[Openstack-security] [Bug 1663417] Re: Bandit issue B701:jinja2_autoescape_false
OpenStack Infra
1663417 at bugs.launchpad.net
Thu Apr 6 14:48:46 UTC 2017
** Changed in: trove
Status: New => In Progress
--
You received this bug notification because you are a member of OpenStack
Security, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1663417
Title:
Bandit issue B701:jinja2_autoescape_false
Status in OpenStack Security Advisory:
Won't Fix
Status in OpenStack DBaaS (Trove):
In Progress
Bug description:
After running bandit it found an issue of Severity and Confidence
High.
Test results:
>> Issue: [B701:jinja2_autoescape_false] By default, jinja2 sets autoescape to False. Consider using autoescape=True to mitigate XSS vulnerabilities.
Severity: High Confidence: High
Location: trove/common/utils.py:53
51
52 def build_jinja_environment():
53 env = jinja2.Environment(loader=jinja2.ChoiceLoader([
54 jinja2.FileSystemLoader(CONF.template_path),
55 jinja2.PackageLoader("trove", "templates")
56 ]))
57 # Add some basic operation not built-in.
simply adding the argument autoescape=True to the function call will
fix the issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ossa/+bug/1663417/+subscriptions
More information about the Openstack-security
mailing list