make plugin CSP compliant (#2551)

jenkinsci · Aug 27, 2024 · 3ad2056 · 3ad2056
1 parent 1f031bb
commit 3ad2056
Show file tree

Hide file tree

Showing 5 changed files with 94 additions and 91 deletions.
diff --git a/plugin/src/main/java/io/jenkins/plugins/casc/ConfigurationAsCode.java b/plugin/src/main/java/io/jenkins/plugins/casc/ConfigurationAsCode.java
@@ -265,9 +265,9 @@ private boolean canApplyFrom(List<YamlSource> yamlSources) {
 
     @POST
     @Restricted(NoExternalUse.class)
-    public FormValidation doCheckNewSource(@QueryParameter String newSource) {
+    public FormValidation doCheckNewSource(@QueryParameter String value) {
         Jenkins.get().checkPermission(Jenkins.ADMINISTER);
-        String normalizedSource = Util.fixEmptyAndTrim(newSource);
+        String normalizedSource = Util.fixEmptyAndTrim(value);
         if (normalizedSource == null) {
             return FormValidation.ok(); // empty, do nothing
         }

diff --git a/plugin/src/main/resources/io/jenkins/plugins/casc/ConfigurationAsCode/index.jelly b/plugin/src/main/resources/io/jenkins/plugins/casc/ConfigurationAsCode/index.jelly
@@ -26,7 +26,7 @@
       <f:form method="post" action="replace" name="replace">
           <h2>${%Replace configuration source with:}</h2>
           <f:entry title="${%Path or URL}" field="newSource" >
-              <f:textbox checkUrl="'checkNewSource?newSource='+escape(this.value)" checkMethod="post" />
+              <f:textbox checkUrl="checkNewSource" checkDependsOn=""/>
           </f:entry>
           <f:block>
             <f:submit name="replace" value="${%Apply new configuration}"/>

diff --git a/plugin/src/main/resources/io/jenkins/plugins/casc/ConfigurationAsCode/reference.jelly b/plugin/src/main/resources/io/jenkins/plugins/casc/ConfigurationAsCode/reference.jelly
@@ -1,100 +1,19 @@
 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler">
   <st:contentType value="text/html;charset=UTF-8"/>
+  <j:new var="h" className="hudson.Functions"/>
+  <j:invoke on="${h}" method="initPageVariables">
+    <j:arg value="${context}"/>
+  </j:invoke>
   <html><head>
-  <style class='anchorjs'></style><link href='https://jenkins.io/assets/bower/bootstrap/css/bootstrap.min.css' media='screen' rel='stylesheet'/>
+  <link href='https://jenkins.io/assets/bower/bootstrap/css/bootstrap.min.css' media='screen' rel='stylesheet'/>
   <link href='https://jenkins.io/assets/bower/tether/css/tether.min.css' media='screen' rel='stylesheet'/>
   <link href='https://jenkins.io/css/font-icons.css' media='screen' rel='stylesheet'/>
   <link href='https://jenkins.io/css/jenkins.css' media='screen' rel='stylesheet'/>
   <link href='https://jenkins.io/assets/bower/ionicons/css/ionicons.min.css' media='screen' rel='stylesheet'/>
   <link href='https://jenkins.io/css/footer.css' media='screen' rel='stylesheet'/>
   <link href='https://jenkins.io/css/font-awesome.min.css' media='screen' rel='stylesheet'/>
-  <style>
-    .configurator {
-        margin-top: 30px;
-    }
-
-    .configurator__name {
-        font-size: 1.5em;
-    }
-
-    .configurator-pointer {
-        font-size: 0.5em;
-        color: #454545;
-        font-weight: 100;
-    }
-
-    .root-configurator-pointer {
-        font-size: 0.5em;
-        color: #7f5200;
-        font-weight: 100;
-    }
-
-    .configurator-attributes {
-        display: flex;
-        flex-direction: column;
-    }
-
-    .configurator-attribute {
-        display: flex;
-        flex-grow: 1;
-        margin-left: 25px;
-        border-left: 1px solid #ccc;
-        line-height: 24px;
-    }
-
-    .configurator-attribute__name {
-        display: flex;
-        flex-direction: column;
-        flex-basis: 30%;
-        min-height: 30px;
-        padding-top: 5px;
-    }
-
-    .attribute-name {
-        display:flex;
-    }
-
-    .attribute-name:before {
-        content: '';
-        display: block;
-        margin-right: 10px;
-        border-top: 1px solid #ccc;
-        width: 10px;
-        margin-top: 12px;
-    }
-
-
-    .attribute-name:after {
-        content: '';
-        display: block;
-        margin-left: 10px;
-        border-top: 1px dashed #ccc;
-        flex: 1;
-        margin-top: 12px;
-      }
-
-    .configurator-attribute__details {
-        display: flex;
-        flex-direction: column;
-        flex: 1;
-        padding: 5px;
-    }
-
-    .attribute-type {
-        color: #454545;
-    }
-
-    .attribute-type__list {
-        color: #999;
-        margin-right: 5px;
-    }
-
-    .attribute-type__class {
-        font-family: Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;
-        font-size: 0.8em;
-    }
-  </style>
+  <link href='${rootURL}/plugin/configuration-as-code/css/reference.css' rel='stylesheet'/>
   </head>
 
   <body class='syntax'>

diff --git a/plugin/src/main/webapp/css/reference.css b/plugin/src/main/webapp/css/reference.css
@@ -0,0 +1,84 @@
+.configurator {
+  margin-top: 30px;
+}
+
+.configurator__name {
+  font-size: 1.5em;
+}
+
+.configurator-pointer {
+  font-size: 0.5em;
+  color: #454545;
+  font-weight: 100;
+}
+
+.root-configurator-pointer {
+  font-size: 0.5em;
+  color: #7f5200;
+  font-weight: 100;
+}
+
+.configurator-attributes {
+  display: flex;
+  flex-direction: column;
+}
+
+.configurator-attribute {
+  display: flex;
+  flex-grow: 1;
+  margin-left: 25px;
+  border-left: 1px solid #ccc;
+  line-height: 24px;
+}
+
+.configurator-attribute__name {
+  display: flex;
+  flex-direction: column;
+  flex-basis: 30%;
+  min-height: 30px;
+  padding-top: 5px;
+}
+
+.attribute-name {
+  display:flex;
+}
+
+.attribute-name:before {
+  content: '';
+  display: block;
+  margin-right: 10px;
+  border-top: 1px solid #ccc;
+  width: 10px;
+  margin-top: 12px;
+}
+
+
+.attribute-name:after {
+  content: '';
+  display: block;
+  margin-left: 10px;
+  border-top: 1px dashed #ccc;
+  flex: 1;
+  margin-top: 12px;
+}
+
+.configurator-attribute__details {
+  display: flex;
+  flex-direction: column;
+  flex: 1;
+  padding: 5px;
+}
+
+.attribute-type {
+  color: #454545;
+}
+
+.attribute-type__list {
+  color: #999;
+  margin-right: 5px;
+}
+
+.attribute-type__class {
+  font-family: Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;
+  font-size: 0.8em;
+}
diff --git a/test-harness/src/main/java/io/jenkins/plugins/casc/misc/RoundTripAbstractTest.java b/test-harness/src/main/java/io/jenkins/plugins/casc/misc/RoundTripAbstractTest.java
@@ -159,7 +159,7 @@ private void assertConfigViaWebUI(String jenkinsConfig) throws Exception {
         // Call the check url
         JenkinsRule.WebClient client = r.j.createWebClient();
         WebRequest request = new WebRequest(client.createCrumbedUrl("configuration-as-code/checkNewSource"), POST);
-        NameValuePair param = new NameValuePair("newSource", f.toURI().toURL().toExternalForm());
+        NameValuePair param = new NameValuePair("value", f.toURI().toURL().toExternalForm());
         request.setRequestParameters(Collections.singletonList(param));
         WebResponse response = client.loadWebResponse(request);
         assertEquals("Failed to POST to " + request.getUrl().toString(), 200, response.getStatusCode());