[contrast-continuous-application-security] Extract inline script block in com/aspectsecurity/contrast/contrastjenkins/VulnerabilityTrendRecorder/config.jelly

XMLWordPrintable

      Problem

      == Inline Script Block
Line: 117
----
<script>
        var overrideGlobalThresholdConditionsCheckboxElements =
        document.getElementsByName("overrideGlobalThresholdConditions");
        var teamServerProfileSelectElements = document.getElementsByName("_.teamServerProfileName");

        <!-- All the fields of a Threshold Condition except the application id will be hidden if the global threshold conditions are used -->
        var thresholdCountElements = document.getElementsByName("thresholdCount");
        var thresholdSeverityElements = document.getElementsByName("_.thresholdSeverity");
        var thresholdVulnTypeElements = document.getElementsByName("_.thresholdVulnType");
        var autoRemediatedElements = document.getElementsByName("autoRemediated");
        var notAProblemElements = document.getElementsByName("notAProblem");
        var fixedElements = document.getElementsByName("fixed");
        var confirmedElements = document.getElementsByName("confirmed");
        var remediatedElements = document.getElementsByName("remediated");
        var beingTrackedElements = document.getElementsByName("beingTracked");
        var suspiciousElements = document.getElementsByName("suspicious");
        var reportedElements = document.getElementsByName("reported");
        var untrackedElements = document.getElementsByName("untracked");
        var conditionTitle = document.getElementsByName("conditionTitle");

        var dynamicElements = [];
        dynamicElements.push(thresholdCountElements);
        dynamicElements.push(thresholdSeverityElements);
        dynamicElements.push(thresholdVulnTypeElements);
        dynamicElements.push(autoRemediatedElements);
        dynamicElements.push(notAProblemElements);
        dynamicElements.push(fixedElements);
        dynamicElements.push(confirmedElements);
        dynamicElements.push(remediatedElements);
        dynamicElements.push(beingTrackedElements);
        dynamicElements.push(suspiciousElements);
        dynamicElements.push(reportedElements);
        dynamicElements.push(untrackedElements);

        <!-- When Threshold Conditions are added to the page, observer hides all of their fields except the app name if needed -->
        var observer = new MutationObserver(function(mutations) {

            if (teamServerProfileSelectElements[0] != undefined &amp;&amp; teamServerProfileSelectElements[0].onchange == null){
                <!-- Hide fields if a teamserver profile selected with isAllowGlobalThresholdConditionsOverride variable set to false  -->
                teamServerProfileSelectElements[0].onchange = function() {isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value);};
            }
            if (overrideGlobalThresholdConditionsCheckboxElements[0] != undefined &amp;&amp; overrideGlobalThresholdConditionsCheckboxElements[0].onchange == null) {
                <!-- Hide fields if the user chooses to use global conditions  -->
                overrideGlobalThresholdConditionsCheckboxElements[0].onchange = function() { isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value); };
            }

            mutations.forEach(function(mutation) {
                if (mutation.addedNodes.length > 0 &amp;&amp; mutation.target.className == "repeated-container") {
                    isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value);
                }
            });
        });

        observer.observe(document.querySelector("form[name=config]"), { childList: true, subtree: true });
        <!---->

        <!-- Create a proxy variable to access the descriptor of VulnerabilityTrendRecorder.java class -->
        var descriptorImpl =
        <st:bind value="${descriptor}"/>

        <!-- Checks if 'isAllowGlobalThresholdConditionsOverride' variable is set to true in the selected TeamServer profile -->
        function isAllowGlobalThresholdConditionsOverride(teamServerProfileName) {
            descriptorImpl.isAllowGlobalThresholdConditionsOverride(teamServerProfileName, function(t){
                if (t.responseObject()) {
                    overrideGlobalThresholdConditionsCheckboxElements[0].disabled = false;

                    for (var i = 0; i &lt; dynamicElements.length; i++) {
                        for (var j = 0; j &lt; dynamicElements[i].length; j++) {
                            if (overrideGlobalThresholdConditionsCheckboxElements[0].checked) {
                                dynamicElements[i][j].parentNode.parentNode.style.display = "";
                            } else {
                                dynamicElements[i][j].parentNode.parentNode.style.display = "none";
                            }

                        }
                    }


                } else {
                    overrideGlobalThresholdConditionsCheckboxElements[0].disabled = true;
                    overrideGlobalThresholdConditionsCheckboxElements[0].checked = false;

                    for (var i = 0; i &lt; dynamicElements.length; i++) {
                        for (var j = 0; j &lt; dynamicElements[i].length; j++) {
                            dynamicElements[i][j].parentNode.parentNode.style.display = "none";
                        }
                    }
                }
            });
        }
    </script>
----

      Solution

      https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks

            Assignee:
            Unassigned
            Reporter:
            Basil Crow
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: