From cc0bd13f424db77d612bfcfc9c0e959956dbb89d Mon Sep 17 00:00:00 2001
From: Ilya Etingof <etingof@gmail.com>
Date: Thu, 29 Nov 2018 11:34:52 +0100
Subject: [PATCH] Escape JSON rendered in templates

Dynamic Redfish emulator uses Jinja templates to render JSON
documents out of the values it gathers fromm the backend
hypervisor. Sometimes these hypervisor-supplied values can contain
literals that are special to JSON serialization. Unless escaped
properly, such conflicting literals will surely ruin the entire
JSON document.

This change elicits Jinja and Flask template filters that
circumvent this problem.

Change-Id: Ie3f2e1b68ab93a701adf666bdca9cf3d227c0c57
---
 sushy_tools/emulator/templates/bios.json      |  8 +++---
 .../emulator/templates/bios_settings.json     |  2 +-
 sushy_tools/emulator/templates/error.json     |  2 +-
 .../templates/ethernet_interface.json         | 10 +++----
 .../ethernet_interfaces_collection.json       |  4 +--
 sushy_tools/emulator/templates/system.json    | 28 +++++++++----------
 .../emulator/templates/system_collection.json |  2 +-
 7 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/sushy_tools/emulator/templates/bios.json b/sushy_tools/emulator/templates/bios.json
index 561454b7..7be17faf 100644
--- a/sushy_tools/emulator/templates/bios.json
+++ b/sushy_tools/emulator/templates/bios.json
@@ -7,17 +7,17 @@
     "@Redfish.Settings": {
         "@odata.type": "#Settings.v1_0_0.Settings",
         "SettingsObject": {
-            "@odata.id": "/redfish/v1/Systems/{{ identity }}/BIOS/Settings"
+            "@odata.id": {{ "/redfish/v1/Systems/%s/BIOS/Settings"|format(identity)|tojson }}
         }
     },
     "Actions": {
         "#Bios.ResetBios": {
-            "target": "/redfish/v1/Systems/{{ identity }}/BIOS/Actions/Bios.ResetBios"
+            "target": {{ "/redfish/v1/Systems/%s/BIOS/Actions/Bios.ResetBios"|format(identity)|tojson }}
         },
         "#Bios.ChangePassword": {
-            "target": "/redfish/v1/Systems/{{ identity }}/BIOS/Actions/Bios.ChangePassword"
+            "target": {{ "/redfish/v1/Systems/%s/BIOS/Actions/Bios.ChangePassword"|format(identity)|tojson }}
         }
     },
     "@odata.context": "/redfish/v1/$metadata#Bios.Bios",
-    "@odata.id": "/redfish/v1/Systems/{{ identity }}/BIOS"
+    "@odata.id": {{ "/redfish/v1/Systems/%s/BIOS"|format(identity)|tojson }}
 }
diff --git a/sushy_tools/emulator/templates/bios_settings.json b/sushy_tools/emulator/templates/bios_settings.json
index e9a21042..3fb26bef 100644
--- a/sushy_tools/emulator/templates/bios_settings.json
+++ b/sushy_tools/emulator/templates/bios_settings.json
@@ -5,6 +5,6 @@
     "AttributeRegistry": "BiosAttributeRegistryP89.v1_0_0",
     "Attributes": {{ bios_pending_attributes }},
     "@odata.context": "/redfish/v1/$metadata#Bios.Bios",
-    "@odata.id": "/redfish/v1/Systems/{{ identity }}/BIOS/Settings",
+    "@odata.id": {{ "/redfish/v1/Systems/%s/BIOS/Settings"|format(identity)|tojson }},
     "@Redfish.Copyright": "Copyright 2014-2016 Distributed Management Task Force, Inc. (DMTF). For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright."
 }
diff --git a/sushy_tools/emulator/templates/error.json b/sushy_tools/emulator/templates/error.json
index 0e933026..2eae6c0c 100644
--- a/sushy_tools/emulator/templates/error.json
+++ b/sushy_tools/emulator/templates/error.json
@@ -1,7 +1,7 @@
 {
   "error": {
     "code": "Base.1.0.GeneralError",
-    "message": "{{ message }}",
+    "message": {{ message|string|tojson }},
     "@Message.ExtendedInfo": [
       {
         "@odata.type": "/redfish/v1/$metadata#Message.1.0.0.Message",
diff --git a/sushy_tools/emulator/templates/ethernet_interface.json b/sushy_tools/emulator/templates/ethernet_interface.json
index 5e8156c1..a3649c1b 100644
--- a/sushy_tools/emulator/templates/ethernet_interface.json
+++ b/sushy_tools/emulator/templates/ethernet_interface.json
@@ -1,9 +1,9 @@
 {
     "@odata.type": "#EthernetInterface.v1_0_2.EthernetInterface",
-    "Id": "{{ nic['id'] }}",
-    "Name": "VNIC {{ nic['id'] }}",
-    "PermanentMACAddress": "{{ nic['mac'] }}",
-    "MACAddress": "{{ nic['mac'] }}",
+    "Id": {{ nic['id']|string|tojson }},
+    "Name": {{ "VNIC %s"|format(nic['id'])|tojson }},
+    "PermanentMACAddress": {{ nic['mac']|string|tojson }},
+    "MACAddress": {{ nic['mac']|string|tojson }},
     "@odata.context": "/redfish/v1/$metadata#EthernetInterface.EthernetInterface",
-    "@odata.id": "/redfish/v1/Systems/{{ identity }}/EthernetInterfaces/{{ nic['id'] }}"
+    "@odata.id": {{ "/redfish/v1/Systems/%s/EthernetInterfaces/%s"|format(identity, nic['id'])|tojson }}
 }
diff --git a/sushy_tools/emulator/templates/ethernet_interfaces_collection.json b/sushy_tools/emulator/templates/ethernet_interfaces_collection.json
index 0f0df6cf..bc3ba52c 100644
--- a/sushy_tools/emulator/templates/ethernet_interfaces_collection.json
+++ b/sushy_tools/emulator/templates/ethernet_interfaces_collection.json
@@ -6,12 +6,12 @@
     "Members": [
         {% for nic in nics %}
                 {
-                    "@odata.id": "/redfish/v1/Systems/{{ identity }}/EthernetInterfaces/{{ nic.id }}"
+                    "@odata.id": {{ "/redfish/v1/Systems/%s/EthernetInterfaces/%s"|format(identity, nic.id)|tojson }}
                 }{% if not loop.last %},{% endif %}
         {% endfor %}
     ],
     "Oem": {},
     "@odata.context": "/redfish/v1/$metadata#EthernetInterfaceCollection.EthernetInterfaceCollection",
-    "@odata.id": "/redfish/v1/Systems/{{ identity }}/EthernetInterfaces"
+    "@odata.id": {{ "/redfish/v1/Systems/%s/EthernetInterfaces"|format(identity)|tojson }}
 }
 
diff --git a/sushy_tools/emulator/templates/system.json b/sushy_tools/emulator/templates/system.json
index b33589ad..8b2bc516 100644
--- a/sushy_tools/emulator/templates/system.json
+++ b/sushy_tools/emulator/templates/system.json
@@ -1,20 +1,20 @@
 {
     "@odata.type": "#ComputerSystem.v1_1_0.ComputerSystem",
-    "Id": "{{ identity }}",
-    "Name": "{{ identity }}",
-    "UUID": "{{ uuid }}",
+    "Id": {{ identity|string|tojson }},
+    "Name": {{ identity|string|tojson }},
+    "UUID": {{ uuid|string|tojson }},
     "Status": {
         "State": "Enabled",
         "Health": "OK",
         "HealthRollUp": "OK"
     },
     {%- if power_state %}
-    "PowerState": "{{ power_state }}",
+    "PowerState": {{ power_state|string|tojson }},
     {%- endif %}
     "Boot": {
         {%- if boot_source_target %}
         "BootSourceOverrideEnabled": "Continuous",
-        "BootSourceOverrideTarget": "{{ boot_source_target }}",
+        "BootSourceOverrideTarget": {{ boot_source_target|string|tojson }},
         "BootSourceOverrideTarget@Redfish.AllowableValues": [
             "Pxe",
             "Cd",
@@ -22,10 +22,10 @@
         {%- if boot_source_mode %}
         ],
         {%- if 'uefi' in boot_source_mode.lower() %}
-        "BootSourceOverrideMode": "{{ boot_source_mode }}",
+        "BootSourceOverrideMode": {{ boot_source_mode|string|tojson }},
         "UefiTargetBootSourceOverride": "/0x31/0x33/0x01/0x01"
         {%- else %}
-        "BootSourceOverrideMode": "{{ boot_source_mode }}"
+        "BootSourceOverrideMode": {{ boot_source_mode|string|tojson }}
         {%- endif %}
         {%- else %}
         ]
@@ -55,19 +55,19 @@
         }
     },
     "Bios": {
-        "@odata.id": "/redfish/v1/Systems/{{ identity }}/BIOS"
+        "@odata.id": {{ "/redfish/v1/Systems/%s/BIOS"|format(identity)|tojson }}
     },
     "Processors": {
-        "@odata.id": "/redfish/v1/Systems/{{ identity }}/Processors"
+        "@odata.id": {{ "/redfish/v1/Systems/%s/Processors"|format(identity)|tojson }}
     },
     "Memory": {
-        "@odata.id": "/redfish/v1/Systems/{{ identity }}/Memory"
+        "@odata.id": {{ "/redfish/v1/Systems/%s/Memory"|format(identity)|tojson }}
     },
     "EthernetInterfaces": {
-        "@odata.id": "/redfish/v1/Systems/{{ identity }}/EthernetInterfaces"
+        "@odata.id": {{ "/redfish/v1/Systems/%s/EthernetInterfaces"|format(identity)|tojson }}
     },
     "SimpleStorage": {
-        "@odata.id": "/redfish/v1/Systems/{{ identity }}/SimpleStorage"
+        "@odata.id": {{ "/redfish/v1/Systems/%s/SimpleStorage"|format(identity)|tojson }}
     },
     "Links": {
         "Chassis": [
@@ -77,7 +77,7 @@
     },
     "Actions": {
         "#ComputerSystem.Reset": {
-            "target": "/redfish/v1/Systems/{{ identity }}/Actions/ComputerSystem.Reset",
+            "target": {{ "/redfish/v1/Systems/%s/Actions/ComputerSystem.Reset"|format(identity)|tojson }},
             "ResetType@Redfish.AllowableValues": [
                 "On",
                 "ForceOff",
@@ -90,6 +90,6 @@
         }
     },
     "@odata.context": "/redfish/v1/$metadata#ComputerSystem.ComputerSystem",
-    "@odata.id": "/redfish/v1/Systems/{{ identity }}",
+    "@odata.id": {{ "/redfish/v1/Systems/%s"|format(identity)|tojson }},
     "@Redfish.Copyright": "Copyright 2014-2016 Distributed Management Task Force, Inc. (DMTF). For the full DMTF copyright policy, see http://www.dmtf.org/about/policies/copyright."
 }
diff --git a/sushy_tools/emulator/templates/system_collection.json b/sushy_tools/emulator/templates/system_collection.json
index bcfb1cb1..549483de 100644
--- a/sushy_tools/emulator/templates/system_collection.json
+++ b/sushy_tools/emulator/templates/system_collection.json
@@ -5,7 +5,7 @@
     "Members": [
         {% for system in systems %}
             {
-                "@odata.id": "/redfish/v1/Systems/{{ system }}"
+                "@odata.id": {{ "/redfish/v1/Systems/%s"|format(system)|tojson }}
             }{% if not loop.last %},{% endif %}
         {% endfor %}
     ],