-
Type:
Task
-
Resolution: Unresolved
-
Priority:
Minor
-
Component/s: anchore-container-scanner-plugin
Note
While testing this plugin, evaluate whether the third-party libraries in src/main/webapp are compatible with CSP in restrictive mode. The plugin may need to be upgraded from jQuery 1.x to 3.x to fully function in CSP restrictive mode.
Problems
== Inline Script Block
Line: 25
----
<script>
jQuery.noConflict(); <!-- To prevent overwriting $ function -->
var disablePrototypeJS = function (method, pluginsToDisable) {
var handler = function (event) {
event.target[method] = undefined;
setTimeout(function () {
delete event.target[method];
}, 0);
};
pluginsToDisable.each(function (plugin) {
jQuery(window).on(method + '.bs.' + plugin, handler);
});
},
pluginsToDisable = ['collapse', 'dropdown', 'modal', 'tooltip', 'popover', 'tab'];
disablePrototypeJS('show', pluginsToDisable);
disablePrototypeJS('hide', pluginsToDisable);
</script>
----
== Inline Script Block
Line: 69
----
<script type="text/javascript">
buildPolicyEvalSummaryTable("#gates_summary_table", ${it.gateSummary});
</script>
----
== Inline Script Block
Line: 78
----
<script type="text/javascript">
buildPolicyEvalTable("#gates_table", "${it.gateOutputUrl}");
</script>
----
== Inline Script Block
Line: 89
----
<script type="text/javascript">
buildTableFromAnchoreOutput("#query${counter}_table", "${e.value}");
</script>
----
== Inline Script Block
Line: 100
----
<script type="text/javascript">
buildSecurityTable("#security_table", "${it.cveListingUrl}");
</script>
----
Solution
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
