Plugins: Validate root URLs when signing private plugins via grafana-toolkit (#51968)

* validate URLs

* apply PR review feedback

* fix err msg

packages/grafana-toolkit/src/cli/tasks/plugin.ci.ts

@@ -5,7 +5,7 @@ import rimrafCallback from 'rimraf';
 import { promisify } from 'util';
 
 import { getPluginId } from '../../config/utils/getPluginId';
-import { getPluginJson } from '../../config/utils/pluginValidation';
+import { assertRootUrlIsValid, getPluginJson } from '../../config/utils/pluginValidation';
 import {
   getJobFolder,
   writeJobStats,
@@ -141,6 +141,7 @@ const packagePluginRunner: TaskRunner<PluginCIOptions> = async ({ signatureType,
       manifest.signatureType = signatureType;
     }
     if (rootUrls) {
+      rootUrls.forEach(assertRootUrlIsValid);
       manifest.rootUrls = rootUrls;
     }
     const signedManifest = await signManifest(manifest);

packages/grafana-toolkit/src/cli/tasks/plugin.sign.ts

@@ -1,5 +1,6 @@
 import path from 'path';
 
+import { assertRootUrlIsValid } from '../../config/utils/pluginValidation';
 import { buildManifest, signManifest, saveManifest } from '../../plugins/manifest';
 
 import { getToolkitVersion } from './plugin.utils';
@@ -22,6 +23,7 @@ const pluginSignRunner: TaskRunner<PluginSignOptions> = async ({ signatureType,
       manifest.signatureType = signatureType;
     }
     if (rootUrls) {
+      rootUrls.forEach(assertRootUrlIsValid);
       manifest.rootUrls = rootUrls;
     }
 

packages/grafana-toolkit/src/config/utils/pluginValidation.ts

@@ -36,3 +36,11 @@ export const getPluginJson = (path: string): PluginMeta => {
 
   return pluginJson as PluginMeta;
 };
+
+export const assertRootUrlIsValid = (rootUrl: string) => {
+  try {
+    new URL(rootUrl);
+  } catch (err) {
+    throw new Error(`${rootUrl} is not a valid URL`);
+  }
+};