From: Lovett, Trevor Date: Fri, 19 Jul 2019 14:32:39 +0000 (-0500) Subject: [VVP] Properly escape error messages in HTML output X-Git-Tag: 5.0.0~15 X-Git-Url: https://gerrit.onap.org/r/gitweb?p=vvp%2Fvalidation-scripts.git;a=commitdiff_plain;h=ddba4856fc7e3d844e9e763d44ce97207a1f23bd [VVP] Properly escape error messages in HTML output Issue-ID: VVP-159 Change-Id: I741e5abbc80fbcbbb5d7c0332e13217305532bfd Signed-off-by: Lovett, Trevor --- diff --git a/ice_validator/tests/conftest.py b/ice_validator/tests/conftest.py index b09a8aa..e3c21e6 100644 --- a/ice_validator/tests/conftest.py +++ b/ice_validator/tests/conftest.py @@ -43,6 +43,10 @@ import json import os import re import time +try: + from html import escape +except ImportError: + from cgi import escape from collections import defaultdict import traceback @@ -745,8 +749,9 @@ def generate_html_report(outpath, categories, template_path, failures): { "file_links": make_href(failure.files, template_path), "test_id": failure.test_id, - "error_message": failure.error_message.replace("\n", "

"), - "raw_output": failure.raw_output, + "error_message": escape(failure.error_message).replace("\n", + "

"), + "raw_output": escape(failure.raw_output), "requirements": docutils.core.publish_parts( writer_name="html", source=failure.requirement_text(reqs) )["body"], diff --git a/ice_validator/tests/test_non_server_name.py b/ice_validator/tests/test_non_server_name.py index 7264ad0..7139c9b 100644 --- a/ice_validator/tests/test_non_server_name.py +++ b/ice_validator/tests/test_non_server_name.py @@ -167,4 +167,4 @@ def test_non_server_name_unique(heat_template): assert not bad, "Names must be unique," " not shared across resource ids.%s%s" % ( delim, delim.join("%s: %s" % (name, list(value)) for name, value in bad.items()), - ) \ No newline at end of file + )