From 26327c4d535e24aed394b639524c61877733bb38 Mon Sep 17 00:00:00 2001 From: tierno Date: Tue, 21 Jul 2020 12:01:02 +0000 Subject: [PATCH] fix 1185: XSS vulnerability in the URL Change-Id: I5c28e2992211529494072e867ee87f395e143589 Signed-off-by: tierno --- osm_nbi/html_out.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/osm_nbi/html_out.py b/osm_nbi/html_out.py index b344aff..316e15b 100644 --- a/osm_nbi/html_out.py +++ b/osm_nbi/html_out.py @@ -153,9 +153,11 @@ def format(data, request, response, toke_info): return html_auth2.format(error=data) if request.path_info in ("/version", "/system"): return "
" + yaml.safe_dump(data, explicit_start=False, indent=4, default_flow_style=False) + "
" - body = html_body.format(item=request.path_info) + body = html_body.format(item=html_escape(request.path_info)) if response.status and response.status > 202: - body += html_body_error.format(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)) + # input request.path_info (URL) can contain XSS that are translated into output error detail + body += html_body_error.format(html_escape( + yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False))) elif isinstance(data, (list, tuple)): if request.path_info == "/vnfpkgm/v1/vnf_packages": body += html_upload_body.format(request.path_info + "_content", "VNFD") -- 2.25.1