PowerBI-JavaScript

Граф коммитов

Автор	SHA1	Сообщение	Дата
May Hartov	d0af4f368d	Merged PR 483438: JS SDK - embed URL validation Following MSRC case as malicious site can be injected as the embed iframe src, added embed URL validation to ensure the host is an allowed PBI src. A valid embed url protocol is "https:" The valid hosts names are ([retrieved from EV2-deployment repository - all of ida_PowerBIFeUrl key values](https://dev.azure.com/powerbi/PowerBIClients/_search?action=contents&text=ida_PowerBIFeUrl path%3AenvParams&type=code&lp=code-Project&filters=ProjectFilters{PowerBIClients}RepositoryFilters{PowerBIClients-EV2-Deployment}&pageSize=25&result=DefaultCollection/PowerBIClients/PowerBIClients-EV2-Deployment/GBmaster//WFE/AppService/ADM/Public/INT/envParams.txt)): - app.powerbi.com, - app.powerbi.cn, - app.powerbigov.us, - app.mil.powerbigov.us, - app.high.powerbigov.us, - app.powerbi.eaglex.ic.gov, - app.powerbi.microsoft.scloud, - powerbi-df.analysis-df.windows.net, - CST WFE URLs: 'https://{cst-name}.analysis.windows-int.net' - daily.powerbi.com - dxt.powerbi.com - msit.powerbi.com Embed URL validation should include fabric embed URL. All of the above should be covered by the following regex expressions: .+\.powerbi.com$ - daily.powerbi.com - dxt.powerbi.com - msit.powerbi.com - app.powerbi.com FF: ^app(.mil.\|.high.\|.)powerbigov.us$ - app.powerbigov.us, - app.mil.powerbigov.us, - app.high.powerbigov.us Edog: .+\.analysis-df.windows.net$ Onebox and CSTs: .+\.analysis.windows-int.net$ Fabric URLs: .+\.fabric.microsoft.com$ Please look into the test cases in utils.spec.ts to see the valid and invalid embe urls Related work items: #1245653	2024-02-11 08:37:22 +00:00
Shahak Yosef	53608cf13f	Merged PR 221263: Fix test results This PR does a few things: 1. Fix broken get theme test 2. Remove noisy unnecessary logs 3. Remove unused headless chrome browser when [kjhtml reporter](https://www.npmjs.com/package/karma-jasmine-html-reporter) is used (using a headless browser for UI debugging doesn't make sense) 4. Fix test failures not leading to Azure DevOps build pipeline failure (align with [official documentation](http://karma-runner.github.io/6.3/dev/public-api.html)) 5. Add JUnit test results reported so that Azure DevOps can report test failures nicely (base don front end implementation) You can see JUnit yourselves by going to the failed build and clicking on the tests tab like you do in the front end or backend but here is a picture ![image.png](https://powerbi.visualstudio.com/4c7b5adb-c2d0-4f18-b23c-edc4ac30f4e1/_apis/git/repositories/1dd63332-e003-46a3-ac6f-70213a1bcc2e/pullRequests/221263/attachments/image.png)	2021-12-02 09:59:01 +00:00
Shahak Yosef	b57d332ad0	Merged PR 217002: Refactor tests Refactor tests	2021-11-18 07:41:44 +00:00

Автор

SHA1

Сообщение

Дата

May Hartov

d0af4f368d

Merged PR 483438: JS SDK - embed URL validation

Following MSRC case as malicious site can be injected as the embed iframe src, added embed URL validation to ensure the host is an allowed PBI src.

A valid embed url protocol is "https:"

The valid hosts names are ([retrieved from EV2-deployment repository - all of ida_PowerBIFeUrl key values](https://dev.azure.com/powerbi/PowerBIClients/_search?action=contents&text=ida_PowerBIFeUrl path%3A*envParams*&type=code&lp=code-Project&filters=ProjectFilters{PowerBIClients}RepositoryFilters{PowerBIClients-EV2-Deployment}&pageSize=25&result=DefaultCollection/PowerBIClients/PowerBIClients-EV2-Deployment/GBmaster//WFE/AppService/ADM/Public/INT/envParams.txt)):

-  app.powerbi.com,
-  app.powerbi.cn,
-   app.powerbigov.us,
-  app.mil.powerbigov.us,
-  app.high.powerbigov.us,
-  app.powerbi.eaglex.ic.gov,
-  app.powerbi.microsoft.scloud,
-   powerbi-df.analysis-df.windows.net,
-   CST WFE URLs: 'https://{cst-name}.analysis.windows-int.net'
-   daily.powerbi.com
-   dxt.powerbi.com
-   msit.powerbi.com

Embed URL validation should include fabric embed URL.

All of the above should be covered by the following regex expressions:

.+\.powerbi.com$
-   daily.powerbi.com
-   dxt.powerbi.com
-   msit.powerbi.com
-  app.powerbi.com

FF:  ^app(.mil.|.high.|.)powerbigov.us$
-   app.powerbigov.us,
-  app.mil.powerbigov.us,
-  app.high.powerbigov.us

Edog: .+\.analysis-df.windows.net$

Onebox and CSTs: .+\.analysis.windows-int.net$

Fabric URLs: .+\.fabric.microsoft.com$

**Please look into the test cases in utils.spec.ts to see the valid and invalid embe urls**

Related work items: #1245653

2024-02-11 08:37:22 +00:00

Shahak Yosef

53608cf13f

Merged PR 221263: Fix test results

This PR does a few things:
1. Fix broken get theme test
2. Remove noisy unnecessary logs
3. Remove unused headless chrome browser when [kjhtml reporter](https://www.npmjs.com/package/karma-jasmine-html-reporter) is used (using a headless browser for UI debugging doesn't make sense)
4. Fix test failures not leading to Azure DevOps build pipeline failure (align with [official documentation](http://karma-runner.github.io/6.3/dev/public-api.html))
5. Add JUnit test results reported so that Azure DevOps can report test failures nicely (base don front end implementation)

You can see JUnit yourselves by going to the failed build and clicking on the tests tab like you do in the front end or backend but here is a picture

![image.png](https://powerbi.visualstudio.com/4c7b5adb-c2d0-4f18-b23c-edc4ac30f4e1/_apis/git/repositories/1dd63332-e003-46a3-ac6f-70213a1bcc2e/pullRequests/221263/attachments/image.png)

2021-12-02 09:59:01 +00:00

Shahak Yosef

b57d332ad0

Merged PR 217002: Refactor tests

Refactor tests

2021-11-18 07:41:44 +00:00

3 Коммитов