Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-74883

[blueocean] Remove unsafe eval call from third-party library

XMLWordPrintable

      Problem

      Blue Ocean embeds third-party libraries that call eval. For example:

      EvalError: call to Function() blocked by CSP
    optimizeLookup https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:48503
    [223]</< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:48507
    [223]< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:49728
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    [222]< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:48330
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    [238]</< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:53245
    [238]< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:53710
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    [230]< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:51456
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    [233]< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:51983
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    [248]</< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:54046
    [248]< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:54193
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    [243]< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:53979
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    [379]< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:71583
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    [375]< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:70717
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    [377]< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:71215
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    [376]< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:71127
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    execute https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:68818
    ___exec https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:67756
    make https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:2834
    ___$$$___exec https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:67753
    ___$$$___doBundleInit https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:67830
    [348]</< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:67842
    doFulfill https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:2860
    onFulfilled https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:2872
    [348]< https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:67841
    o https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    r https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
    <anonymous> https://127.0.0.1/adjuncts/f72d66ff/io/jenkins/blueocean/blueocean-core-js.js:1
blueocean-core-js.js:67758:17

      Solution

      https://www.jenkins.io/doc/developer/security/csp/#eval-calls

            basil Basil Crow
            basil Basil Crow
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: