-
Task
-
Resolution: Unresolved
-
Minor
Problem
== Inline Script Block
Line: 117
----
<script>
var overrideGlobalThresholdConditionsCheckboxElements =
document.getElementsByName("overrideGlobalThresholdConditions");
var teamServerProfileSelectElements = document.getElementsByName("_.teamServerProfileName");
<!-- All the fields of a Threshold Condition except the application id will be hidden if the global threshold conditions are used -->
var thresholdCountElements = document.getElementsByName("thresholdCount");
var thresholdSeverityElements = document.getElementsByName("_.thresholdSeverity");
var thresholdVulnTypeElements = document.getElementsByName("_.thresholdVulnType");
var autoRemediatedElements = document.getElementsByName("autoRemediated");
var notAProblemElements = document.getElementsByName("notAProblem");
var fixedElements = document.getElementsByName("fixed");
var confirmedElements = document.getElementsByName("confirmed");
var remediatedElements = document.getElementsByName("remediated");
var beingTrackedElements = document.getElementsByName("beingTracked");
var suspiciousElements = document.getElementsByName("suspicious");
var reportedElements = document.getElementsByName("reported");
var untrackedElements = document.getElementsByName("untracked");
var conditionTitle = document.getElementsByName("conditionTitle");
var dynamicElements = [];
dynamicElements.push(thresholdCountElements);
dynamicElements.push(thresholdSeverityElements);
dynamicElements.push(thresholdVulnTypeElements);
dynamicElements.push(autoRemediatedElements);
dynamicElements.push(notAProblemElements);
dynamicElements.push(fixedElements);
dynamicElements.push(confirmedElements);
dynamicElements.push(remediatedElements);
dynamicElements.push(beingTrackedElements);
dynamicElements.push(suspiciousElements);
dynamicElements.push(reportedElements);
dynamicElements.push(untrackedElements);
<!-- When Threshold Conditions are added to the page, observer hides all of their fields except the app name if needed -->
var observer = new MutationObserver(function(mutations) {
if (teamServerProfileSelectElements[0] != undefined && teamServerProfileSelectElements[0].onchange == null){
<!-- Hide fields if a teamserver profile selected with isAllowGlobalThresholdConditionsOverride variable set to false -->
teamServerProfileSelectElements[0].onchange = function() {isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value);};
}
if (overrideGlobalThresholdConditionsCheckboxElements[0] != undefined && overrideGlobalThresholdConditionsCheckboxElements[0].onchange == null) {
<!-- Hide fields if the user chooses to use global conditions -->
overrideGlobalThresholdConditionsCheckboxElements[0].onchange = function() { isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value); };
}
mutations.forEach(function(mutation) {
if (mutation.addedNodes.length > 0 && mutation.target.className == "repeated-container") {
isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value);
}
});
});
observer.observe(document.querySelector("form[name=config]"), { childList: true, subtree: true });
<!---->
<!-- Create a proxy variable to access the descriptor of VulnerabilityTrendRecorder.java class -->
var descriptorImpl =
<st:bind value="${descriptor}"/>
<!-- Checks if 'isAllowGlobalThresholdConditionsOverride' variable is set to true in the selected TeamServer profile -->
function isAllowGlobalThresholdConditionsOverride(teamServerProfileName) {
descriptorImpl.isAllowGlobalThresholdConditionsOverride(teamServerProfileName, function(t){
if (t.responseObject()) {
overrideGlobalThresholdConditionsCheckboxElements[0].disabled = false;
for (var i = 0; i < dynamicElements.length; i++) {
for (var j = 0; j < dynamicElements[i].length; j++) {
if (overrideGlobalThresholdConditionsCheckboxElements[0].checked) {
dynamicElements[i][j].parentNode.parentNode.style.display = "";
} else {
dynamicElements[i][j].parentNode.parentNode.style.display = "none";
}
}
}
} else {
overrideGlobalThresholdConditionsCheckboxElements[0].disabled = true;
overrideGlobalThresholdConditionsCheckboxElements[0].checked = false;
for (var i = 0; i < dynamicElements.length; i++) {
for (var j = 0; j < dynamicElements[i].length; j++) {
dynamicElements[i][j].parentNode.parentNode.style.display = "none";
}
}
}
});
}
</script>
----
Solution
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
[JENKINS-74440] [contrast-continuous-application-security] Extract inline script block in com/aspectsecurity/contrast/contrastjenkins/VulnerabilityTrendRecorder/config.jelly
Basil Crow
created issue -
Basil Crow
made changes -
| Assignee | Original: Max Gelman [ mgelman08 ] |
Basil Crow
made changes -
| Description |
Original:
h4. Problems {noformat} == Inline Script Block Line: 117 ---- <script> var overrideGlobalThresholdConditionsCheckboxElements = document.getElementsByName("overrideGlobalThresholdConditions"); var teamServerProfileSelectElements = document.getElementsByName("_.teamServerProfileName"); <!-- All the fields of a Threshold Condition except the application id will be hidden if the global threshold conditions are used --> var thresholdCountElements = document.getElementsByName("thresholdCount"); var thresholdSeverityElements = document.getElementsByName("_.thresholdSeverity"); var thresholdVulnTypeElements = document.getElementsByName("_.thresholdVulnType"); var autoRemediatedElements = document.getElementsByName("autoRemediated"); var notAProblemElements = document.getElementsByName("notAProblem"); var fixedElements = document.getElementsByName("fixed"); var confirmedElements = document.getElementsByName("confirmed"); var remediatedElements = document.getElementsByName("remediated"); var beingTrackedElements = document.getElementsByName("beingTracked"); var suspiciousElements = document.getElementsByName("suspicious"); var reportedElements = document.getElementsByName("reported"); var untrackedElements = document.getElementsByName("untracked"); var conditionTitle = document.getElementsByName("conditionTitle"); var dynamicElements = []; dynamicElements.push(thresholdCountElements); dynamicElements.push(thresholdSeverityElements); dynamicElements.push(thresholdVulnTypeElements); dynamicElements.push(autoRemediatedElements); dynamicElements.push(notAProblemElements); dynamicElements.push(fixedElements); dynamicElements.push(confirmedElements); dynamicElements.push(remediatedElements); dynamicElements.push(beingTrackedElements); dynamicElements.push(suspiciousElements); dynamicElements.push(reportedElements); dynamicElements.push(untrackedElements); <!-- When Threshold Conditions are added to the page, observer hides all of their fields except the app name if needed --> var observer = new MutationObserver(function(mutations) { if (teamServerProfileSelectElements[0] != undefined && teamServerProfileSelectElements[0].onchange == null){ <!-- Hide fields if a teamserver profile selected with isAllowGlobalThresholdConditionsOverride variable set to false --> teamServerProfileSelectElements[0].onchange = function() {isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value);}; } if (overrideGlobalThresholdConditionsCheckboxElements[0] != undefined && overrideGlobalThresholdConditionsCheckboxElements[0].onchange == null) { <!-- Hide fields if the user chooses to use global conditions --> overrideGlobalThresholdConditionsCheckboxElements[0].onchange = function() { isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value); }; } mutations.forEach(function(mutation) { if (mutation.addedNodes.length > 0 && mutation.target.className == "repeated-container") { isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value); } }); }); observer.observe(document.querySelector("form[name=config]"), { childList: true, subtree: true }); <!----> <!-- Create a proxy variable to access the descriptor of VulnerabilityTrendRecorder.java class --> var descriptorImpl = <st:bind value="${descriptor}"/> <!-- Checks if 'isAllowGlobalThresholdConditionsOverride' variable is set to true in the selected TeamServer profile --> function isAllowGlobalThresholdConditionsOverride(teamServerProfileName) { descriptorImpl.isAllowGlobalThresholdConditionsOverride(teamServerProfileName, function(t){ if (t.responseObject()) { overrideGlobalThresholdConditionsCheckboxElements[0].disabled = false; for (var i = 0; i < dynamicElements.length; i++) { for (var j = 0; j < dynamicElements[i].length; j++) { if (overrideGlobalThresholdConditionsCheckboxElements[0].checked) { dynamicElements[i][j].parentNode.parentNode.style.display = ""; } else { dynamicElements[i][j].parentNode.parentNode.style.display = "none"; } } } } else { overrideGlobalThresholdConditionsCheckboxElements[0].disabled = true; overrideGlobalThresholdConditionsCheckboxElements[0].checked = false; for (var i = 0; i < dynamicElements.length; i++) { for (var j = 0; j < dynamicElements[i].length; j++) { dynamicElements[i][j].parentNode.parentNode.style.display = "none"; } } } }); } </script> ---- == Inline Script Block Line: 117 ---- <script> var overrideGlobalThresholdConditionsCheckboxElements = document.getElementsByName("overrideGlobalThresholdConditions"); var teamServerProfileSelectElements = document.getElementsByName("_.teamServerProfileName"); <!-- All the fields of a Threshold Condition except the application id will be hidden if the global threshold conditions are used --> var thresholdCountElements = document.getElementsByName("thresholdCount"); var thresholdSeverityElements = document.getElementsByName("_.thresholdSeverity"); var thresholdVulnTypeElements = document.getElementsByName("_.thresholdVulnType"); var autoRemediatedElements = document.getElementsByName("autoRemediated"); var notAProblemElements = document.getElementsByName("notAProblem"); var fixedElements = document.getElementsByName("fixed"); var confirmedElements = document.getElementsByName("confirmed"); var remediatedElements = document.getElementsByName("remediated"); var beingTrackedElements = document.getElementsByName("beingTracked"); var suspiciousElements = document.getElementsByName("suspicious"); var reportedElements = document.getElementsByName("reported"); var untrackedElements = document.getElementsByName("untracked"); var conditionTitle = document.getElementsByName("conditionTitle"); var dynamicElements = []; dynamicElements.push(thresholdCountElements); dynamicElements.push(thresholdSeverityElements); dynamicElements.push(thresholdVulnTypeElements); dynamicElements.push(autoRemediatedElements); dynamicElements.push(notAProblemElements); dynamicElements.push(fixedElements); dynamicElements.push(confirmedElements); dynamicElements.push(remediatedElements); dynamicElements.push(beingTrackedElements); dynamicElements.push(suspiciousElements); dynamicElements.push(reportedElements); dynamicElements.push(untrackedElements); <!-- When Threshold Conditions are added to the page, observer hides all of their fields except the app name if needed --> var observer = new MutationObserver(function(mutations) { if (teamServerProfileSelectElements[0] != undefined && teamServerProfileSelectElements[0].onchange == null){ <!-- Hide fields if a teamserver profile selected with isAllowGlobalThresholdConditionsOverride variable set to false --> teamServerProfileSelectElements[0].onchange = function() {isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value);}; } if (overrideGlobalThresholdConditionsCheckboxElements[0] != undefined && overrideGlobalThresholdConditionsCheckboxElements[0].onchange == null) { <!-- Hide fields if the user chooses to use global conditions --> overrideGlobalThresholdConditionsCheckboxElements[0].onchange = function() { isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value); }; } mutations.forEach(function(mutation) { if (mutation.addedNodes.length > 0 && mutation.target.className == "repeated-container") { isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value); } }); }); observer.observe(document.querySelector("form[name=config]"), { childList: true, subtree: true }); <!----> <!-- Create a proxy variable to access the descriptor of VulnerabilityTrendRecorder.java class --> var descriptorImpl = <st:bind value="${descriptor}"/> <!-- Checks if 'isAllowGlobalThresholdConditionsOverride' variable is set to true in the selected TeamServer profile --> function isAllowGlobalThresholdConditionsOverride(teamServerProfileName) { descriptorImpl.isAllowGlobalThresholdConditionsOverride(teamServerProfileName, function(t){ if (t.responseObject()) { overrideGlobalThresholdConditionsCheckboxElements[0].disabled = false; for (var i = 0; i < dynamicElements.length; i++) { for (var j = 0; j < dynamicElements[i].length; j++) { if (overrideGlobalThresholdConditionsCheckboxElements[0].checked) { dynamicElements[i][j].parentNode.parentNode.style.display = ""; } else { dynamicElements[i][j].parentNode.parentNode.style.display = "none"; } } } } else { overrideGlobalThresholdConditionsCheckboxElements[0].disabled = true; overrideGlobalThresholdConditionsCheckboxElements[0].checked = false; for (var i = 0; i < dynamicElements.length; i++) { for (var j = 0; j < dynamicElements[i].length; j++) { dynamicElements[i][j].parentNode.parentNode.style.display = "none"; } } } }); } </script> ---- {noformat} h4. Solution [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] |
New:
h4. Problem {noformat} == Inline Script Block Line: 117 ---- <script> var overrideGlobalThresholdConditionsCheckboxElements = document.getElementsByName("overrideGlobalThresholdConditions"); var teamServerProfileSelectElements = document.getElementsByName("_.teamServerProfileName"); <!-- All the fields of a Threshold Condition except the application id will be hidden if the global threshold conditions are used --> var thresholdCountElements = document.getElementsByName("thresholdCount"); var thresholdSeverityElements = document.getElementsByName("_.thresholdSeverity"); var thresholdVulnTypeElements = document.getElementsByName("_.thresholdVulnType"); var autoRemediatedElements = document.getElementsByName("autoRemediated"); var notAProblemElements = document.getElementsByName("notAProblem"); var fixedElements = document.getElementsByName("fixed"); var confirmedElements = document.getElementsByName("confirmed"); var remediatedElements = document.getElementsByName("remediated"); var beingTrackedElements = document.getElementsByName("beingTracked"); var suspiciousElements = document.getElementsByName("suspicious"); var reportedElements = document.getElementsByName("reported"); var untrackedElements = document.getElementsByName("untracked"); var conditionTitle = document.getElementsByName("conditionTitle"); var dynamicElements = []; dynamicElements.push(thresholdCountElements); dynamicElements.push(thresholdSeverityElements); dynamicElements.push(thresholdVulnTypeElements); dynamicElements.push(autoRemediatedElements); dynamicElements.push(notAProblemElements); dynamicElements.push(fixedElements); dynamicElements.push(confirmedElements); dynamicElements.push(remediatedElements); dynamicElements.push(beingTrackedElements); dynamicElements.push(suspiciousElements); dynamicElements.push(reportedElements); dynamicElements.push(untrackedElements); <!-- When Threshold Conditions are added to the page, observer hides all of their fields except the app name if needed --> var observer = new MutationObserver(function(mutations) { if (teamServerProfileSelectElements[0] != undefined && teamServerProfileSelectElements[0].onchange == null){ <!-- Hide fields if a teamserver profile selected with isAllowGlobalThresholdConditionsOverride variable set to false --> teamServerProfileSelectElements[0].onchange = function() {isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value);}; } if (overrideGlobalThresholdConditionsCheckboxElements[0] != undefined && overrideGlobalThresholdConditionsCheckboxElements[0].onchange == null) { <!-- Hide fields if the user chooses to use global conditions --> overrideGlobalThresholdConditionsCheckboxElements[0].onchange = function() { isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value); }; } mutations.forEach(function(mutation) { if (mutation.addedNodes.length > 0 && mutation.target.className == "repeated-container") { isAllowGlobalThresholdConditionsOverride(teamServerProfileSelectElements[0].value); } }); }); observer.observe(document.querySelector("form[name=config]"), { childList: true, subtree: true }); <!----> <!-- Create a proxy variable to access the descriptor of VulnerabilityTrendRecorder.java class --> var descriptorImpl = <st:bind value="${descriptor}"/> <!-- Checks if 'isAllowGlobalThresholdConditionsOverride' variable is set to true in the selected TeamServer profile --> function isAllowGlobalThresholdConditionsOverride(teamServerProfileName) { descriptorImpl.isAllowGlobalThresholdConditionsOverride(teamServerProfileName, function(t){ if (t.responseObject()) { overrideGlobalThresholdConditionsCheckboxElements[0].disabled = false; for (var i = 0; i < dynamicElements.length; i++) { for (var j = 0; j < dynamicElements[i].length; j++) { if (overrideGlobalThresholdConditionsCheckboxElements[0].checked) { dynamicElements[i][j].parentNode.parentNode.style.display = ""; } else { dynamicElements[i][j].parentNode.parentNode.style.display = "none"; } } } } else { overrideGlobalThresholdConditionsCheckboxElements[0].disabled = true; overrideGlobalThresholdConditionsCheckboxElements[0].checked = false; for (var i = 0; i < dynamicElements.length; i++) { for (var j = 0; j < dynamicElements[i].length; j++) { dynamicElements[i][j].parentNode.parentNode.style.display = "none"; } } } }); } </script> ---- {noformat} h4. Solution [https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks] |
| Summary | Original: [contrast-continuous-application-security] Extract inline script blocks in com/aspectsecurity/contrast/contrastjenkins/VulnerabilityTrendRecorder/config.jelly | New: [contrast-continuous-application-security] Extract inline script block in com/aspectsecurity/contrast/contrastjenkins/VulnerabilityTrendRecorder/config.jelly |