Use Jinja2 sandbox environment

Jinja2 non-sandbox environment is unsafe as it gives access to unsafe Python methods Change-Id: If8a96bb92f64c4226a3d02e3cf6e0dcb0e9156fd Closes-Bug: #1680112
2017-04-10 15:36:23 +02:00 · 2017-04-10 15:36:23 +02:00 · fc12891256
commit fc12891256
parent 7334a7602c
1 changed files with 2 additions and 1 deletions
--- a/mistral/expressions/jinja_expression.py
+++ b/mistral/expressions/jinja_expression.py
@ -16,6 +16,7 @@ import re

 import jinja2
 from jinja2 import parser as jinja_parse
+from jinja2.sandbox import SandboxedEnvironment
 from oslo_log import log as logging
 import six

@ -29,7 +30,7 @@ LOG = logging.getLogger(__name__)
 JINJA_REGEXP = '({{(.*)}})'
 JINJA_BLOCK_REGEXP = '({%(.*)%})'

-_environment = jinja2.Environment(
+_environment = SandboxedEnvironment(
    undefined=jinja2.StrictUndefined,
    trim_blocks=True,
    lstrip_blocks=True