BUG: zat validate is too aggressive when checking for insecure URLs
Respondidas
Publicado 18 may 2022
In requests.rb, there is:
def find_address_containing_http(file_content)
file_content.scan(URI.regexp(['http'])).map(&:compact).map(&:last)
end
This regex is far too aggressive: it looks a URL anywhere in the code, without regard for _why_ that URL is being used. For example, an xmlns value would be an insecure URL (e.g.
I can't validate (or package) my app because of this code. Is there a way I can tell the validation to ignore those sections?
0
2
2 comentarios
Chris Pellet
Thanks for the suggestion Greg. I can confirm that ZCLI doesn't have the same issue.
0
Greg Katechis
Hi Chris! I just tested this in a sample app and I received some warnings about insecure HTTP requests, but it did validate the app successfully. Are you receiving any other errors at the same time that may be preventing validation/package? If so, could you share the error messages that you receive?
Also, I would recommend looking at a tool that is currently in beta, called ZCLI, for app development. When I ran the same validate command there, I didn't even receive the warnings. There are a few things that need to be ironed out with ZCLI before it's production ready, but it might handle some things better than ZAT does, so it's worth a shot!
-1
Iniciar sesión para dejar un comentario.