Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-21870

The extension security indexer does not properly match webjar extension

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Major
    • None
    • 16.0.0
    • Extension - Security
    • None
    • Unknown

    Description

      Most webjars have an id that looks like org.webjars:jquery.

      Problem is that currently the security scanner search for vulnerabilities the following way:

      • ecosystem: maven
      • id: <groupid>:<artifactid> (so "org.webjars:jquery")

      which is obviously not going to work for most of the webjars.

      It would probably make more sense, when the extension type is "webjar", to (also or only) search for:

      • ecosystem: npm
      • id: <artifactid> ("so jquery")

      Attachments

        Activity

          People

            Unassigned Unassigned
            tmortagne Thomas Mortagne
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: