• Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • core
    • Jenkins 1.596

      Plugins have 2 names: an 'internal' one and a display one. Depending on the location one or the other name (or both) is used. This is extremely confusing for users.

      As an example, in JENKINS-22028 someone refers to the "antisamy-markup-formatter". So I went to the plugin manager on my Jenkins, and searched both 'Available' and 'Installed' for antisamy (whatever that may mean...). I found nothing, so I concluded the plugin doesn't exist anymore. I accidentally scrolled all the way down the long commed list, only to find that the plugin is actually called "OWASP Markup Formatter Plugin" in the UI. Note that there is nothing in both names that would even remotely suggest they are the same thing!

      So, since the plugins have 2 names, and people will use whatever they see most, please list both names in the Plugin manager.

          [JENKINS-26565] Show both 'names' of plugins

          Another case of confusion between both names I think.

          Arnt Witteveen added a comment - Another case of confusion between both names I think.

          Arnt Witteveen added a comment - - edited

          Confusion in the comments (selected wrong issue, link deleted again)

          Arnt Witteveen added a comment - - edited Confusion in the comments (selected wrong issue, link deleted again)

          confusion in the comments

          Arnt Witteveen added a comment - confusion in the comments

          Daniel Beck added a comment -

          IIRC the deletion confirmation dialog also shows the internal name.

          Workaround: The filter text field knows about the internal name. Enter 'antisamy' and it'll show OWASP.

          Daniel Beck added a comment - IIRC the deletion confirmation dialog also shows the internal name. Workaround: The filter text field knows about the internal name. Enter 'antisamy' and it'll show OWASP.

          Arnt Witteveen added a comment - - edited

          Thanks for the workaround. (I used the browsers own 'Find'.)
          It's a bit strange to search for something and then have a search result that does not seem to include what you searched for without knowing why, but in this case it's nice as a workaround .

          Arnt Witteveen added a comment - - edited Thanks for the workaround. (I used the browsers own 'Find'.) It's a bit strange to search for something and then have a search result that does not seem to include what you searched for without knowing why, but in this case it's nice as a workaround .

          Craig Ringer added a comment -

          I find it utterly bewildering, and it slows me down a lot with Jenkins.

           The "Safe HTML" formatter is probably the worst culprit, as noted above. It is:

          • "Safe HTML"  - name in Global Security configuration, 
          • "OWASP Markup Formatter Plugin" - name in "Plugin Manager" UI
          • antisamy-markup-formatter - name in "Plugins" list in "/jenkins/systemInfo", i.e. Maven artifact name

          ... and none of these are remotely connected. In something that's security-sensitive that's pretty significant.

          There's no indication at all in the global security UI that the formatter is from a plugin at all (that's kinda bad from a security PoV), let alone which one. The plugin's display name doesn't mention "HTML" or "Safe". The plugin's internal name is unrelated again. Clicking the plugin's name in the Plugin Manager takes you to a a wiki page that (until I edited it) didn't mention "Safe HTML" at all, and its "plugin site" link takes you to https://plugins.jenkins.io/antisamy-markup-formatter but has the title "OWASP Markup Formatter 1.5". If you click the plugin's version in plugin manager you get taken to a confusingly named "thirdPartyLicenses" URL that is really a dependency map. The first "dependency" is actually the plugin itself, but that's not clearly indicated at all.

           

          What should happen is:

          • The "Plugin Manager" UI should have a less prominent suffix on the plugin name with the maven artifact name or full co-ordinates, labeled something like "plugin id"
          • The "systemInfo" view should list plugin display-names too
          • The "systemInfo" view should probably also list the contained package(s) or offer a class browser, since they often differ again

          ... and in the case of formatters, the formatter selector should show the plugin info there.

           

          Another example is pretty much any plugin in the Pipeline / Workflow suite. For example, we have:

          • Pipeline: Groovy (jenkins "Plugin Manager" UI)
          • workflow-cps (name in "Plugins" list in "/jenkins/systemInfo", i.e. Maven artifact name)
          • jenkinsci/workflow-cps-plugin (git repo name, note -plugin suffix absent from artifact name)
          • Pipeline Groovy Plugin (github README)
          • org.jenkins-ci.plugins.workflow:workflow-cps:2.60 (full Maven co-ordinates)
          • org.jenkinsci.plugins.workflow.cps.* (package name)

          Finding things is very hard.

          Craig Ringer added a comment - I find it utterly bewildering, and it slows me down a lot with Jenkins.  The "Safe HTML" formatter is probably the worst culprit, as noted above. It is: "Safe HTML"  - name in Global Security configuration,  "OWASP Markup Formatter Plugin" - name in "Plugin Manager" UI antisamy-markup-formatter - name in "Plugins" list in "/jenkins/systemInfo", i.e. Maven artifact name ... and  none of these are remotely connected . In something that's security-sensitive that's pretty significant. There's no indication at all in the global security UI that the formatter is from a plugin at all (that's kinda bad from a security PoV), let alone which one. The plugin's display name doesn't mention "HTML" or "Safe". The plugin's internal name is unrelated again. Clicking the plugin's name in the Plugin Manager takes you to a a wiki page that (until I edited it) didn't mention "Safe HTML" at all, and its "plugin site" link takes you to https://plugins.jenkins.io/antisamy-markup-formatter  but has the title "OWASP Markup Formatter 1.5". If you click the plugin's version in plugin manager you get taken to a confusingly named "thirdPartyLicenses" URL that is really a dependency map . The first "dependency" is actually the plugin itself, but that's not clearly indicated at all.   What should happen is: The "Plugin Manager" UI should have a less prominent suffix on the plugin name with the maven artifact name or full co-ordinates, labeled something like "plugin id" The "systemInfo" view should list plugin display-names too The "systemInfo" view should probably also list the contained package(s) or offer a class browser, since they often differ again ... and in the case of formatters, the formatter selector should show the plugin info there.   Another example is pretty much any plugin in the Pipeline / Workflow suite. For example, we have: Pipeline: Groovy (jenkins "Plugin Manager" UI) workflow-cps (name in "Plugins" list in "/jenkins/systemInfo", i.e. Maven artifact name) jenkinsci/workflow-cps-plugin (git repo name, note -plugin suffix absent from artifact name) Pipeline Groovy Plugin (github README) org.jenkins-ci.plugins.workflow:workflow-cps:2.60 (full Maven co-ordinates) org.jenkinsci.plugins.workflow.cps.* (package name) Finding things is very hard.

          Craig Ringer added a comment -

          It looks like Jenkins keeps all the needed metadata for this.
          The same MarkupFormatterDescriptor that's used to get the name can also report the plugin name, implementing class name, etc.
          So it looks like it needs some Jelly changes to use that info.
          I had a go at sketching out how it might look on another related issue here: https://issues.jenkins-ci.org/browse/JENKINS-54441?focusedCommentId=353018&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-353018 (JENKINS-54441) but lack the Jenkins-fu to test it out yet. Help would be greatly welcomed.

          Craig Ringer added a comment - It looks like Jenkins keeps all the needed metadata for this. The same MarkupFormatterDescriptor that's used to get the name can also report the plugin name, implementing class name, etc. So it looks like it needs some Jelly changes to use that info. I had a go at sketching out how it might look on another related issue here: https://issues.jenkins-ci.org/browse/JENKINS-54441?focusedCommentId=353018&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-353018 ( JENKINS-54441 ) but lack the Jenkins-fu to test it out yet. Help would be greatly welcomed.

            Unassigned Unassigned
            legolas Arnt Witteveen
            Votes:
            4 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: