Address comments

Author: jhadvig

cmd/bridge/main.go

@@ -129,7 +129,7 @@ func main() {
 	fContentSecurityPolicyEnabled := fs.Bool("content-security-policy-enabled", false, "Flag to indicate if Content Secrity Policy features should be enabled.")
 
 	consoleCSPFlags := serverconfig.MultiKeyValue{}
-	fs.Var(&consoleCSPFlags, "content-security-policy", "List of CSP directives that are enabled for the console. Each entry consist of csp-directive-name as a key and csp-directive-value as a value. Example: --content-security-policy ScriptSrc=\"https://example.com\" --content-security-policy FontSrc=\"https://example2.com https://example3.com\"")
+	fs.Var(&consoleCSPFlags, "content-security-policy", "List of CSP directives that are enabled for the console. Each entry consist of csp-directive-name as a key and csp-directive-value as a value. Example: --content-security-policy script-src=\"https://example.com\" --content-security-policy font-src=\"https://example2.com https://example3.com\"")
 
 	telemetryFlags := serverconfig.MultiKeyValue{}
 	fs.Var(&telemetryFlags, "telemetry", "Telemetry configuration that can be used by console plugins. Each entry should be a key=value pair.")

pkg/server/server.go

@@ -685,7 +685,7 @@ func (s *Server) indexHandler(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if s.ContentSecurityPolicyEnabled {
-		contentSecurityPolicy := utils.BuildCSPDirectives(s.K8sMode, s.ContentSecurityPolicy, indexPageScriptNonce)
+		contentSecurityPolicy, err := utils.BuildCSPDirectives(s.K8sMode, s.ContentSecurityPolicy, indexPageScriptNonce)
 		if err != nil {
 			klog.Fatalf("Error building Content Security Policy directives: %s", err)
 			os.Exit(1)

pkg/utils/utils.go

@@ -53,7 +53,7 @@ func RandomString(length int) (string, error) {
 
 // BuildCSPDirectives constructs a complete set of Content Security Policy (CSP) directives
 // based on the provided configuration and mode.
-func BuildCSPDirectives(k8sMode string, pluginsCSP serverconfig.MultiKeyValue, indexPageScriptNonce string) []string {
+func BuildCSPDirectives(k8sMode string, pluginsCSP serverconfig.MultiKeyValue, indexPageScriptNonce string) ([]string, error) {
 	nonce := fmt.Sprintf("'nonce-%s'", indexPageScriptNonce)
 
 	// Initialize directives with default values
@@ -98,7 +98,8 @@ func BuildCSPDirectives(k8sMode string, pluginsCSP serverconfig.MultiKeyValue, i
 		case connectSrc:
 			directives[connectSrc] = append(directives[connectSrc], sources)
 		default:
-			klog.Infof("ignored unsupported CSP directive: %v", directive)
+			klog.Errorf("ignored unsupported CSP directive: %v", directive)
+			return nil, fmt.Errorf("unsupported CSP directive: %v", directive)
 		}
 	}
 
@@ -120,5 +121,5 @@ func BuildCSPDirectives(k8sMode string, pluginsCSP serverconfig.MultiKeyValue, i
 	for _, directive := range directiveKeys {
 		cspDirectives = append(cspDirectives, fmt.Sprintf("%s %s", directive, strings.Join(directives[directive], " ")))
 	}
-	return cspDirectives
+	return cspDirectives, nil
 }

pkg/utils/utils_test.go

@@ -25,46 +25,14 @@ const (
 	frameAncestorsDirective = "frame-ancestors 'none'"
 )
 
-// func TestParseContentSecurityPolicyConfig(t *testing.T) {
-// 	tests := []struct {
-// 		name string
-// 		csp  serverconfig.MultiKeyValue
-// 		want *map[v1.DirectiveType][]string
-// 	}{
-// 		{
-// 			name: "empty string",
-// 			csp:  serverconfig.MultiKeyValue{},
-// 			want: &map[consolev1.DirectiveType][]string{},
-// 		},
-// 		{
-// 			name: "valid CSP",
-// 			csp: serverconfig.MultiKeyValue{
-// 				"DefaultSrc": "foo.bar.default",
-// 				"ScriptSrc":  "foo.bar.script",
-// 			},
-// 			want: &map[consolev1.DirectiveType][]string{
-// 				"DefaultSrc": {"foo.bar.default"},
-// 				"ScriptSrc":  {"foo.bar.script"},
-// 			},
-// 		},
-// 	}
-// 	for _, tt := range tests {
-// 		t.Run(tt.name, func(t *testing.T) {
-// 			parsedCSP := ParseContentSecurityPolicyConfig(tt.csp)
-// 			if !reflect.DeepEqual(parsedCSP, tt.want) {
-// 				t.Errorf("ParseContentSecurityPolicyConfig() error = %v, want %v", parsedCSP, tt.want)
-// 			}
-// 		})
-// 	}
-// }
-
 func TestBuildCSPDirectives(t *testing.T) {
 	tests := []struct {
 		name                  string
 		k8sMode               string
 		contentSecurityPolicy serverconfig.MultiKeyValue
 		indexPageScriptNonce  string
 		want                  []string
+		shouldError           bool
 	}{
 		{
 			name:                  "on-cluster",
@@ -82,6 +50,7 @@ func TestBuildCSPDirectives(t *testing.T) {
 				onClusterScriptSrc + " 'unsafe-eval' 'nonce-foobar'",
 				onClusterStyleSrc + " 'unsafe-inline'",
 			},
+			shouldError: false,
 		},
 		{
 			name:                  "off-cluster",
@@ -99,6 +68,7 @@ func TestBuildCSPDirectives(t *testing.T) {
 				offClusterScriptSrc + " 'unsafe-eval' 'nonce-foobar'",
 				offClusterStyleSrc + " 'unsafe-inline'",
 			},
+			shouldError: false,
 		},
 		{
 			name:                 "on-cluster with config",
@@ -123,6 +93,7 @@ func TestBuildCSPDirectives(t *testing.T) {
 				onClusterScriptSrc + " foo.bar foo.bar.baz 'unsafe-eval' 'nonce-foobar'",
 				onClusterStyleSrc + " foo.bar foo.bar.baz 'unsafe-inline'",
 			},
+			shouldError: false,
 		},
 		{
 			name:                 "off-cluster with config",
@@ -147,14 +118,31 @@ func TestBuildCSPDirectives(t *testing.T) {
 				offClusterScriptSrc + " foo.bar foo.bar.baz 'unsafe-eval' 'nonce-foobar'",
 				offClusterStyleSrc + " foo.bar foo.bar.baz 'unsafe-inline'",
 			},
+			shouldError: false,
+		},
+		{
+			name:                 "config with invalid CSP",
+			k8sMode:              "off-cluster",
+			indexPageScriptNonce: "foobar",
+			contentSecurityPolicy: serverconfig.MultiKeyValue{
+				"invalid-src": "foo.bar.baz",
+			},
+			want:        []string{},
+			shouldError: true,
 		},
 	}
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 
-			got := BuildCSPDirectives(tt.k8sMode, tt.contentSecurityPolicy, tt.indexPageScriptNonce)
-			if !reflect.DeepEqual(got, tt.want) {
+			got, err := BuildCSPDirectives(tt.k8sMode, tt.contentSecurityPolicy, tt.indexPageScriptNonce)
+
+			if (err != nil) != tt.shouldError {
+				t.Errorf("buildCSPDirectives() error = %v, wantErr %v", err, tt.shouldError)
+				return
+			}
+
+			if err == nil && !reflect.DeepEqual(got, tt.want) {
 				t.Errorf("buildCSPDirectives() got = %v, want %v", got, tt.want)
 			}
 		})