Use Jinja2 sandbox environment

Jinja2 non-sandbox environment is unsafe as it gives
access to unsafe Python methods

Change-Id: If8a96bb92f64c4226a3d02e3cf6e0dcb0e9156fd
Closes-Bug: #1680112
(cherry picked from commit fc12891256)
This commit is contained in:
Xavier Hardy 2017-04-10 15:36:23 +02:00
parent 53d3aed4ed
commit b09982a5b4
1 changed files with 2 additions and 1 deletions

View File

@ -16,6 +16,7 @@ import re
import jinja2
from jinja2 import parser as jinja_parse
from jinja2.sandbox import SandboxedEnvironment
from oslo_log import log as logging
import six
@ -29,7 +30,7 @@ LOG = logging.getLogger(__name__)
JINJA_REGEXP = '({{(.*)}})'
JINJA_BLOCK_REGEXP = '({%(.*)%})'
_environment = jinja2.Environment(
_environment = SandboxedEnvironment(
undefined=jinja2.StrictUndefined,
trim_blocks=True,
lstrip_blocks=True