Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add config option to enable unsanitized HTML log output Fix #4690 #4784

Merged
merged 10 commits into from May 30, 2019

Conversation

@sjrd218
Copy link
Contributor

commented May 3, 2019

Allow automatic html stripping to be turned off by adding content-meta:no-strip=true to the log entry metadata.

@gschueler
Copy link
Member

left a comment

I think to fully implement this, the RenderDatatypeFilterPlugin should be updated to allow adding that meta flag to disable html sanitizing.

Also, it should be disabled by default (even with the metadata flag), and only enabled via config for project, which can also be prevented via global config. i.e. default behavior prevents any un-sanitized html, an admin can enable the option to allow it, and setting project config is required to allow it per-project.

sjrd218 added some commits May 3, 2019

Add framework and project properties to allow unsantized HTML to be u…
…sed with log output.

Add property to RenderDataTypeFilterPlugin to control html sanitization.

@sjrd218 sjrd218 force-pushed the issue/4690 branch from 8e999a8 to 59de141 May 13, 2019

@sjrd218

This comment has been minimized.

Copy link
Contributor Author

commented May 13, 2019

I've added the requested features for disabling this behavior at both the framework and project level. I've also added the property to the RenderDatatypeFilterPlugin to control the setting. The framework and project settings are enabled by adding entries to the framework.properties and project.properties. Is that sufficient, or is there additional UI that needs to be created to control these settings?

@sjrd218 sjrd218 requested a review from gschueler May 15, 2019

@gschueler

This comment has been minimized.

Copy link
Member

commented May 18, 2019

If you want to enable this as a GUI checkbox for project, settings, you can add it here:

public static final List<Property> ProjectConfigProperties = [
PropertyBuilder.builder().with {
options 'readmeDisplay'
title 'Display the Project Readme'
values("projectList", "projectHome")
labels([projectList: "Projects List", projectHome: "Project Home Page"])
required(false)
defaultValue null
}.build(),
PropertyBuilder.builder().with {
options 'motdDisplay'
title 'Display the Project MOTD'
values("projectList", "projectHome", "navbar")
labels([projectList: "Projects List", projectHome: "Project Home Page", navbar: "Navbar Indicator"])
required(false)
defaultValue null
}.build(),
]
public static final String CONF_PROJ_README_DISPLAY = 'project.gui.readme.display'
public static final String CONF_PROJ_MOTD_DISPLAY = 'project.gui.motd.display'
public static final String PROJ_DISPLAY_DEFAULT = 'none'
final LinkedHashMap<String, String> ConfigPropertiesMapping = [
'readmeDisplay': CONF_PROJ_README_DISPLAY,
'motdDisplay' : CONF_PROJ_MOTD_DISPLAY,
]
@Override
Map<String, String> getCategories() {
[readmeDisplay: "gui", motdDisplay: 'gui']
}
@Override
List<Property> getProjectConfigProperties() {
ProjectConfigProperties
}
@Override
Map<String, String> getPropertiesMapping() {
ConfigPropertiesMapping
}

or in another bean implementing ProjectConfigurable.

As long as it is documented, GUI presentation can be added later

@gschueler gschueler changed the title Fix #4690 Add config option to enable unsanitized HTML log output Fix #4690 May 20, 2019

@gschueler gschueler added this to the 3.1.0 milestone May 20, 2019

sjrd218 and others added some commits May 21, 2019

@gschueler

This comment has been minimized.

Copy link
Member

commented May 30, 2019

Merge master again?

@gschueler gschueler merged commit f1b5475 into master May 30, 2019

21 checks passed

Mergeable Mergeable Run has been Completed!
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
security/snyk - build.gradle (rundeck) No manifest changes detected
security/snyk - core/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/copyfile-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/flow-control-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/git-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/jasypt-encryption-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/job-state-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/localexec-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/orchestrator-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/script-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/source-refresh-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/stub-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - plugins/upvar-plugin/build.gradle (rundeck) No manifest changes detected
security/snyk - rundeck-storage/build.gradle (rundeck) No manifest changes detected
security/snyk - rundeckapp/build.gradle (rundeck) No manifest changes detected
security/snyk - rundeckapp/grails-spa/package.json (rundeck) No manifest changes detected
security/snyk - rundeckapp/metricsweb/build.gradle (rundeck) No manifest changes detected
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.