Merge pull request #108 from saravankumarpa/jinja

fixes for bandit reported vulnerability
bcgov · Oct 3, 2019 · 6c719f4 · 6c719f4
2 parents 8058fb7 + ec9c4f0
commit 6c719f4
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 5 deletions.
diff --git a/report-api/src/api/services/report_service.py b/report-api/src/api/services/report_service.py
@@ -25,7 +25,7 @@
 from api.utils.util import TEMPLATE_FOLDER_PATH
 
 
-ENV = Environment(loader=FileSystemLoader('.'), autoescape=JINJA_AUTO_ESCAPE)
+ENV = Environment(loader=FileSystemLoader('.'), autoescape=True)
 
 
 class ReportService:
@@ -46,7 +46,7 @@ def create_report_from_template(cls, template_string: str, template_args: object
                                     generate_page_number: bool = False):
         """Create a report from a json template."""
         template_decoded = base64.b64decode(template_string).decode('utf-8')
-        template_ = Template(template_decoded, autoescape=JINJA_AUTO_ESCAPE)
+        template_ = Template(template_decoded, autoescape=True)
         html_out = template_.render(template_args)
         return ReportService.generate_pdf(html_out, generate_page_number)
 

diff --git a/report-api/src/api/utils/constants.py b/report-api/src/api/utils/constants.py
@@ -13,4 +13,3 @@
 # limitations under the License.
 """Constants."""
 
-JINJA_AUTO_ESCAPE = True
diff --git a/report-api/tests/postman/pdf-create.postman_collection.json b/report-api/tests/postman/pdf-create.postman_collection.json
@@ -41,21 +41,70 @@
 			"response": []
 		}
 	],
+	"auth": {
+		"type": "oauth2",
+		"oauth2": [
+			{
+				"key": "accessToken",
+				"value": "{{accessToken}}",
+				"type": "string"
+			},
+			{
+				"key": "addTokenTo",
+				"value": "header",
+				"type": "string"
+			}
+		]
+	},
 	"event": [
 		{
 			"listen": "prerequest",
 			"script": {
-				"id": "9ec28d1b-bef9-4f79-a975-5c966a283b99",
+				"id": "dca1bb4a-f917-43e2-ae5d-3cd3c52d1daf",
 				"type": "text/javascript",
 				"exec": [
+					"function getvar(variableName) {",
+					"    let value = pm.variables.get(variableName);",
+					"    if (!value) throw new Error(",
+					"        `Variable '${variableName}' is not defined.`);",
+					"    return value;",
+					"}",
+					"",
+					"let tokenUrl = getvar('tokenUrl');",
+					"let userName = getvar('userName');",
+					"let passCode = getvar('passCode');",
+					"",
+					"let getTokenRequest = {",
+					"    method: 'POST',",
+					"    url: tokenUrl,",
+					"    header: {",
+					"        'content-type': 'application/json'",
+					"    },",
+					" ",
+					"    body: {",
+					"        mode: 'raw',",
+					"        raw: JSON.stringify({ \"username\": userName, \"password\": passCode })",
+					"    }",
+					"    ",
+					"};",
+					"",
+					"pm.sendRequest(getTokenRequest, (err, response) => {",
+					"    let jsonResponse = response.json(),",
+					"        newAccessToken = jsonResponse.access_token;",
+					"",
+					"    console.log({ err, jsonResponse, newAccessToken })",
+					"",
+					"    pm.environment.set('accessToken', newAccessToken);",
+					"    pm.variables.set('accessToken', newAccessToken);",
+					"});",
 					""
 				]
 			}
 		},
 		{
 			"listen": "test",
 			"script": {
-				"id": "64c84eb3-d8c1-4963-9ee0-f8c88fc33e6b",
+				"id": "c078047b-a96e-41ad-8b31-a89c2528dd8e",
 				"type": "text/javascript",
 				"exec": [
 					""
Original file line number	Diff line number	Diff line change
Expand Up		@@ -13,4 +13,3 @@
		# limitations under the License.
		"""Constants."""

		JINJA_AUTO_ESCAPE = True