Use Jinja2 sandbox environment
Jinja2 non-sandbox environment is unsafe as it gives
access to unsafe Python methods
Change-Id: If8a96bb92f64c4226a3d02e3cf6e0dcb0e9156fd
Closes-Bug: #1680112
(cherry picked from commit fc12891256
)
This commit is contained in:
parent
53d3aed4ed
commit
b09982a5b4
|
@ -16,6 +16,7 @@ import re
|
|||
|
||||
import jinja2
|
||||
from jinja2 import parser as jinja_parse
|
||||
from jinja2.sandbox import SandboxedEnvironment
|
||||
from oslo_log import log as logging
|
||||
import six
|
||||
|
||||
|
@ -29,7 +30,7 @@ LOG = logging.getLogger(__name__)
|
|||
JINJA_REGEXP = '({{(.*)}})'
|
||||
JINJA_BLOCK_REGEXP = '({%(.*)%})'
|
||||
|
||||
_environment = jinja2.Environment(
|
||||
_environment = SandboxedEnvironment(
|
||||
undefined=jinja2.StrictUndefined,
|
||||
trim_blocks=True,
|
||||
lstrip_blocks=True
|
||||
|
|
Loading…
Reference in New Issue