Plugins: Ignore trailing slash in root URL check (grafana#35338)

* ignore trailing slash in root URL check

* apply pr feedback

pkg/plugins/manager/manager_test.go

@@ -282,6 +282,35 @@ func TestPluginManager_Init(t *testing.T) {
 		assert.Nil(t, pm.plugins[("test")])
 	})
 
+	t.Run("With back-end plugin with valid v2 private signature (plugin root URL ignores trailing slash)", func(t *testing.T) {
+		origAppURL := setting.AppUrl
+		origAppSubURL := setting.AppSubUrl
+		t.Cleanup(func() {
+			setting.AppUrl = origAppURL
+			setting.AppSubUrl = origAppSubURL
+		})
+		setting.AppUrl = "http://localhost:3000/"
+		setting.AppSubUrl = "/grafana"
+
+		pm := createManager(t, func(pm *PluginManager) {
+			pm.Cfg.PluginsPath = "testdata/valid-v2-pvt-signature-root-url-uri"
+		})
+		err := pm.Init()
+		require.NoError(t, err)
+		require.Empty(t, pm.scanningErrors)
+
+		const pluginID = "test"
+		assert.NotNil(t, pm.plugins[pluginID])
+		assert.Equal(t, "datasource", pm.plugins[pluginID].Type)
+		assert.Equal(t, "Test", pm.plugins[pluginID].Name)
+		assert.Equal(t, pluginID, pm.plugins[pluginID].Id)
+		assert.Equal(t, "1.0.0", pm.plugins[pluginID].Info.Version)
+		assert.Equal(t, plugins.PluginSignatureValid, pm.plugins[pluginID].Signature)
+		assert.Equal(t, plugins.PrivateType, pm.plugins[pluginID].SignatureType)
+		assert.Equal(t, "Will Browne", pm.plugins[pluginID].SignatureOrg)
+		assert.False(t, pm.plugins[pluginID].IsCorePlugin)
+	})
+
 	t.Run("With back-end plugin with valid v2 private signature", func(t *testing.T) {
 		origAppURL := setting.AppUrl
 		t.Cleanup(func() {

pkg/plugins/manager/manifest.go

@@ -10,6 +10,7 @@ import (
 	"io/ioutil"
 	"net/url"
 	"os"
+	"path"
 	"path/filepath"
 	"strings"
 
@@ -134,6 +135,11 @@ func getPluginSignatureState(log log.Logger, plugin *plugins.PluginBase) (plugin
 		if err != nil {
 			return plugins.PluginSignatureState{}, err
 		}
+		appSubURL, err := url.Parse(setting.AppSubUrl)
+		if err != nil {
+			return plugins.PluginSignatureState{}, err
+		}
+		appURLPath := path.Join(appSubURL.RequestURI(), appURL.RequestURI())
 
 		foundMatch := false
 		for _, u := range manifest.RootURLs {
@@ -142,11 +148,14 @@ func getPluginSignatureState(log log.Logger, plugin *plugins.PluginBase) (plugin
 				log.Warn("Could not parse plugin root URL", "plugin", plugin.Id, "rootUrl", rootURL)
 				return plugins.PluginSignatureState{}, err
 			}
+
 			if rootURL.Scheme == appURL.Scheme &&
-				rootURL.Host == appURL.Host &&
-				rootURL.RequestURI() == appURL.RequestURI() {
-				foundMatch = true
-				break
+				rootURL.Host == appURL.Host {
+				foundMatch = path.Clean(rootURL.RequestURI()) == appURLPath
+
+				if foundMatch {
+					break
+				}
 			}
 		}
 

pkg/plugins/manager/testdata/valid-v2-pvt-signature-root-url-uri/plugin/MANIFEST.txt

@@ -0,0 +1,30 @@
+
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+{
+  "manifestVersion": "2.0.0",
+  "signatureType": "private",
+  "signedByOrg": "willbrowne",
+  "signedByOrgName": "Will Browne",
+  "rootUrls": [
+    "http://localhost:3000/grafana/"
+  ],
+  "plugin": "test",
+  "version": "1.0.0",
+  "time": 1623165794939,
+  "keyId": "7e4d0c6a708866e7",
+  "files": {
+    "plugin.json": "2bb467c0bfd6c454551419efe475b8bf8573734e73c7bab52b14842adb62886f"
+  }
+}
+-----BEGIN PGP SIGNATURE-----
+Version: OpenPGP.js v4.10.1
+Comment: https://openpgpjs.org
+
+wqEEARMKAAYFAmC/i2MACgkQfk0ManCIZudCEgII80waYmySwVuB2cdeU3Vy
+FvYrhViYYimvTy5EQbDfC955UpHphcr4V5S+09se7D2bK8XZ/MYufnUp9QIU
+gOxCDrkCCQHTQ/aWxt8JAHGG/eoydKQEeAc9aFJyphdX57qXHVkAjvLzY5aO
+y9UltPQKOAN/soDra2m39VUf6DBi9K/sXfjwaA==
+=cd6n
+-----END PGP SIGNATURE-----

pkg/plugins/manager/testdata/valid-v2-pvt-signature-root-url-uri/plugin/plugin.json

@@ -0,0 +1,16 @@
+{
+  "type": "datasource",
+  "name": "Test",
+  "id": "test",
+  "backend": true,
+  "executable": "test",
+  "state": "alpha",
+  "info": {
+    "version": "1.0.0",
+    "description": "Test",
+    "author": {
+      "name": "Will Browne",
+      "url": "https://willbrowne.com"
+    }
+  }
+}