Merge "Apply a tempate filter to output for openrc.sh"
This commit is contained in:
commit
e16497d20c
32
horizon/templatetags/shellfilter.py
Normal file
32
horizon/templatetags/shellfilter.py
Normal file
@ -0,0 +1,32 @@
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from django.template import base
|
||||
from django.template import defaultfilters
|
||||
from django.utils import safestring
|
||||
|
||||
register = base.Library()
|
||||
|
||||
|
||||
@register.filter(is_safe=True)
|
||||
@defaultfilters.stringfilter
|
||||
def shellfilter(value):
|
||||
"""Replace HTML chars for shell usage."""
|
||||
replacements = {'\\': '\\\\',
|
||||
'`': '\`',
|
||||
"'": "\\'",
|
||||
'"': '\\"'}
|
||||
for search, repl in replacements.items():
|
||||
value = value.replace(search, repl)
|
||||
return safestring.mark_safe(value)
|
@ -1,3 +1,4 @@
|
||||
{% load shellfilter %}
|
||||
#!/bin/bash
|
||||
|
||||
# With the addition of Keystone, to use an openstack cloud you should
|
||||
@ -12,11 +13,11 @@ export OS_AUTH_URL={{ auth_url }}
|
||||
# With the addition of Keystone we have standardized on the term **tenant**
|
||||
# as the entity that owns the resources.
|
||||
export OS_TENANT_ID={{ tenant_id }}
|
||||
export OS_TENANT_NAME="{{ tenant_name }}"
|
||||
export OS_TENANT_NAME="{{ tenant_name|shellfilter }}"
|
||||
|
||||
# In addition to the owning entity (tenant), openstack stores the entity
|
||||
# performing the action as the **user**.
|
||||
export OS_USERNAME={{ user.username }}
|
||||
export OS_USERNAME="{{ user.username|shellfilter }}"
|
||||
|
||||
# With Keystone you pass the keystone password.
|
||||
echo "Please enter your OpenStack Password: "
|
||||
|
71
openstack_dashboard/test/tests/templates.py
Normal file
71
openstack_dashboard/test/tests/templates.py
Normal file
@ -0,0 +1,71 @@
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
# Copyright (c) 2012 OpenStack, LLC.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from django import template
|
||||
from django.template import loader
|
||||
from openstack_dashboard.test import helpers as test
|
||||
|
||||
|
||||
class FakeUser(object):
|
||||
username = "cool user"
|
||||
|
||||
|
||||
class TemplateRenderTest(test.TestCase):
|
||||
""" Tests for templates render """
|
||||
|
||||
def test_openrc_html_escape(self):
|
||||
context = {
|
||||
"user": FakeUser(),
|
||||
"tenant_id": "some-cool-id",
|
||||
"auth_url": "http://tests.com",
|
||||
"tenant_name": "ENG Perf R&D"}
|
||||
out = loader.render_to_string(
|
||||
'project/access_and_security/api_access/openrc.sh.template',
|
||||
context,
|
||||
template.Context(context))
|
||||
|
||||
self.assertFalse("&" in out)
|
||||
self.assertTrue("ENG Perf R&D" in out)
|
||||
|
||||
def test_openrc_html_evil_shell_escape(self):
|
||||
context = {
|
||||
"user": FakeUser(),
|
||||
"tenant_id": "some-cool-id",
|
||||
"auth_url": "http://tests.com",
|
||||
"tenant_name": 'o"; sudo rm -rf /'}
|
||||
out = loader.render_to_string(
|
||||
'project/access_and_security/api_access/openrc.sh.template',
|
||||
context,
|
||||
template.Context(context))
|
||||
|
||||
self.assertFalse('o"' in out)
|
||||
self.assertTrue('\"' in out)
|
||||
|
||||
def test_openrc_html_evil_shell_backslash_escape(self):
|
||||
context = {
|
||||
"user": FakeUser(),
|
||||
"tenant_id": "some-cool-id",
|
||||
"auth_url": "http://tests.com",
|
||||
"tenant_name": 'o\"; sudo rm -rf /'}
|
||||
out = loader.render_to_string(
|
||||
'project/access_and_security/api_access/openrc.sh.template',
|
||||
context,
|
||||
template.Context(context))
|
||||
|
||||
self.assertFalse('o\"' in out)
|
||||
self.assertFalse('o"' in out)
|
||||
self.assertTrue('\\"' in out)
|
Loading…
Reference in New Issue
Block a user