From a711dafc841044ef4be974f80773617f00c32b4b Mon Sep 17 00:00:00 2001
From: saravankumarpa <saravanpa@gmail.com>
Date: Thu, 3 Oct 2019 11:11:03 -0700
Subject: [PATCH 1/2] added token request for postman collection

---
 .../pdf-create.postman_collection.json        | 53 ++++++++++++++++++-
 1 file changed, 51 insertions(+), 2 deletions(-)

diff --git a/report-api/tests/postman/pdf-create.postman_collection.json b/report-api/tests/postman/pdf-create.postman_collection.json
index 5f22c61a1..927480e5e 100644
--- a/report-api/tests/postman/pdf-create.postman_collection.json
+++ b/report-api/tests/postman/pdf-create.postman_collection.json
@@ -41,13 +41,62 @@
 			"response": []
 		}
 	],
+	"auth": {
+		"type": "oauth2",
+		"oauth2": [
+			{
+				"key": "accessToken",
+				"value": "{{accessToken}}",
+				"type": "string"
+			},
+			{
+				"key": "addTokenTo",
+				"value": "header",
+				"type": "string"
+			}
+		]
+	},
 	"event": [
 		{
 			"listen": "prerequest",
 			"script": {
-				"id": "9ec28d1b-bef9-4f79-a975-5c966a283b99",
+				"id": "dca1bb4a-f917-43e2-ae5d-3cd3c52d1daf",
 				"type": "text/javascript",
 				"exec": [
+					"function getvar(variableName) {",
+					"    let value = pm.variables.get(variableName);",
+					"    if (!value) throw new Error(",
+					"        `Variable '${variableName}' is not defined.`);",
+					"    return value;",
+					"}",
+					"",
+					"let tokenUrl = getvar('tokenUrl');",
+					"let userName = getvar('userName');",
+					"let passCode = getvar('passCode');",
+					"",
+					"let getTokenRequest = {",
+					"    method: 'POST',",
+					"    url: tokenUrl,",
+					"    header: {",
+					"        'content-type': 'application/json'",
+					"    },",
+					" ",
+					"    body: {",
+					"        mode: 'raw',",
+					"        raw: JSON.stringify({ \"username\": userName, \"password\": passCode })",
+					"    }",
+					"    ",
+					"};",
+					"",
+					"pm.sendRequest(getTokenRequest, (err, response) => {",
+					"    let jsonResponse = response.json(),",
+					"        newAccessToken = jsonResponse.access_token;",
+					"",
+					"    console.log({ err, jsonResponse, newAccessToken })",
+					"",
+					"    pm.environment.set('accessToken', newAccessToken);",
+					"    pm.variables.set('accessToken', newAccessToken);",
+					"});",
 					""
 				]
 			}
@@ -55,7 +104,7 @@
 		{
 			"listen": "test",
 			"script": {
-				"id": "64c84eb3-d8c1-4963-9ee0-f8c88fc33e6b",
+				"id": "c078047b-a96e-41ad-8b31-a89c2528dd8e",
 				"type": "text/javascript",
 				"exec": [
 					""

From ec9c4f0469dd0e02ed54d2b103c201ce99df2980 Mon Sep 17 00:00:00 2001
From: saravankumarpa <saravanpa@gmail.com>
Date: Thu, 3 Oct 2019 12:11:27 -0700
Subject: [PATCH 2/2] bandit not respecting the variable.so hardcoding Tue

---
 report-api/src/api/services/report_service.py | 4 ++--
 report-api/src/api/utils/constants.py         | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/report-api/src/api/services/report_service.py b/report-api/src/api/services/report_service.py
index e57ef33de..0592e6462 100644
--- a/report-api/src/api/services/report_service.py
+++ b/report-api/src/api/services/report_service.py
@@ -25,7 +25,7 @@
 from api.utils.util import TEMPLATE_FOLDER_PATH
 
 
-ENV = Environment(loader=FileSystemLoader('.'), autoescape=JINJA_AUTO_ESCAPE)
+ENV = Environment(loader=FileSystemLoader('.'), autoescape=True)
 
 
 class ReportService:
@@ -46,7 +46,7 @@ def create_report_from_template(cls, template_string: str, template_args: object
                                     generate_page_number: bool = False):
         """Create a report from a json template."""
         template_decoded = base64.b64decode(template_string).decode('utf-8')
-        template_ = Template(template_decoded, autoescape=JINJA_AUTO_ESCAPE)
+        template_ = Template(template_decoded, autoescape=True)
         html_out = template_.render(template_args)
         return ReportService.generate_pdf(html_out, generate_page_number)
 
diff --git a/report-api/src/api/utils/constants.py b/report-api/src/api/utils/constants.py
index d6f1a393a..ec4aac5ca 100644
--- a/report-api/src/api/utils/constants.py
+++ b/report-api/src/api/utils/constants.py
@@ -13,4 +13,3 @@
 # limitations under the License.
 """Constants."""
 
-JINJA_AUTO_ESCAPE = True