribute.value.trim() !== '' &&
-                    !this.isBundledUri(imageUrlAttribute.value) &&
-                    this.isAbsoluteUrl(imageUrlAttribute.value)) {
-                    const imageUrl = {
-                        type: api_call_interface_1.ApiCallTypes.IMAGE,
-                        url: imageUrlAttribute.value,
-                        line: imageUrlAttribute.loc.start.line,
-                        column: imageUrlAttribute.loc.start.column
-                    };
-                    callback(imageUrl);
+            const imageUrlNodeAttribute = imageUrlNode.value;
+            if (!imageUrlNodeAttribute)
+                return;
+            this.addUrlToLintingList(imageUrlNodeAttribute, imageUrlNodeAttribute, callback);
+            if (imageUrlNodeAttribute.type === typescript_estree_1.AST_NODE_TYPES.JSXExpressionContainer) {
+                const imageUlrNodeAttributeExpression = imageUrlNodeAttribute.expression;
+                if (imageUlrNodeAttributeExpression.type === typescript_estree_1.AST_NODE_TYPES.ConditionalExpression) {
+                    const consequentExpression = imageUlrNodeAttributeExpression.consequent;
+                    this.addUrlToLintingList(consequentExpression, imageUrlNodeAttribute, callback);
+                    const alternateExpression = imageUlrNodeAttributeExpression.alternate;
+                    this.addUrlToLintingList(alternateExpression, imageUrlNodeAttribute, callback);
+                }
+                if (imageUlrNodeAttributeExpression.type === typescript_estree_1.AST_NODE_TYPES.LogicalExpression) {
+                    const leftExpression = imageUlrNodeAttributeExpression.left;
+                    this.addUrlToLintingList(leftExpression, imageUrlNodeAttribute, callback);
+                    const rightExpression = imageUlrNodeAttributeExpression.right;
+                    this.addUrlToLintingList(rightExpression, imageUrlNodeAttribute, callback);
                 }
             }
         }
@@ -53,5 +56,19 @@ class ImageUrlVisitor {
     isAbsoluteUrl(url) {
         return ImageUrlVisitor.ABSOLUTE_URL_REGEX.test(url);
     }
+    addUrlToLintingList(expression, imageUrlAttribute, callback) {
+        if (expression && expression.type === typescript_estree_1.AST_NODE_TYPES.Literal && typeof expression.value === 'string') {
+            const url = expression.value;
+            if (url.trim() !== '' && !this.isBundledUri(url) && this.isAbsoluteUrl(url)) {
+                const imageUrl = {
+                    type: api_call_interface_1.ApiCallTypes.IMAGE,
+                    url: url,
+                    line: imageUrlAttribute.loc.start.line,
+                    column: imageUrlAttribute.loc.start.column
+                };
+                callback(imageUrl);
+            }
+        }
+    }
 }
 exports.ImageUrlVisitor = ImageUrlVisitor;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@forge/lint",
-  "version": "5.10.0-next.8",
+  "version": "5.10.0",
   "description": "Linting for forge apps",
   "main": "out/index.js",
   "license": "SEE LICENSE IN LICENSE.txt",
@@ -11,7 +11,7 @@
   },
   "devDependencies": {
     "@atlassian/xen-test-util": "^4.2.0",
-    "@forge/api": "^6.0.2-next.2",
+    "@forge/api": "^6.0.2",
     "@types/array.prototype.flatmap": "^1.2.6",
     "@types/cross-spawn": "^6.0.6",
     "@types/eslint": "8.56.12",
@@ -19,13 +19,13 @@
     "eslint-plugin-import": "^2.29.1"
   },
   "dependencies": {
-    "@forge/cli-shared": "8.2.0-next.8",
-    "@forge/csp": "4.1.0",
+    "@forge/cli-shared": "8.2.0",
+    "@forge/csp": "4.2.0",
     "@forge/egress": "2.0.1",
-    "@forge/manifest": "10.1.1-next.2",
+    "@forge/manifest": "10.2.0",
     "@typescript-eslint/typescript-estree": "^5.62.0",
     "array.prototype.flatmap": "^1.3.3",
-    "atlassian-openapi": "^1.0.21",
+    "@atlassian/atlassian-openapi": "^1.0.6",
     "cross-spawn": "^7.0.6",
     "node-fetch": "2.7.0"
   },