X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fhtml_out.py;h=2d5a929965f50277da54ff4f5ef26a5814c672f5;hp=bfa13d49dae939c8c4e5f3697ed20ffe61b70d41;hb=4568a372eb5a204e04d917213de03ec51f9110c1;hpb=b24258aa9716c1e375fde230a817f7c9faaf6c2a diff --git a/osm_nbi/html_out.py b/osm_nbi/html_out.py index bfa13d4..2d5a929 100644 --- a/osm_nbi/html_out.py +++ b/osm_nbi/html_out.py @@ -1,9 +1,23 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + """ Contains html text in variables to make and html response """ import yaml from http import HTTPStatus +from html import escape as html_escape __author__ = "Alfonso Tierno " @@ -12,7 +26,8 @@ html_start = """ -Welcome to OSM + Welcome to OSM +
@@ -20,14 +35,21 @@ html_start = """ ( {} ) + PDUs VNFDs NSDs NSs + NSTDs + NSIs USERs PROJECTs TOKENs VIMs + WIMs SDNs + K8s_clusters + K8s_repos + NS_Subs logout
@@ -51,6 +73,7 @@ html_auth2 = """ OSM Login +
@@ -100,8 +123,24 @@ html_nslcmop_body = """ """ +html_nsilcmop_body = """ +nsilcm operations +
+

+ +

+
+""" + +html_vnfpackage_body = ( + """Artifacts """ +) +html_nspackage_body = ( + """Artifacts """ +) + -def format(data, request, response, session): +def format(data, request, response, toke_info): """ Format a nice html response, depending on the data :param data: @@ -109,49 +148,94 @@ def format(data, request, response, session): :param response: cherrypy response :return: string with teh html response """ - response.headers["Content-Type"] = 'text/html' + response.headers["Content-Type"] = "text/html" if response.status == HTTPStatus.UNAUTHORIZED.value: - if response.headers.get("WWW-Authenticate") and request.config.get("auth.allow_basic_authentication"): - response.headers["WWW-Authenticate"] = "Basic" + response.headers["WWW-Authenticate"][6:] + if response.headers.get("WWW-Authenticate") and request.config.get( + "auth.allow_basic_authentication" + ): + response.headers["WWW-Authenticate"] = ( + "Basic" + response.headers["WWW-Authenticate"][6:] + ) return else: return html_auth2.format(error=data) - body = html_body.format(item=request.path_info) + if request.path_info in ("/version", "/system"): + return ( + "
"
+            + yaml.safe_dump(
+                data, explicit_start=False, indent=4, default_flow_style=False
+            )
+            + "
" + ) + body = html_body.format(item=html_escape(request.path_info)) if response.status and response.status > 202: - body += html_body_error.format(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)) + # input request.path_info (URL) can contain XSS that are translated into output error detail + body += html_body_error.format( + html_escape( + yaml.safe_dump( + data, explicit_start=True, indent=4, default_flow_style=False + ) + ) + ) elif isinstance(data, (list, tuple)): if request.path_info == "/vnfpkgm/v1/vnf_packages": - body += html_upload_body.format(request.path_info, "VNFD") + body += html_upload_body.format(request.path_info + "_content", "VNFD") elif request.path_info == "/nsd/v1/ns_descriptors": body += html_upload_body.format(request.path_info + "_content", "NSD") + elif request.path_info == "/nst/v1/nst_templates": + body += html_upload_body.format(request.path_info + "_content", "NSTD") for k in data: if isinstance(k, dict): data_id = k.pop("_id", None) elif isinstance(k, str): data_id = k - body += '

{id}: {t}

'.format(url=request.path_info, id=data_id, t=k) + body += '

{id}: {t}

'.format( + url=request.path_info, id=data_id, t=html_escape(str(k)) + ) elif isinstance(data, dict): if "Location" in response.headers: body += ' show '.format(response.headers["Location"]) else: - body += ' '\ - .format(request.path_info) - if request.path_info.startswith("/nslcm/v1/ns_instances_content/") or \ - request.path_info.startswith("/nslcm/v1/ns_instances/"): - _id = request.path_info[request.path_info.rfind("/")+1:] + _id = request.path_info[request.path_info.rfind("/") + 1 :] + body += ' '.format( + request.path_info + ) + if request.path_info.startswith( + "/nslcm/v1/ns_instances_content/" + ) or request.path_info.startswith("/nslcm/v1/ns_instances/"): body += html_nslcmop_body.format(id=_id) - body += "
" + yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False) + "
" + elif request.path_info.startswith( + "/nsilcm/v1/netslice_instances_content/" + ) or request.path_info.startswith("/nsilcm/v1/netslice_instances/"): + body += html_nsilcmop_body.format(id=_id) + elif request.path_info.startswith( + "/vnfpkgm/v1/vnf_packages/" + ) or request.path_info.startswith("/vnfpkgm/v1/vnf_packages_content/"): + body += html_vnfpackage_body.format(id=_id) + elif request.path_info.startswith( + "/nsd/v1/ns_descriptors/" + ) or request.path_info.startswith("/nsd/v1/ns_descriptors_content/"): + body += html_nspackage_body.format(id=_id) + body += ( + "
"
+            + html_escape(
+                yaml.safe_dump(
+                    data, explicit_start=True, indent=4, default_flow_style=False
+                )
+            )
+            + "
" + ) elif data is None: if request.method == "DELETE" or "METHOD=DELETE" in request.query_string: body += "
 deleted 
" else: - body = str(data) + body = html_escape(str(data)) user_text = " " - if session: - if session.get("username"): - user_text += "user: {}".format(session.get("username")) - if session.get("project_id"): - user_text += ", project: {}".format(session.get("project_id")) + if toke_info: + if toke_info.get("username"): + user_text += "user: {}".format(toke_info.get("username")) + if toke_info.get("project_id"): + user_text += ", project: {}".format(toke_info.get("project_name")) return html_start.format(user_text) + body + html_end # yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False) # tags=False,