X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FNBI.git;a=blobdiff_plain;f=osm_nbi%2Fhtml_out.py;h=316e15b41489d833811a731bc4b5a84dc0b07ef5;hp=23ee97bfea4dbcceb35490ef784fea3cf35167b1;hb=341ac1bac7b115d64a50ec166aa5e6d186b39443;hpb=0f98af53b320c8244b58d0d8751e28e157949e8e diff --git a/osm_nbi/html_out.py b/osm_nbi/html_out.py index 23ee97b..316e15b 100644 --- a/osm_nbi/html_out.py +++ b/osm_nbi/html_out.py @@ -1,9 +1,23 @@ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. + """ Contains html text in variables to make and html response """ import yaml from http import HTTPStatus +from html import escape as html_escape __author__ = "Alfonso Tierno " @@ -12,19 +26,30 @@ html_start = """ -Welcome to OSM + Welcome to OSM +
- + ( {} ) - VNFDs - NSDs - NSs + PDUs + VNFDs + NSDs + NSs + NSTDs + NSIs USERs PROJECTs TOKENs + VIMs + WIMs + SDNs + K8s_clusters + K8s_repos + NS_Subs logout
@@ -36,19 +61,19 @@ html_body = """ html_end = """ - + """ html_body_error = "

Error
{}

" - html_auth2 = """ OSM Login +
@@ -88,8 +113,30 @@ html_upload_body = """ """ +html_nslcmop_body = """ +nslcm operations +VNFRS +
+

+ +

+
+""" + +html_nsilcmop_body = """ +nsilcm operations +
+

+ +

+
+""" -def format(data, request, response, session): +html_vnfpackage_body = """Artifacts """ +html_nspackage_body = """Artifacts """ + + +def format(data, request, response, toke_info): """ Format a nice html response, depending on the data :param data: @@ -104,40 +151,60 @@ def format(data, request, response, session): return else: return html_auth2.format(error=data) - body = html_body.format(item=request.path_info) + if request.path_info in ("/version", "/system"): + return "
" + yaml.safe_dump(data, explicit_start=False, indent=4, default_flow_style=False) + "
" + body = html_body.format(item=html_escape(request.path_info)) if response.status and response.status > 202: - body += html_body_error.format(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)) + # input request.path_info (URL) can contain XSS that are translated into output error detail + body += html_body_error.format(html_escape( + yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False))) elif isinstance(data, (list, tuple)): - if request.path_info == "/vnfpkgm/v1/vnf_packages_content": - body += html_upload_body.format(request.path_info, "VNFD") - elif request.path_info == "/nsd/v1/ns_descriptors_content": - body += html_upload_body.format(request.path_info, "NSD") + if request.path_info == "/vnfpkgm/v1/vnf_packages": + body += html_upload_body.format(request.path_info + "_content", "VNFD") + elif request.path_info == "/nsd/v1/ns_descriptors": + body += html_upload_body.format(request.path_info + "_content", "NSD") + elif request.path_info == "/nst/v1/nst_templates": + body += html_upload_body.format(request.path_info + "_content", "NSTD") for k in data: if isinstance(k, dict): data_id = k.pop("_id", None) elif isinstance(k, str): data_id = k - body += '

{id}: {t}

'.format(url=request.path_info, id=data_id, t=k) + body += '

{id}: {t}

'.format(url=request.path_info, id=data_id, + t=html_escape(str(k))) elif isinstance(data, dict): if "Location" in response.headers: body += ' show '.format(response.headers["Location"]) else: - body += ' '.format(request.path_info) - body += "
" + yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False) + "
" + _id = request.path_info[request.path_info.rfind("/")+1:] + body += ' '\ + .format(request.path_info) + if request.path_info.startswith("/nslcm/v1/ns_instances_content/") or \ + request.path_info.startswith("/nslcm/v1/ns_instances/"): + body += html_nslcmop_body.format(id=_id) + elif request.path_info.startswith("/nsilcm/v1/netslice_instances_content/") or \ + request.path_info.startswith("/nsilcm/v1/netslice_instances/"): + body += html_nsilcmop_body.format(id=_id) + elif request.path_info.startswith("/vnfpkgm/v1/vnf_packages/") or \ + request.path_info.startswith("/vnfpkgm/v1/vnf_packages_content/"): + body += html_vnfpackage_body.format(id=_id) + elif request.path_info.startswith("/nsd/v1/ns_descriptors/") or \ + request.path_info.startswith("/nsd/v1/ns_descriptors_content/"): + body += html_nspackage_body.format(id=_id) + body += "
" + html_escape(yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False)) + \
+                "
" elif data is None: if request.method == "DELETE" or "METHOD=DELETE" in request.query_string: body += "
 deleted 
" else: - body = str(data) + body = html_escape(str(data)) user_text = " " - if session: - if session.get("username"): - user_text += "user: {}".format(session.get("username")) - if session.get("project_id"): - user_text += ", project: {}".format(session.get("project_id")) + if toke_info: + if toke_info.get("username"): + user_text += "user: {}".format(toke_info.get("username")) + if toke_info.get("project_id"): + user_text += ", project: {}".format(toke_info.get("project_name")) return html_start.format(user_text) + body + html_end - #yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False) + # yaml.safe_dump(data, explicit_start=True, indent=4, default_flow_style=False) # tags=False, # encoding='utf-8', allow_unicode=True) - -