Content security Policy (CSP) handled from Plugin

Hi Team,

 

We have developed a plugin (Build Step Plugin) which requires an access to external api, but because of Content security policy user needs to update the internal properties file manually, can you please help us in implementing the ContentSecurityPolicyConfig interface in the plugin itself.

Can you provide the some example of method implementation of 

addUnprotectedPath
addDirectiveItems
removeDirectiveItems

 

We didn't find anything related to this in whole community.

We need to add the following config

teamcity.web.header.Content-Security-Policy.adminUI.protectedValue=frame-ancestors 'self'; connect-src 'self' ws: wss: http://localhost:9001/api/v3/schedules
teamcity.web.header.Content-Security-Policy.protectedValue=frame-ancestors 'self'; connect-src 'self' ws: wss: http://localhost:9001/api/v3/schedules
 

1
1 comment

Hello! I solved it working directly with the internal.properties file where the content-security-policies are defined.

Using some environment variables and system properties, I managed to find the <TeamCity_Data> directory, and inside the "config" folder where the internal.properties should be.

System.env: "TEAMCITY_DATA_PATH";
System.property: "teamcity.data.path";

When running the Teamcity instance on windows, installed as a services, the System.env: "TEAMCITY_DATA_PATH" wasn't asigned, so I figured it out reading the agent.home.dir first, going back to his parent to get the TeamCity_Server directory, and then going inside "conf" folder, and reading the "teamcity-startup.properties" which have the teamcity_data path in there.

System.property: "agent.home.dir";
new File(this.getSystemProperties().get(PluginConstants.AGENT_HOME_DIR)).getParent()

I'm leaving my approach below:

String pathSeparator = PluginConstants.SLASH;
String teamcityDataPath = teamcityContext.getDataPath();
if ( OSValidator.isWindows() ){
pathSeparator = PluginConstants.BACK_SLASH;
teamcityDataPath = teamcityDataPath.replace(PluginConstants.C_BACK_SLASH_COLON_DOUBLE_BACK_SLASH, PluginConstants.C_COLON_BACK_SLASH);
}
StringBuilder internalPropertiesFilePath = new StringBuilder();
internalPropertiesFilePath.append(teamcityDataPath);
internalPropertiesFilePath.append(pathSeparator);
internalPropertiesFilePath.append(PluginConstants.CONFIG);
internalPropertiesFilePath.append(pathSeparator);
internalPropertiesFilePath.append(pathSeparator);
internalPropertiesFilePath.append(PluginConstants.INTERNAL_PROPERTIES_FILE);
File internalPropertiesFile = new File(internalPropertiesFilePath.toString());
try {
internalPropertiesFile.createNewFile();
boolean lineEdited = false;
StringBuffer stringBuffer = new StringBuffer();
Scanner reader = new Scanner(internalPropertiesFile);
while (reader.hasNextLine()) {
String line = reader.nextLine();
String firstChar = !line.isBlank() ? Character.toString(line.trim().charAt(0)) : "";
if ( !firstChar.equals("#") && line.contains(PluginConstants.CONTENT_POLICY_PROPERTY)
&& line.contains(PluginConstants.IMG_SRC_POLICY)
&& line.contains(PluginConstants.SOOS_IMAGES_PRODUCTION_CDN)) {
reader.close();
return;
} else if ( !firstChar.equals("#") && line.contains(PluginConstants.CONTENT_POLICY_PROPERTY)
&& line.contains(PluginConstants.IMG_SRC_POLICY) ) {
int index = line.indexOf("blob: ");
line = line.substring(0, index + 6).concat(PluginConstants.SOOS_IMAGES_PRODUCTION_CDN).concat(" ").concat(line.substring(index + 6));
lineEdited = true;
}
stringBuffer.append(line.concat(System.lineSeparator()));
}
reader.close();
if ( !lineEdited ) {
BufferedWriter writer = new BufferedWriter(new FileWriter(internalPropertiesFile,true));
StringBuilder fileText = new StringBuilder();
fileText.append(PluginConstants.CONTENT_POLICY_PROPERTY);
fileText.append(PluginConstants.EQUAL);
fileText.append(PluginConstants.IMG_SRC_POLICY);
fileText.append(PluginConstants.SOOS_IMAGES_PRODUCTION_CDN);
writer.newLine();
writer.write(fileText.toString());
writer.close();
return;
}
BufferedWriter writer = new BufferedWriter(new FileWriter(internalPropertiesFile));
writer.write(stringBuffer.toString());
writer.close();
} catch (IOException e) {
LOG.severe("Failed to write to internal.properties file: ".concat(e.getMessage()));
}

Hope this information can help you! I didn't find another approach on this.

0

Please sign in to leave a comment.