-
Task
-
Resolution: Unresolved
-
Minor
Problems
== Inline Script Block
Line: 22
----
<script type="text/javascript">
// Load google charts
google.charts.load('current', {'packages': ['corechart']});
google.charts.setOnLoadCallback(getData);
function getData() {
<j:forEach var="entry" items="${it.report.getProviders().entrySet()}">
<j:set var="key" value="${entry.key}"/>
<j:set var="value" value="${entry.value}"/>
<j:choose>
<j:when test="${key != 'trusted-content'}">
drawChart('${key}', ${value.getSources().get(key).getSummary().getLow()},
${value.getSources().get(key).getSummary().getMedium()},
${value.getSources().get(key).getSummary().getHigh()},
${value.getSources().get(key).getSummary().getCritical()});
</j:when>
</j:choose>
</j:forEach>
}
// Draw the chart and set the chart values
function drawChart(providerKey, low, medium, high, critical) {
var data = google.visualization.arrayToDataTable([
['Severity', 'Vulnerabilities'],
['Low', low],
['Medium', medium],
['High', high],
['Critical', critical]
]);
var options = {
'title': 'Severity of Vulnerabilities',
'width': 450,
'height': 300,
pieSliceText: 'value',
is3D: true,
titleTextStyle: {fontSize: 18},
legend: {textStyle: {color: 'blue', fontSize: 15}},
fontSize: 15,
slices: {0: {color: '#cccc00'}, 1: {color: '#ffa500'}, 2: {color: '#ff0000'}, 3: {color: '#800000'}}
};
var chartDivId = 'vulnchart_' + providerKey;
var pie = document.getElementById(chartDivId);
pie.style.display = "block";
var chart = new google.visualization.PieChart(pie);
chart.draw(data, options);
}
</script>
----
== Inline Script Block
Line: 133
----
<script>
function downloadReport() {
// Get the download URL
var downloadURL = generateURL();
// Create a temporary anchor element
var downloadLink = document.createElement("a");
// Set the download link attributes
downloadLink.href = downloadURL;
downloadLink.download = "Dependency-Analytics-Report.html.html";
// Append the anchor element to the body
document.body.appendChild(downloadLink);
// Trigger a click event on the anchor element
downloadLink.click();
// Remove the anchor element from the body
document.body.removeChild(downloadLink);
}
function generateURL() {
var currentUrl = window.location.pathname;
const pathArray = currentUrl.split("/");
var splitLoc = currentUrl.indexOf("/" + pathArray[pathArray.length - 2] + "/") + 1;
var baseUrl = currentUrl.substring(0, splitLoc);
var url = `${it.jobtype}`
if (url === "pipeline") {
return baseUrl + "lastSuccessfulBuild/artifact/dependency-analytics-report.html";
} else {
return baseUrl + "artifact/dependency-analytics-report.html";
}
}
</script>
----
== Inline Event Handler
Line: 131
----
<input type="button" onclick="downloadReport();" value="Download RHDA Report (Details)"/>
----
Solutions
https://www.jenkins.io/doc/developer/security/csp/#inline-javascript-blocks
https://www.jenkins.io/doc/developer/security/csp/#inline-event-handlers
