mirror of
https://github.com/grafana/grafana.git
synced 2025-07-29 21:12:21 +08:00
Plugins: Add Subresource Integrity checks (#93024)
* Plugins: Pass hashes for SRI to frontend
* Add SRI hashes to frontendsettings DTOs
* Add docstring
* TestSriHashes
* Fix typo
* Changed SriHashes to ModuleHash
* update loader_test compareOpts
* update ModuleHash error message
* Add TestModuleHash/no_module.js
* Add omitEmpty to moduleHash
* Add ModuleHash to api/plugins/${pluginId}/settings
* moved ModuleHash field
* feat(plugins): add moduleHash to bootData and plugin types
* feat(plugins): if moduleHash is available apply it to systemjs importmap
* Calculate ModuleHash for CDN provisioned plugins
* Add ModuleHash tests for TestCalculate
* adjust test case name
* removed .envrc
* Fix signature verification failing for internal plugins
* fix tests
* Add pluginsFilesystemSriChecks feature togglemk
* renamed FilesystemSriChecksEnabled
* refactor(plugin_loader): prefer extending type declaration over ts-error
* added a couple more tests
* Removed unused features
* Removed unused argument from signature.DefaultCalculator call
* Removed unused argument from bootstrap.DefaultConstructFunc
* Moved ModuleHash to pluginassets service
* update docstring
* lint
* Removed cdn dependency from manifest.Signature
* add tests
* fix extra parameters in tests
* "fix" tests
* removed outdated test
* removed unused cdn dependency in signature.DefaultCalculator
* reduce diff
* Cache returned values
* Add support for deeply nested plugins (more than 1 hierarchy level)
* simplify cache usage
* refactor TestService_ModuleHash_Cache
* removed unused testdata
* re-generate feature toggles
* use version for module hash cache
* Renamed feature toggle to pluginsSriChecks and use it for both cdn and filesystem
* Removed app/types/system-integrity.d.ts
* re-generate feature toggles
* re-generate feature toggles
* feat(plugins): put systemjs integrity hash behind feature flag
---------
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
This commit is contained in:
Giuseppe Guerra
@ -27,6 +27,8 @@ import (
|
||||
"github.com/grafana/grafana/pkg/plugins/manager/fakes"
|
||||
"github.com/grafana/grafana/pkg/plugins/manager/filestore"
|
||||
"github.com/grafana/grafana/pkg/plugins/manager/registry"
|
||||
"github.com/grafana/grafana/pkg/plugins/manager/signature"
|
||||
"github.com/grafana/grafana/pkg/plugins/manager/signature/statickey"
|
||||
"github.com/grafana/grafana/pkg/plugins/pfs"
|
||||
"github.com/grafana/grafana/pkg/plugins/pluginscdn"
|
||||
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
|
||||
@ -788,7 +790,6 @@ func Test_PluginsSettings(t *testing.T) {
|
||||
Info: plugins.Info{
|
||||
Version: "1.0.0",
|
||||
}}, plugins.ClassExternal, plugins.NewFakeFS())
|
||||
|
||||
pluginRegistry := &fakes.FakePluginRegistry{
|
||||
Store: map[string]*plugins.Plugin{
|
||||
p1.ID: p1,
|
||||
@ -843,8 +844,10 @@ func Test_PluginsSettings(t *testing.T) {
|
||||
ErrorCode: tc.errCode,
|
||||
})
|
||||
}
|
||||
pluginCDN := pluginscdn.ProvideService(&config.PluginManagementCfg{})
|
||||
hs.pluginAssets = pluginassets.ProvideService(hs.Cfg, pluginCDN)
|
||||
pCfg := &config.PluginManagementCfg{}
|
||||
pluginCDN := pluginscdn.ProvideService(pCfg)
|
||||
sig := signature.ProvideService(pCfg, statickey.New())
|
||||
hs.pluginAssets = pluginassets.ProvideService(pCfg, pluginCDN, sig, hs.pluginStore)
|
||||
hs.pluginErrorResolver = pluginerrs.ProvideStore(errTracker)
|
||||
var err error
|
||||
hs.pluginsUpdateChecker, err = updatechecker.ProvidePluginsService(hs.Cfg, nil, tracing.InitializeTracerForTest())
|
||||
|
||||
Reference in New Issue
Block a user