X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fhtml_out.py;h=2d5a929965f50277da54ff4f5ef26a5814c672f5;hp=b344aff8ff17ba6e1cf4500ef5434b75fd1b177d;hb=4568a372eb5a204e04d917213de03ec51f9110c1;hpb=8748af53c4e12a7034c9bc107c502c32c593aadf diff --git a/osm_nbi/html_out.py b/osm_nbi/html_out.py index b344aff..2d5a929 100644 --- a/osm_nbi/html_out.py +++ b/osm_nbi/html_out.py @@ -132,8 +132,12 @@ html_nsilcmop_body = """ """ -html_vnfpackage_body = """Artifacts """ -html_nspackage_body = """Artifacts """ +html_vnfpackage_body = ( + """Artifacts """ +) +html_nspackage_body = ( + """Artifacts """ +) def format(data, request, response, toke_info): @@ -144,18 +148,35 @@ def format(data, request, response, toke_info): :param response: cherrypy response :return: string with teh html response """ - response.headers["Content-Type"] = 'text/html' + response.headers["Content-Type"] = "text/html" if response.status == HTTPStatus.UNAUTHORIZED.value: - if response.headers.get("WWW-Authenticate") and request.config.get("auth.allow_basic_authentication"): - response.headers["WWW-Authenticate"] = "Basic" + response.headers["WWW-Authenticate"][6:] + if response.headers.get("WWW-Authenticate") and request.config.get( + "auth.allow_basic_authentication" + ): + response.headers["WWW-Authenticate"] = ( + "Basic" + response.headers["WWW-Authenticate"][6:] + ) return else: return html_auth2.format(error=data) if request.path_info in ("/version", "/system"): - return "
" + yaml.safe_dump(data, explicit_start=False, indent=4, default_flow_style=False) + "
" - body = html_body.format(item=request.path_info) + return ( + "
"
+            + yaml.safe_dump(
+                data, explicit_start=False, indent=4, default_flow_style=False
+            )
+            + "
" + ) + body = html_body.format(item=html_escape(request.path_info)) if response.status and response.status > 202: - body += html_body_error.format(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)) + # input request.path_info (URL) can contain XSS that are translated into output error detail + body += html_body_error.format( + html_escape( + yaml.safe_dump( + data, explicit_start=True, indent=4, default_flow_style=False + ) + ) + ) elif isinstance(data, (list, tuple)): if request.path_info == "/vnfpkgm/v1/vnf_packages": body += html_upload_body.format(request.path_info + "_content", "VNFD") @@ -168,29 +189,42 @@ def format(data, request, response, toke_info): data_id = k.pop("_id", None) elif isinstance(k, str): data_id = k - body += '

{id}: {t}

'.format(url=request.path_info, id=data_id, - t=html_escape(str(k))) + body += '

{id}: {t}

'.format( + url=request.path_info, id=data_id, t=html_escape(str(k)) + ) elif isinstance(data, dict): if "Location" in response.headers: body += ' show '.format(response.headers["Location"]) else: - _id = request.path_info[request.path_info.rfind("/")+1:] - body += ' '\ - .format(request.path_info) - if request.path_info.startswith("/nslcm/v1/ns_instances_content/") or \ - request.path_info.startswith("/nslcm/v1/ns_instances/"): + _id = request.path_info[request.path_info.rfind("/") + 1 :] + body += ' '.format( + request.path_info + ) + if request.path_info.startswith( + "/nslcm/v1/ns_instances_content/" + ) or request.path_info.startswith("/nslcm/v1/ns_instances/"): body += html_nslcmop_body.format(id=_id) - elif request.path_info.startswith("/nsilcm/v1/netslice_instances_content/") or \ - request.path_info.startswith("/nsilcm/v1/netslice_instances/"): + elif request.path_info.startswith( + "/nsilcm/v1/netslice_instances_content/" + ) or request.path_info.startswith("/nsilcm/v1/netslice_instances/"): body += html_nsilcmop_body.format(id=_id) - elif request.path_info.startswith("/vnfpkgm/v1/vnf_packages/") or \ - request.path_info.startswith("/vnfpkgm/v1/vnf_packages_content/"): + elif request.path_info.startswith( + "/vnfpkgm/v1/vnf_packages/" + ) or request.path_info.startswith("/vnfpkgm/v1/vnf_packages_content/"): body += html_vnfpackage_body.format(id=_id) - elif request.path_info.startswith("/nsd/v1/ns_descriptors/") or \ - request.path_info.startswith("/nsd/v1/ns_descriptors_content/"): + elif request.path_info.startswith( + "/nsd/v1/ns_descriptors/" + ) or request.path_info.startswith("/nsd/v1/ns_descriptors_content/"): body += html_nspackage_body.format(id=_id) - body += "
" + html_escape(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)) + \
-                "
" + body += ( + "
"
+            + html_escape(
+                yaml.safe_dump(
+                    data, explicit_start=True, indent=4, default_flow_style=False
+                )
+            )
+            + "
" + ) elif data is None: if request.method == "DELETE" or "METHOD=DELETE" in request.query_string: body += "
 deleted
"