+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
"""
Contains html text in variables to make and html response
"""
import yaml
from http import HTTPStatus
+from html import escape as html_escape
__author__ = "Alfonso Tierno <alfonso.tiernosepulveda@telefonica.com>"
<html>
<head>
<link href="/osm/static/style.css" rel="stylesheet">
-<title>Welcome to OSM</title>
+ <title>Welcome to OSM</title>
+ <link rel="shortcut icon" href="/osm/static/favicon.ico">
</head>
<body>
<div id="osm_topmenu">
<a href="https://osm.etsi.org"> <img src="/osm/static/OSM-logo.png" height="42" width="100"
style="vertical-align:middle"> </a>
<a>( {} )</a>
- <a href="/osm/vnfpkgm/v1/vnf_packages_content">VNFDs </a>
- <a href="/osm/nsd/v1/ns_descriptors_content">NSDs </a>
- <a href="/osm/nslcm/v1/ns_instances_content">NSs </a>
+ <a href="/osm/pdu/v1/pdu_descriptors">PDUs </a>
+ <a href="/osm/vnfpkgm/v1/vnf_packages">VNFDs </a>
+ <a href="/osm/nsd/v1/ns_descriptors">NSDs </a>
+ <a href="/osm/nslcm/v1/ns_instances">NSs </a>
+ <a href="/osm/nst/v1/netslice_templates">NSTDs </a>
+ <a href="/osm/nsilcm/v1/netslice_instances">NSIs </a>
<a href="/osm/admin/v1/users">USERs </a>
<a href="/osm/admin/v1/projects">PROJECTs </a>
<a href="/osm/admin/v1/tokens">TOKENs </a>
<a href="/osm/admin/v1/vim_accounts">VIMs </a>
+ <a href="/osm/admin/v1/wim_accounts">WIMs </a>
<a href="/osm/admin/v1/sdns">SDNs </a>
+ <a href="/osm/admin/v1/k8sclusters">K8s_clusters </a>
+ <a href="/osm/admin/v1/k8srepos">K8s_repos </a>
+ <a href="/osm/nslcm/v1/subscriptions">NS_Subs </a>
<a href="/osm/admin/v1/tokens?METHOD=DELETE">logout </a>
</div>
</div>
<head><META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link href="/osm/static/style.css" rel="stylesheet">
<title>OSM Login</title>
+ <link rel="shortcut icon" href="/osm/static/favicon.ico">
</head>
<body>
<div id="osm_header">
</form>
"""
+html_nsilcmop_body = """
+<a href="/osm/nsilcm/v1/nsi_lcm_op_occs?netsliceInstanceId={id}">nsilcm operations </a>
+<form action="/osm/nsilcm/v1/netslice_instances/{id}/terminate" method="post" enctype="multipart/form-data">
+ <h3> <table style="border: 0;"> <tr>
+ <td> <input type="submit" value="Terminate"/> </td>
+ </tr> </table> </h3>
+</form>
+"""
+
+html_vnfpackage_body = """<a href="/osm/vnfpkgm/v1/vnf_packages/{id}/artifacts">Artifacts </a>"""
+html_nspackage_body = """<a href="/osm/nsd/v1/ns_descriptors/{id}/artifacts">Artifacts </a>"""
+
-def format(data, request, response, session):
+def format(data, request, response, toke_info):
"""
Format a nice html response, depending on the data
:param data:
return
else:
return html_auth2.format(error=data)
- body = html_body.format(item=request.path_info)
+ if request.path_info in ("/version", "/system"):
+ return "<pre>" + yaml.safe_dump(data, explicit_start=False, indent=4, default_flow_style=False) + "</pre>"
+ body = html_body.format(item=html_escape(request.path_info))
if response.status and response.status > 202:
- body += html_body_error.format(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False))
+ # input request.path_info (URL) can contain XSS that are translated into output error detail
+ body += html_body_error.format(html_escape(
+ yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)))
elif isinstance(data, (list, tuple)):
- if request.path_info == "/vnfpkgm/v1/vnf_packages_content":
- body += html_upload_body.format(request.path_info, "VNFD")
- elif request.path_info == "/nsd/v1/ns_descriptors_content":
- body += html_upload_body.format(request.path_info, "NSD")
+ if request.path_info == "/vnfpkgm/v1/vnf_packages":
+ body += html_upload_body.format(request.path_info + "_content", "VNFD")
+ elif request.path_info == "/nsd/v1/ns_descriptors":
+ body += html_upload_body.format(request.path_info + "_content", "NSD")
+ elif request.path_info == "/nst/v1/nst_templates":
+ body += html_upload_body.format(request.path_info + "_content", "NSTD")
for k in data:
if isinstance(k, dict):
data_id = k.pop("_id", None)
elif isinstance(k, str):
data_id = k
- body += '<p> <a href="/osm/{url}/{id}">{id}</a>: {t} </p>'.format(url=request.path_info, id=data_id, t=k)
+ body += '<p> <a href="/osm/{url}/{id}">{id}</a>: {t} </p>'.format(url=request.path_info, id=data_id,
+ t=html_escape(str(k)))
elif isinstance(data, dict):
if "Location" in response.headers:
body += '<a href="{}"> show </a>'.format(response.headers["Location"])
else:
+ _id = request.path_info[request.path_info.rfind("/")+1:]
body += '<a href="/osm/{}?METHOD=DELETE"> <img src="/osm/static/delete.png" height="25" width="25"> </a>'\
.format(request.path_info)
if request.path_info.startswith("/nslcm/v1/ns_instances_content/") or \
request.path_info.startswith("/nslcm/v1/ns_instances/"):
- _id = request.path_info[request.path_info.rfind("/")+1:]
body += html_nslcmop_body.format(id=_id)
- body += "<pre>" + yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False) + "</pre>"
+ elif request.path_info.startswith("/nsilcm/v1/netslice_instances_content/") or \
+ request.path_info.startswith("/nsilcm/v1/netslice_instances/"):
+ body += html_nsilcmop_body.format(id=_id)
+ elif request.path_info.startswith("/vnfpkgm/v1/vnf_packages/") or \
+ request.path_info.startswith("/vnfpkgm/v1/vnf_packages_content/"):
+ body += html_vnfpackage_body.format(id=_id)
+ elif request.path_info.startswith("/nsd/v1/ns_descriptors/") or \
+ request.path_info.startswith("/nsd/v1/ns_descriptors_content/"):
+ body += html_nspackage_body.format(id=_id)
+ body += "<pre>" + html_escape(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)) + \
+ "</pre>"
elif data is None:
if request.method == "DELETE" or "METHOD=DELETE" in request.query_string:
body += "<pre> deleted </pre>"
else:
- body = str(data)
+ body = html_escape(str(data))
user_text = " "
- if session:
- if session.get("username"):
- user_text += "user: {}".format(session.get("username"))
- if session.get("project_id"):
- user_text += ", project: {}".format(session.get("project_id"))
+ if toke_info:
+ if toke_info.get("username"):
+ user_text += "user: {}".format(toke_info.get("username"))
+ if toke_info.get("project_id"):
+ user_text += ", project: {}".format(toke_info.get("project_name"))
return html_start.format(user_text) + body + html_end
# yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)
# tags=False,
projects / osm / NBI.git / blobdiff