From d23641a8e553eb9f587d33243a5b49809ed8a33d Mon Sep 17 00:00:00 2001 From: Thomas Bachman Date: Thu, 23 May 2024 12:13:06 +0000 Subject: [PATCH] Address static analysis issues This patch is meant to address issues found by running the bandit static analysis tool. Some of the issues are valid vulnerabilities, while others are false positives. For false positives, the 'nosec' keyword has been added to allow bandit checks to pass. Change-Id: Iaa3375f5031e7b86f3d0d54c27cf8f8fc30c90a4 (cherry picked from commit c386d4167c81efcc2879030612abbd55c6c9c072) (cherry picked from commit 1abd42d30a70d6d6d22cdbf745e8d580cdd44019) --- gbpui/column_filters.py | 68 +++++++++++------------- gbpui/fields.py | 10 ++-- gbpui/panels/application_policy/forms.py | 4 +- gbpui/panels/policytargets/forms.py | 16 ++++-- gbpui/panels/policytargets/views.py | 8 ++- gbpui/panels/policytargets/workflows.py | 3 +- tools/install_venv_common.py | 4 +- 7 files changed, 62 insertions(+), 51 deletions(-) diff --git a/gbpui/column_filters.py b/gbpui/column_filters.py index 8318f9e..b7c526a 100644 --- a/gbpui/column_filters.py +++ b/gbpui/column_filters.py @@ -14,6 +14,8 @@ import os from django.conf import settings from django.urls import reverse +from django.utils.html import format_html +from django.utils.html import format_html_join from django.utils.safestring import mark_safe from gbpui import client @@ -29,12 +31,12 @@ def update_pruleset_attributes(request, prset): rules = prset.policy_rules url = "horizon:project:application_policy:policyruledetails" value = ["") value = "".join(value) setattr(prset, 'policy_rules', mark_safe(value)) @@ -47,10 +49,10 @@ def update_service_policy_attributes(policy): if len(np) > 0: tags = [] for item in np: - dl = ["
"] - dl.extend(["
%s
%s
" % - (k, v) for k, v in list(item.items())]) - dl.append("
") + dl = [mark_safe("
")] + dl.extend(format_html_join('', "
{}
{}
", + ((k, v) for k, v in list(item.items())))) + dl.append(mark_safe("
")) tags.append("".join(dl)) params = mark_safe("".join(tags)) setattr(policy, 'network_service_params', params) @@ -64,16 +66,15 @@ def update_policy_target_attributes(request, pt): provided = [client.policy_rule_set_get(request, item) for item in provided] consumed = [client.policy_rule_set_get(request, item) for item in consumed] p = ["") p = "".join(p) c = ["") c = "".join(c) consumed = [item.name for item in consumed] @@ -83,15 +84,14 @@ def update_policy_target_attributes(request, pt): if hasattr(pt, 'l2_policy_id') and pt.l2_policy_id is not None: policy = client.l2policy_get(request, pt.l2_policy_id) u = reverse(l2url, kwargs={'l2policy_id': policy.id}) - atag = mark_safe( - "" + policy.name + "") + atag = format_html("{}", u, policy.name) setattr(pt, 'l2_policy_id', atag) if hasattr(pt, 'external_segments'): exturl = "horizon:project:network_policy:external_connectivity_details" value = ["