Skip to content

Commit

Permalink
fix(doc): Verbatim
Browse files Browse the repository at this point in the history
  • Loading branch information
@gounthar
gounthar committed Nov 29, 2024
1 parent 666c623 commit 904ada2
Showing 1 changed file with 80 additions and 0 deletions.
80 changes: 80 additions & 0 deletions alpha/engagements/2024/Jenkins/update-2024-11.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -162,3 +162,83 @@ The team is targeting plugins with 10k installations:
11. Released the [validating-string-parameter plugin](https://github.com/jenkinsci/validating-string-parameter-plugin/releases/tag/249.v75d865a_a_d530)
12. Released the [warnings-ng plugin](https://github.com/jenkinsci/warnings-ng-plugin/releases/tag/v11.11.0)


# Report Date: Nov 26, 2024
## Current Status
some plugins generate html thanks to javascript, and use onclick. These haven't been found by the csp scanner yet
jensec now knows about it, but they won't have time to fix for the time being. We'll have to fix it by ourselves
Basil thinks it's pretty rare though. Maybe we'll also find onBlur, onChange.

The delivery pipeline plugin may have some of these onClick generated within Javascript.
The vmanager plugin too: https://github.com/jenkinsci/vmanager-plugin/blob/b90087f1c0ed84ce8fb056715a897b6fe69db3fb/src/main/webapp/js/vmanager_report.js#L12732
We should maybe prioritize Groovy generating Javascript instead of Javascript generating Javascript/HTML
Basil found some in quite a few plugins, like Jira Software Cloud plugin
emailext has some too!
emailext_template too
testng has a lot of this stuff
test result aggregator
nexus platform plugin too
emailext and jira software cloud plugins should be our priority
Basil will create the tickets for email extension template, nexus platforms, tests results, and so on.
testng-plugin-plugin/src/main/resources/hudson/plugins/testng/results/ClassResult/reportDetail.groovy
testng-plugin-plugin/src/main/resources/hudson/plugins/testng/results/PackageResult/reportDetail.groovy
testng-plugin-plugin/src/main/resources/hudson/plugins/testng/TestNGTestResultBuildAction/reportDetail.groovy
test-results-aggregator-plugin/src/main/resources/com/jenkins/testresultsaggregator/TestResultsAggregatorTestResultBuildAction/reportDetail.groovy
nexus-platform-plugin/src/main/resources/org/sonatype/nexus/ci/nxrm/NexusPublisherWorkflowStep/config.groovy

Basil fixed BlueOcean yesterday. Olivier Lamy should release it.

csp plugin has been released
It include a big change (see release notes).
It has been hardened, so it should catch more CSP violations that were previously missed.


### Progress Summary

### In-Progress Tasks
2. Shlomo works on [[JENKINS-74098] Remove inline JS script and legacy onClick handler](https://github.com/jenkinsci/plot-plugin/pull/147) for the plot plugin
3. Shlomo works on [build-cards not updating automatically without page refresh](https://github.com/jenkinsci/build-pipeline-plugin/pull/158) for the build-pipeline plugin
5. Shlomo works on [Fix jQuery target element for tooltip to work correctly in AbstractNameValueHeader/rowHeader.jelly](https://github.com/jenkinsci/build-pipeline-plugin/pull/156) for the build-pipeline plugin
3. Shlomo works on [[JENKINS-74806] Extract inline script bpp.jelly BuildPipelineView/bpp.jelly](https://github.com/jenkinsci/build-pipeline-plugin/pull/150) for the build-pipeline plugin
6. Yaroslav works on [[JENKINS-74892] Remove inline JavaScript handler in ExtEmailTemplateManagement/index.groovy](https://github.com/jenkinsci/emailext-template-plugin/pull/128) for the emailext-template plugin
7. Yaroslav works on [[JENKINS-74090] Remove unused checkUrl in TagAction/tagForm.jelly](https://github.com/jenkinsci/p4-plugin/pull/219) for the p4 plugin
8. Yaroslav works on [[JENKINS-74091] Remove unused JavaScript in ManualWorkspaceImpl/config.jelly](https://github.com/jenkinsci/p4-plugin/pull/218) for the p4 plugin
9. Yaroslav works on [Match inline event handlers in JavaScript files](https://github.com/daniel-beck/csp-scanner/pull/18) for the CSP scanner
10. Yaroslav works on [Make plugin CSP compliant](https://github.com/jfrog/jenkins-artifactory-plugin/pull/952) for the jenkins-artifactory plugin
11. Yaroslav works on [[JENKINS-74897] Address CSP violations](https://github.com/jenkinsci/testng-plugin-plugin/pull/335) for the testng-plugin plugin
12. Yaroslav works on [[JENKINS-74108] Extract inline JavaScript from ListGitBranchesParameterDefinition/index.jelly](https://github.com/jenkinsci/list-git-branches-parameter-plugin/pull/28) for the list-git-branches-parameter plugin
13. Shlomo works on [[JENKINS-74435] Extract inline JS script and legacy onClick handlers in ElectricflowPipelinePublisher/config.jelly](https://github.com/jenkinsci/electricflow-plugin/pull/395) for the electricflow plugin
14. Shlomo works on [[JENKINS-74434] Extract inline JS script and legacy onClick handlers in ElectricflowAssociateBuildToRelease/config.jelly](https://github.com/jenkinsci/electricflow-plugin/pull/394) for the electricflow plugin
15. Shlomo works on [[JENKINS-74433] Extract inline JS script and legacy onClick handlers in ElectricflowDeployApplication/config.jelly](https://github.com/jenkinsci/electricflow-plugin/pull/393) for the electricflow plugin
16. Shlomo works on [[JENKINS-74432] Extract the inline JS and legacy onClick handlers in ElectricFlowTriggerRelease/config.jelly](https://github.com/jenkinsci/electricflow-plugin/pull/392) for the electricflow plugin
17. Shlomo works on [[JENKINS-74431] Extract inline JS in ElectricFlowRunProcedure/config.jelly](https://github.com/jenkinsci/electricflow-plugin/pull/391) for the electricflow plugin
18. Shlomo works on [[JENKINS-74083] Extract inline JS scripts in WorkflowPipelineView Fullscreen mode](https://github.com/jenkinsci/delivery-pipeline-plugin/pull/38) for the delivery-pipeline plugin
19. Shlomo works on [[JENKINS-74085] Extract inline JS scripts in DeliveryPipelineView Fullscreen mode](https://github.com/jenkinsci/delivery-pipeline-plugin/pull/37) for the delivery-pipeline plugin
20. Shlomo works on [Remove framework.prototype.prototype adjunct - Throws file not found error](https://github.com/jenkinsci/delivery-pipeline-plugin/pull/36) for the delivery-pipeline plugin

### Completed Tasks
1. Yaroslav has worked on [[JENKINS-74850] Remove unused inline Javascript handler](https://github.com/jenkinsci/global-build-stats-plugin/pull/84 for the global-build-stats plugin
2. Yaroslav has worked on [[JENKINS-74741] Migrate from FromApply#applyResponse in ScriptlerBuilder.java](https://github.com/jenkinsci/scriptler-plugin/pull/126) for the scriptler plugin
3. Yaroslav has worked on [[JENKINS-74026][JENKINS-74027] Improve CSP compatibility](https://github.com/jenkinsci/active-choices-plugin/pull/380) for the active choices plugin
4. Yaroslav has worked on [[JENKINS-74025] Extract inline JavaScript from checkboxContent.jelly](https://github.com/jenkinsci/active-choices-plugin/pull/374) for the active choices plugin
5. Yaroslav has worked on [[JENKINS-74029] Extract inline JavaScript from radioContent.jelly](https://github.com/jenkinsci/active-choices-plugin/pull/373) for the active choices plugin
6. Yaroslav has worked on [[JENKINS-74871] Fix the broken jelly view](https://github.com/jenkinsci/validating-string-parameter-plugin/pull/147) for the validating-string-parameter plugin
7. Yaroslav has worked on [[JENKINS-74081] Migrate legacy checkUrl in /ValidatingStringParameterDefinition/index.jelly](https://github.com/jenkinsci/validating-string-parameter-plugin/pull/146) for the validating-string-parameter plugin
8. Yaroslav has worked on [[JENKINS-74072] Extract inline JavaScript from DependencyCheck/ResultAction/index.jelly](https://github.com/jenkinsci/dependency-check-plugin/pull/155) for the jenkinsci/dependency-check plugin
9. Yaroslav has worked on [[JENKINS-74100] Extract inline JavaScript from GitlabLogoProperty/global.jelly](https://github.com/jenkinsci/gitlab-logo-plugin/pull/80) for the gitlab-logo plugin
10. Yaroslav has worked on [[JENKINS-74890] Extract inline JavaScript from LogParserWriter.java](https://github.com/jenkinsci/log-parser-plugin/pull/135) for the log-parser plugin
11. Yaroslav has worked on [[JENKINS-74893] Extract inline JavaScript event handlers](https://github.com/jenkinsci/build-failure-analyzer-plugin/pull/184) for the build-failure-analyzer plugin
12. Shlomo has worked on [[JENKINS-74095] [JENKINS-74096] [JENKINS-74097] [JENKINS-74099] Remove legacy checkUrl handlers](https://github.com/jenkinsci/plot-plugin/pull/146) for the plot plugin
13. Shlomo has worked on [[JENKINS-74103] ]Remove inline JS script and onClick handler in CatProjectViewRow.jelly](https://github.com/jenkinsci/categorized-view-plugin/pull/75) for the categorized-view plugin
14. Shlomo has worked on [[JENKINS-74102] Remove inline JS script in catProjectView.jelly](https://github.com/jenkinsci/categorized-view-plugin/pull/74) for the categorized-view plugin

### Released Plugins
1. Released the [global-build-stats-plugin](https://github.com/jenkinsci/global-build-stats-plugin/releases/tag/316.vf8870f424d78)
2. Released the [emailext-template-plugin](https://github.com/jenkinsci/emailext-template-plugin/releases/tag/219.v14fff547f78d)
3. Released the [scriptler-plugin](https://github.com/jenkinsci/scriptler-plugin/releases/tag/385.vd01d180290b_c)
4. Released the [validating-string-parameter-plugin](https://github.com/jenkinsci/validating-string-parameter-plugin/releases/tag/251.vc34e592b_8a_4d)
5. Released the [gitlab-logo-plugin](https://github.com/jenkinsci/gitlab-logo-plugin/releases/tag/130.v9d2696eb_8dc6)
6. Released the [log-parser-plugin](https://github.com/jenkinsci/log-parser-plugin/releases/tag/v2.3.6)
7. Released the [plot-plugin](https://github.com/jenkinsci/plot-plugin/releases/tag/plot-2.2.0)
8. Released the [categorized-view-plugin](https://github.com/jenkinsci/categorized-view-plugin/releases/tag/164.v1c1b_dd4cdb_62)

0 comments on commit 904ada2

Please sign in to comment.