Skip to content

Commit

Permalink
[JENKINS-69651] CSP compatibility for ScriptApproval
Browse files Browse the repository at this point in the history
  • Loading branch information
basil committed Oct 11, 2024
1 parent 79b7281 commit 07d12e3
Show file tree
Hide file tree
Showing 4 changed files with 160 additions and 178 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
document.getElementById('deprecated-approvedClasspaths-clear-btn').style.display = 'none';
document.getElementById('deprecated-approvedClasspaths-clear-spinner').style.display = '';
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
document.getElementById('deprecated-approvedClasspaths-clear-btn').style.display = '';
document.getElementById('deprecated-approvedClasspaths-clear-spinner').style.display = 'none';
Original file line number Diff line number Diff line change
Expand Up @@ -27,176 +27,8 @@ THE SOFTWARE.
<l:layout title="In-process Script Approval" permission="${app.ADMINISTER}">
<st:include page="sidepanel.jelly" it="${app}"/>
<l:main-panel>
<script>
var mgr = <st:bind value="${it}"/>;
function hideScript(hash) {
document.getElementById('ps-' + hash).remove();
}
function approveScript(hash) {
mgr.approveScript(hash);
hideScript(hash);
}
function denyScript(hash) {
mgr.denyScript(hash);
hideScript(hash);
}
function hideSignature(hash) {
document.getElementById('s-' + hash).style.display = 'none';
}
function updateApprovedSignatures(r) {
var both = r.responseObject();
document.getElementById('approvedSignatures').value = both[0].join('\n');
document.getElementById('aclApprovedSignatures').value = both[1].join('\n');
if (document.getElementById('dangerousApprovedSignatures')) {
document.getElementById('dangerousApprovedSignatures').value = both[2].join('\n');
}
}
function approveSignature(signature, hash) {
mgr.approveSignature(signature, function(r) {
updateApprovedSignatures(r);
});
hideSignature(hash);
}
function aclApproveSignature(signature, hash) {
mgr.aclApproveSignature(signature, function(r) {
updateApprovedSignatures(r);
});
hideSignature(hash);
}
function denySignature(signature, hash) {
mgr.denySignature(signature);
hideSignature(hash);
}
function clearApprovedSignatures() {
mgr.clearApprovedSignatures(function(r) {
updateApprovedSignatures(r);
});
}
function clearDangerousApprovedSignatures() {
mgr.clearDangerousApprovedSignatures(function(r) {
updateApprovedSignatures(r);
});
}

function renderPendingClasspathEntries(pendingClasspathEntries) {
if (pendingClasspathEntries.length == 0) {
document.getElementById('pendingClasspathEntries-none').style.display = '';
Array.from(document.getElementById('pendingClasspathEntries').children).forEach(function(e){e.remove()});
document.getElementById('pendingClasspathEntries').style.display = 'none';
} else {
document.getElementById('pendingClasspathEntries-none').style.display = 'none';
Array.from(document.getElementById('pendingClasspathEntries').children).forEach(function(e){e.remove()});
/*
Create a list like:
<p id="pcp-${pcp.hash}">
<button class="approve" onclick="approveClasspathEntry('${pcp.hash}')">Approve</button> /
<button class="deny" onclick="denyClasspathEntry('${pcp.hash}')">Deny</button>
${pcp.hash} (${pcp.path})
</p>
*/
pendingClasspathEntries.forEach(function(e) {
var block = document.createElement('p');
block.setAttribute('id', 'pcp-' + e.hash);
var approveButton = document.createElement('button');
approveButton.setAttribute('class', 'approve');
approveButton.setAttribute('hash', e.hash);
approveButton.textContent = 'Approve';
approveButton.addEventListener('click', function() {
approveClasspathEntry(this.getAttribute('hash'));
});
var denyButton = document.createElement('button');
denyButton.setAttribute('class', 'deny');
denyButton.setAttribute('hash', e.hash);
denyButton.textContent = 'Deny';
denyButton.addEventListener('click', function() {
denyClasspathEntry(this.getAttribute('hash'));
});
block.appendChild(approveButton);
block.appendChild(denyButton);
var code = document.createElement('code');
code.setAttribute('title', e.hash);
code.textContent = e.path;
block.appendChild(code);

document.getElementById('pendingClasspathEntries').appendChild(block);
});
document.getElementById('pendingClasspathEntries').style.display = '';
}
}

function renderApprovedClasspathEntries(approvedClasspathEntries) {
if (approvedClasspathEntries.length == 0) {
document.getElementById('approvedClasspathEntries-none').style.display = '';
Array.from(document.getElementById('approvedClasspathEntries').children).forEach(function(e){e.remove()});
document.getElementById('approvedClasspathEntries').style.display = 'none';
document.getElementById('approvedClasspathEntries-clear').style.display = 'none';
} else {
document.getElementById('approvedClasspathEntries-none').style.display = 'none';
Array.from(document.getElementById('approvedClasspathEntries').children).forEach(function(e){e.remove()});
/*
Create a list like:
<p id="acp-${acp.hash}">
<button class="delete" onclick="denyApprovedClasspathEntry('${pcp.hash}')">Delete</button>
${acp.hash} (${acp.path})
</p>
*/
approvedClasspathEntries.forEach(function(e) {
var block = document.createElement('p');
block.setAttribute('id', 'acp-' + e.hash);
var deleteButton = document.createElement('button');
deleteButton.setAttribute('class', 'delete');
deleteButton.setAttribute('hash', e.hash);
deleteButton.textContent = 'Delete';
deleteButton.addEventListener('click', function() {
if (confirm('Really delete this approved classpath entry? Any existing scripts using it will need to be rerun and the entry reapproved.')) {
denyApprovedClasspathEntry(this.getAttribute('hash'));
}
});
block.appendChild(deleteButton);
var code = document.createElement('code');
code.setAttribute('title', e.hash);
code.textContent = e.path;
block.appendChild(code);

document.getElementById('approvedClasspathEntries').appendChild(block);
});
document.getElementById('approvedClasspathEntries').style.display = '';
document.getElementById('approvedClasspathEntries-clear').style.display = '';
}
}

function renderClasspaths(r) {
renderPendingClasspathEntries(r.responseObject()[0]);
renderApprovedClasspathEntries(r.responseObject()[1]);
}

function approveClasspathEntry(hash) {
mgr.approveClasspathEntry(hash, function(r) {
renderClasspaths(r);
});
}
function denyClasspathEntry(hash) {
mgr.denyClasspathEntry(hash, function(r) {
renderClasspaths(r);
});
}
function denyApprovedClasspathEntry(hash) {
mgr.denyApprovedClasspathEntry(hash, function(r) {
renderClasspaths(r);
});
}
function clearApprovedClasspathEntries() {
mgr.clearApprovedClasspathEntries(function(r) {
renderClasspaths(r);
});
}

window.addEventListener("load", function(){
mgr.getClasspathRenderInfo(function(r) {
renderClasspaths(r);
});
});
</script>
<st:bind value="${it}" var="mgr"/>
<st:adjunct includes="org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.render-classpaths"/>
<j:choose>
<j:when test="${it.pendingScripts.isEmpty()}">
<p>
Expand Down Expand Up @@ -312,16 +144,10 @@ THE SOFTWARE.
</p>
<j:choose>
<j:when test="${it.isConvertingDeprecatedApprovedClasspathEntries()}">
<script>
document.getElementById('deprecated-approvedClasspaths-clear-btn').style.display = 'none';
document.getElementById('deprecated-approvedClasspaths-clear-spinner').style.display = '';
</script>
<st:adjunct includes="org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.deprecated-approvedClasspaths-clear-btn-hide"/>
</j:when>
<j:otherwise>
<script>
document.getElementById('deprecated-approvedClasspaths-clear-btn').style.display = '';
document.getElementById('deprecated-approvedClasspaths-clear-spinner').style.display = 'none';
</script>
<st:adjunct includes="org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.deprecated-approvedClasspaths-clear-btn-show"/>
</j:otherwise>
</j:choose>
</j:if>
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,152 @@
function hideScript(hash) {
document.getElementById('ps-' + hash).remove();
}
function approveScript(hash) {
mgr.approveScript(hash);
hideScript(hash);
}
function denyScript(hash) {
mgr.denyScript(hash);
hideScript(hash);
}
function hideSignature(hash) {
document.getElementById('s-' + hash).style.display = 'none';
}
function updateApprovedSignatures(r) {
var both = r.responseObject();
document.getElementById('approvedSignatures').value = both[0].join('\n');
document.getElementById('aclApprovedSignatures').value = both[1].join('\n');
if (document.getElementById('dangerousApprovedSignatures')) {
document.getElementById('dangerousApprovedSignatures').value = both[2].join('\n');
}
}
function approveSignature(signature, hash) {
mgr.approveSignature(signature, function(r) {
updateApprovedSignatures(r);
});
hideSignature(hash);
}
function aclApproveSignature(signature, hash) {
mgr.aclApproveSignature(signature, function(r) {
updateApprovedSignatures(r);
});
hideSignature(hash);
}
function denySignature(signature, hash) {
mgr.denySignature(signature);
hideSignature(hash);
}
function clearApprovedSignatures() {
mgr.clearApprovedSignatures(function(r) {
updateApprovedSignatures(r);
});
}
function clearDangerousApprovedSignatures() {
mgr.clearDangerousApprovedSignatures(function(r) {
updateApprovedSignatures(r);
});
}

function renderPendingClasspathEntries(pendingClasspathEntries) {
if (pendingClasspathEntries.length == 0) {
document.getElementById('pendingClasspathEntries-none').style.display = '';
Array.from(document.getElementById('pendingClasspathEntries').children).forEach(function(e){e.remove()});
document.getElementById('pendingClasspathEntries').style.display = 'none';
} else {
document.getElementById('pendingClasspathEntries-none').style.display = 'none';
Array.from(document.getElementById('pendingClasspathEntries').children).forEach(function(e){e.remove()});
pendingClasspathEntries.forEach(function(e) {
var block = document.createElement('p');
block.setAttribute('id', 'pcp-' + e.hash);
var approveButton = document.createElement('button');
approveButton.setAttribute('class', 'approve');
approveButton.setAttribute('hash', e.hash);
approveButton.textContent = 'Approve';
approveButton.addEventListener('click', function() {
approveClasspathEntry(this.getAttribute('hash'));
});
var denyButton = document.createElement('button');
denyButton.setAttribute('class', 'deny');
denyButton.setAttribute('hash', e.hash);
denyButton.textContent = 'Deny';
denyButton.addEventListener('click', function() {
denyClasspathEntry(this.getAttribute('hash'));
});
block.appendChild(approveButton);
block.appendChild(denyButton);
var code = document.createElement('code');
code.setAttribute('title', e.hash);
code.textContent = e.path;
block.appendChild(code);

document.getElementById('pendingClasspathEntries').appendChild(block);
});
document.getElementById('pendingClasspathEntries').style.display = '';
}
}

function renderApprovedClasspathEntries(approvedClasspathEntries) {
if (approvedClasspathEntries.length == 0) {
document.getElementById('approvedClasspathEntries-none').style.display = '';
Array.from(document.getElementById('approvedClasspathEntries').children).forEach(function(e){e.remove()});
document.getElementById('approvedClasspathEntries').style.display = 'none';
document.getElementById('approvedClasspathEntries-clear').style.display = 'none';
} else {
document.getElementById('approvedClasspathEntries-none').style.display = 'none';
Array.from(document.getElementById('approvedClasspathEntries').children).forEach(function(e){e.remove()});
approvedClasspathEntries.forEach(function(e) {
var block = document.createElement('p');
block.setAttribute('id', 'acp-' + e.hash);
var deleteButton = document.createElement('button');
deleteButton.setAttribute('class', 'delete');
deleteButton.setAttribute('hash', e.hash);
deleteButton.textContent = 'Delete';
deleteButton.addEventListener('click', function() {
if (confirm('Really delete this approved classpath entry? Any existing scripts using it will need to be rerun and the entry reapproved.')) {
denyApprovedClasspathEntry(this.getAttribute('hash'));
}
});
block.appendChild(deleteButton);
var code = document.createElement('code');
code.setAttribute('title', e.hash);
code.textContent = e.path;
block.appendChild(code);

document.getElementById('approvedClasspathEntries').appendChild(block);
});
document.getElementById('approvedClasspathEntries').style.display = '';
document.getElementById('approvedClasspathEntries-clear').style.display = '';
}
}

function renderClasspaths(r) {
renderPendingClasspathEntries(r.responseObject()[0]);
renderApprovedClasspathEntries(r.responseObject()[1]);
}

function approveClasspathEntry(hash) {
mgr.approveClasspathEntry(hash, function(r) {
renderClasspaths(r);
});
}
function denyClasspathEntry(hash) {
mgr.denyClasspathEntry(hash, function(r) {
renderClasspaths(r);
});
}
function denyApprovedClasspathEntry(hash) {
mgr.denyApprovedClasspathEntry(hash, function(r) {
renderClasspaths(r);
});
}
function clearApprovedClasspathEntries() {
mgr.clearApprovedClasspathEntries(function(r) {
renderClasspaths(r);
});
}

document.addEventListener('DOMContentLoaded', function() {
mgr.getClasspathRenderInfo(function(r) {
renderClasspaths(r);
});
});

0 comments on commit 07d12e3

Please sign in to comment.