<html>
<head>
<link href="/osm/static/style.css" rel="stylesheet">
-<title>Welcome to OSM</title>
+ <title>Welcome to OSM</title>
+ <link rel="shortcut icon" href="/osm/static/favicon.ico">
</head>
<body>
<div id="osm_topmenu">
<a href="/osm/admin/v1/sdns">SDNs </a>
<a href="/osm/admin/v1/k8sclusters">K8s_clusters </a>
<a href="/osm/admin/v1/k8srepos">K8s_repos </a>
+ <a href="/osm/nslcm/v1/subscriptions">NS_Subs </a>
<a href="/osm/admin/v1/tokens?METHOD=DELETE">logout </a>
</div>
</div>
<head><META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link href="/osm/static/style.css" rel="stylesheet">
<title>OSM Login</title>
+ <link rel="shortcut icon" href="/osm/static/favicon.ico">
</head>
<body>
<div id="osm_header">
</form>
"""
+html_vnfpackage_body = (
+ """<a href="/osm/vnfpkgm/v1/vnf_packages/{id}/artifacts">Artifacts </a>"""
+)
+html_nspackage_body = (
+ """<a href="/osm/nsd/v1/ns_descriptors/{id}/artifacts">Artifacts </a>"""
+)
+
def format(data, request, response, toke_info):
"""
:param response: cherrypy response
:return: string with teh html response
"""
- response.headers["Content-Type"] = 'text/html'
+ response.headers["Content-Type"] = "text/html"
if response.status == HTTPStatus.UNAUTHORIZED.value:
- if response.headers.get("WWW-Authenticate") and request.config.get("auth.allow_basic_authentication"):
- response.headers["WWW-Authenticate"] = "Basic" + response.headers["WWW-Authenticate"][6:]
+ if response.headers.get("WWW-Authenticate") and request.config.get(
+ "auth.allow_basic_authentication"
+ ):
+ response.headers["WWW-Authenticate"] = (
+ "Basic" + response.headers["WWW-Authenticate"][6:]
+ )
return
else:
return html_auth2.format(error=data)
if request.path_info in ("/version", "/system"):
- return "<pre>" + yaml.safe_dump(data, explicit_start=False, indent=4, default_flow_style=False) + "</pre>"
- body = html_body.format(item=request.path_info)
+ return (
+ "<pre>"
+ + yaml.safe_dump(
+ data, explicit_start=False, indent=4, default_flow_style=False
+ )
+ + "</pre>"
+ )
+ body = html_body.format(item=html_escape(request.path_info))
if response.status and response.status > 202:
- body += html_body_error.format(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False))
+ # input request.path_info (URL) can contain XSS that are translated into output error detail
+ body += html_body_error.format(
+ html_escape(
+ yaml.safe_dump(
+ data, explicit_start=True, indent=4, default_flow_style=False
+ )
+ )
+ )
elif isinstance(data, (list, tuple)):
if request.path_info == "/vnfpkgm/v1/vnf_packages":
body += html_upload_body.format(request.path_info + "_content", "VNFD")
data_id = k.pop("_id", None)
elif isinstance(k, str):
data_id = k
- body += '<p> <a href="/osm/{url}/{id}">{id}</a>: {t} </p>'.format(url=request.path_info, id=data_id,
- t=html_escape(str(k)))
+ body += '<p> <a href="/osm/{url}/{id}">{id}</a>: {t} </p>'.format(
+ url=request.path_info, id=data_id, t=html_escape(str(k))
+ )
elif isinstance(data, dict):
if "Location" in response.headers:
body += '<a href="{}"> show </a>'.format(response.headers["Location"])
else:
- body += '<a href="/osm/{}?METHOD=DELETE"> <img src="/osm/static/delete.png" height="25" width="25"> </a>'\
- .format(request.path_info)
- if request.path_info.startswith("/nslcm/v1/ns_instances_content/") or \
- request.path_info.startswith("/nslcm/v1/ns_instances/"):
- _id = request.path_info[request.path_info.rfind("/")+1:]
+ _id = request.path_info[request.path_info.rfind("/") + 1 :]
+ body += '<a href="/osm/{}?METHOD=DELETE"> <img src="/osm/static/delete.png" height="25" width="25"> </a>'.format(
+ request.path_info
+ )
+ if request.path_info.startswith(
+ "/nslcm/v1/ns_instances_content/"
+ ) or request.path_info.startswith("/nslcm/v1/ns_instances/"):
body += html_nslcmop_body.format(id=_id)
- elif request.path_info.startswith("/nsilcm/v1/netslice_instances_content/") or \
- request.path_info.startswith("/nsilcm/v1/netslice_instances/"):
- _id = request.path_info[request.path_info.rfind("/")+1:]
+ elif request.path_info.startswith(
+ "/nsilcm/v1/netslice_instances_content/"
+ ) or request.path_info.startswith("/nsilcm/v1/netslice_instances/"):
body += html_nsilcmop_body.format(id=_id)
- body += "<pre>" + html_escape(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)) + \
- "</pre>"
+ elif request.path_info.startswith(
+ "/vnfpkgm/v1/vnf_packages/"
+ ) or request.path_info.startswith("/vnfpkgm/v1/vnf_packages_content/"):
+ body += html_vnfpackage_body.format(id=_id)
+ elif request.path_info.startswith(
+ "/nsd/v1/ns_descriptors/"
+ ) or request.path_info.startswith("/nsd/v1/ns_descriptors_content/"):
+ body += html_nspackage_body.format(id=_id)
+ body += (
+ "<pre>"
+ + html_escape(
+ yaml.safe_dump(
+ data, explicit_start=True, indent=4, default_flow_style=False
+ )
+ )
+ + "</pre>"
+ )
elif data is None:
if request.method == "DELETE" or "METHOD=DELETE" in request.query_string:
body += "<pre> deleted </pre>"