X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fhtml_out.py;h=2d5a929965f50277da54ff4f5ef26a5814c672f5;hp=a8823bd0355980d15bdb3b7595770236472431e4;hb=4568a372eb5a204e04d917213de03ec51f9110c1;hpb=19ee3b009a324217eace4684af72f4344655592e diff --git a/osm_nbi/html_out.py b/osm_nbi/html_out.py index a8823bd..2d5a929 100644 --- a/osm_nbi/html_out.py +++ b/osm_nbi/html_out.py @@ -26,7 +26,8 @@ html_start = """ -Welcome to OSM + Welcome to OSM +
@@ -46,6 +47,9 @@ html_start = """ VIMs WIMs SDNs + K8s_clusters + K8s_repos + NS_Subs logout
@@ -69,6 +73,7 @@ html_auth2 = """ OSM Login +
@@ -127,6 +132,13 @@ html_nsilcmop_body = """ """ +html_vnfpackage_body = ( + """Artifacts """ +) +html_nspackage_body = ( + """Artifacts """ +) + def format(data, request, response, toke_info): """ @@ -136,19 +148,38 @@ def format(data, request, response, toke_info): :param response: cherrypy response :return: string with teh html response """ - response.headers["Content-Type"] = 'text/html' + response.headers["Content-Type"] = "text/html" if response.status == HTTPStatus.UNAUTHORIZED.value: - if response.headers.get("WWW-Authenticate") and request.config.get("auth.allow_basic_authentication"): - response.headers["WWW-Authenticate"] = "Basic" + response.headers["WWW-Authenticate"][6:] + if response.headers.get("WWW-Authenticate") and request.config.get( + "auth.allow_basic_authentication" + ): + response.headers["WWW-Authenticate"] = ( + "Basic" + response.headers["WWW-Authenticate"][6:] + ) return else: return html_auth2.format(error=data) - body = html_body.format(item=request.path_info) + if request.path_info in ("/version", "/system"): + return ( + "
"
+            + yaml.safe_dump(
+                data, explicit_start=False, indent=4, default_flow_style=False
+            )
+            + "
" + ) + body = html_body.format(item=html_escape(request.path_info)) if response.status and response.status > 202: - body += html_body_error.format(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)) + # input request.path_info (URL) can contain XSS that are translated into output error detail + body += html_body_error.format( + html_escape( + yaml.safe_dump( + data, explicit_start=True, indent=4, default_flow_style=False + ) + ) + ) elif isinstance(data, (list, tuple)): if request.path_info == "/vnfpkgm/v1/vnf_packages": - body += html_upload_body.format(request.path_info, "VNFD") + body += html_upload_body.format(request.path_info + "_content", "VNFD") elif request.path_info == "/nsd/v1/ns_descriptors": body += html_upload_body.format(request.path_info + "_content", "NSD") elif request.path_info == "/nst/v1/nst_templates": @@ -158,24 +189,42 @@ def format(data, request, response, toke_info): data_id = k.pop("_id", None) elif isinstance(k, str): data_id = k - body += '

{id}: {t}

'.format(url=request.path_info, id=data_id, - t=html_escape(str(k))) + body += '

{id}: {t}

'.format( + url=request.path_info, id=data_id, t=html_escape(str(k)) + ) elif isinstance(data, dict): if "Location" in response.headers: body += ' show '.format(response.headers["Location"]) else: - body += ' '\ - .format(request.path_info) - if request.path_info.startswith("/nslcm/v1/ns_instances_content/") or \ - request.path_info.startswith("/nslcm/v1/ns_instances/"): - _id = request.path_info[request.path_info.rfind("/")+1:] + _id = request.path_info[request.path_info.rfind("/") + 1 :] + body += ' '.format( + request.path_info + ) + if request.path_info.startswith( + "/nslcm/v1/ns_instances_content/" + ) or request.path_info.startswith("/nslcm/v1/ns_instances/"): body += html_nslcmop_body.format(id=_id) - elif request.path_info.startswith("/nsilcm/v1/netslice_instances_content/") or \ - request.path_info.startswith("/nsilcm/v1/netslice_instances/"): - _id = request.path_info[request.path_info.rfind("/")+1:] + elif request.path_info.startswith( + "/nsilcm/v1/netslice_instances_content/" + ) or request.path_info.startswith("/nsilcm/v1/netslice_instances/"): body += html_nsilcmop_body.format(id=_id) - body += "
" + html_escape(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)) + \
-                "
" + elif request.path_info.startswith( + "/vnfpkgm/v1/vnf_packages/" + ) or request.path_info.startswith("/vnfpkgm/v1/vnf_packages_content/"): + body += html_vnfpackage_body.format(id=_id) + elif request.path_info.startswith( + "/nsd/v1/ns_descriptors/" + ) or request.path_info.startswith("/nsd/v1/ns_descriptors_content/"): + body += html_nspackage_body.format(id=_id) + body += ( + "
"
+            + html_escape(
+                yaml.safe_dump(
+                    data, explicit_start=True, indent=4, default_flow_style=False
+                )
+            )
+            + "
" + ) elif data is None: if request.method == "DELETE" or "METHOD=DELETE" in request.query_string: body += "
 deleted 
"