Sandbox: do not load grafana signed app plugins into the sandbox (#78334)

* Sandbox: do not load grafana signed app plugins into the sandbox

* remove unused dependency
This commit is contained in:
Esteban Beltran 2023-11-20 12:00:31 +01:00 committed by GitHub
parent 437ae8e8c5
commit cfc67a9e2d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 38 additions and 11 deletions

View File

@ -68,7 +68,7 @@ export async function importPluginModule({
}
// the sandboxing environment code cannot work in nodejs and requires a real browser
if (isFrontendSandboxSupported({ isAngular, pluginId })) {
if (await isFrontendSandboxSupported({ isAngular, pluginId })) {
return importPluginModuleInSandbox({ pluginId });
}

View File

@ -1,9 +1,12 @@
import { isNearMembraneProxy } from '@locker/near-membrane-shared';
import React from 'react';
import { PluginSignatureType, PluginType } from '@grafana/data';
import { LogContext } from '@grafana/faro-web-sdk';
import { logWarning as logWarningRuntime, logError as logErrorRuntime, config } from '@grafana/runtime';
import { getPluginSettings } from '../pluginSettings';
import { SandboxedPluginObject } from './types';
const monitorOnly = Boolean(config.featureToggles.frontendSandboxMonitorOnly);
@ -38,23 +41,47 @@ export function logError(error: Error, context?: LogContext) {
logErrorRuntime(error, context);
}
export function isFrontendSandboxSupported({
export async function isFrontendSandboxSupported({
isAngular,
pluginId,
}: {
isAngular?: boolean;
pluginId: string;
}): boolean {
}): Promise<boolean> {
// Only if the feature is not enabled no support for sandbox
if (!Boolean(config.featureToggles.pluginsFrontendSandbox)) {
return false;
}
// no support for angular plugins
if (isAngular) {
return false;
}
// To fast test and debug the sandbox in the browser.
const sandboxQueryParam = location.search.includes('nosandbox') && config.buildInfo.env === 'development';
const sandboxDisableQueryParam = location.search.includes('nosandbox') && config.buildInfo.env === 'development';
if (sandboxDisableQueryParam) {
return false;
}
// if disabled by configuration
const isPluginExcepted = config.disableFrontendSandboxForPlugins.includes(pluginId);
return (
!isAngular &&
Boolean(config.featureToggles.pluginsFrontendSandbox) &&
process.env.NODE_ENV !== 'test' &&
!isPluginExcepted &&
!sandboxQueryParam
);
if (isPluginExcepted) {
return false;
}
// no sandbox in test mode. it often breaks e2e tests
if (process.env.NODE_ENV === 'test') {
return false;
}
// we don't run grafana-own apps in the sandbox
const pluginMeta = await getPluginSettings(pluginId);
if (pluginMeta.type === PluginType.app && pluginMeta.signatureType === PluginSignatureType.grafana) {
return false;
}
return true;
}
function isRegex(value: unknown): value is RegExp {