-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.19.0
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
When parsing a plugin name from SecurityPolicyViolationEvents, we fall back to using the sourceFile property. In some cases, this property may not contain the plugin name, and will report "browser-extension" as the source.
Version-Release number of selected component (if applicable):
4.19
How reproducible:
With some browser extensions
Steps to Reproduce:
1. Deploy the console demo plugin on a cluster, but update the image in "oc-manifest.yaml" to "quay.io/rhamito/console-demo-plugin-csp:latest"
2. Visit "/dynamic-route-1" in your console
3. View the CSP violation event that is logged in the browser logs
Actual results:
In some cases, "browser-extension" is reported as the source file, rather than the actual source file from the plugin. This causes the plugin name not to be parsed and therefore the event not logged as associated to a specific plugin.
Expected results:
The plugin name or some other uniquely identifiable property of a plugin should be more reliably parsed from SecurityPolicyViolationEvents so that they can be properly associated.
Additional info:
This issue was reproduced in a browser with several extensions active. The exact extension causing this bug has not yet been identified yet.
