diff --git a/gbpui/panels/application_policy/forms.py b/gbpui/panels/application_policy/forms.py index 973380c..bd2754b 100644 --- a/gbpui/panels/application_policy/forms.py +++ b/gbpui/panels/application_policy/forms.py @@ -13,6 +13,7 @@ from django.core.urlresolvers import reverse from django import http from django.template.defaultfilters import filesizeformat # noqa +from django.utils import html from django.utils.translation import ugettext_lazy as _ from django.views.decorators.debug import sensitive_variables # noqa @@ -79,6 +80,10 @@ class UpdatePolicyRuleSetForm(BaseUpdateForm): def handle(self, request, context): try: policy_rule_set_id = self.initial['policy_rule_set_id'] + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.policy_rule_set_update(request, policy_rule_set_id, **context @@ -133,6 +138,10 @@ class AddPolicyActionForm(forms.SelfHandlingForm): try: if not context['action_value']: del context['action_value'] + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) action = client.policyaction_create(request, **context) messages.success(request, _('Policy Action successfully created.')) return action @@ -163,6 +172,10 @@ class UpdatePolicyActionForm(BaseUpdateForm): url = reverse('horizon:project:application_policy:index') try: policyaction_id = self.initial['policyaction_id'] + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.policyaction_update(request, policyaction_id, **context) messages.success(request, _('Policy Action successfully updated.')) return http.HttpResponseRedirect(url) @@ -203,6 +216,8 @@ class AddPolicyClassifierForm(forms.SelfHandlingForm): try: if not context.get('port_range'): context['port_range'] = None + if context.get('name'): + context['name'] = html.escape(context['name']) classifier = client.policyclassifier_create(request, **context) messages.success( request, _('Policy Classifier successfully created.')) @@ -242,6 +257,10 @@ class UpdatePolicyClassifierForm(BaseUpdateForm): policyclassifier_id = self.initial['policyclassifier_id'] if not context.get('port_range'): context['port_range'] = None + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.policyclassifier_update(self.request, policyclassifier_id, **context) messages.success( @@ -286,6 +305,10 @@ class UpdatePolicyRuleForm(BaseUpdateForm): url = reverse('horizon:project:application_policy:index') try: prid = self.initial['policyrule_id'] + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.policyrule_update(request, prid, **context) messages.success(request, _('Policy rule successfully updated.')) return http.HttpResponseRedirect(url) diff --git a/gbpui/panels/application_policy/workflows.py b/gbpui/panels/application_policy/workflows.py index 47dd90f..b9a3339 100644 --- a/gbpui/panels/application_policy/workflows.py +++ b/gbpui/panels/application_policy/workflows.py @@ -11,6 +11,7 @@ # under the License. from django.core.urlresolvers import reverse +from django.utils import html from django.utils.translation import ugettext_lazy as _ from horizon import exceptions @@ -111,6 +112,10 @@ class AddContract(workflows.Workflow): def _create_policy_rule_set(self, request, context): try: + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) return client.policy_rule_set_create(request, **context) except Exception as e: msg = self.format_status_message(self.failure_message) + str(e) @@ -118,6 +123,10 @@ class AddContract(workflows.Workflow): return False def handle(self, request, context): + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) policy_rule_set = self._create_policy_rule_set(request, context) self.object = policy_rule_set return policy_rule_set @@ -251,6 +260,10 @@ class AddPolicyRule(workflows.Workflow): def handle(self, request, context): try: + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) rule = client.policyrule_create(request, **context) self.object = rule return rule @@ -311,6 +324,10 @@ class AddPolicyClassifier(workflows.Workflow): def _create_classifer(self, request, context): try: + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.policyclassifier_create(request, **context) return True except Exception as e: @@ -319,6 +336,10 @@ class AddPolicyClassifier(workflows.Workflow): return False def handle(self, request, context): + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) classifier = self._create_classifer(request, context) if not classifier: return False diff --git a/gbpui/panels/network_policy/forms.py b/gbpui/panels/network_policy/forms.py index 5d28f75..a679a87 100644 --- a/gbpui/panels/network_policy/forms.py +++ b/gbpui/panels/network_policy/forms.py @@ -15,6 +15,7 @@ import logging from django.core.urlresolvers import reverse from django import http from django import shortcuts +from django.utils import html from django.utils.translation import ugettext_lazy as _ from horizon import exceptions @@ -80,6 +81,10 @@ class AddL3PolicyForm(forms.SelfHandlingForm): def handle(self, request, context): url = reverse("horizon:project:network_policy:index") try: + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.l3policy_create(request, **context) msg = _("L3 Policy Created Successfully!") LOG.debug(msg) @@ -122,6 +127,10 @@ class UpdateL3PolicyForm(AddL3PolicyForm): url = reverse("horizon:project:network_policy:index") try: l3policy_id = self.initial['l3policy_id'] + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.l3policy_update(request, l3policy_id, **context) msg = _("L3 Policy Updated Successfully!") LOG.debug(msg) @@ -155,6 +164,10 @@ class AddL2PolicyForm(forms.SelfHandlingForm): url = reverse("horizon:project:network_policy:index") try: del context['allow_broadcast'] + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.l2policy_create(request, **context) msg = _("L2 Policy Created Successfully!") LOG.debug(msg) @@ -195,6 +208,10 @@ class UpdateL2PolicyForm(forms.SelfHandlingForm): l2policy_id = self.initial['l2policy_id'] try: del context['allow_broadcast'] + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.l2policy_update(request, l2policy_id, **context) msg = _("L2 Policy Updated Successfully!") LOG.debug(msg) @@ -228,6 +245,10 @@ class CreateServicePolicyForm(forms.SelfHandlingForm): 'value': values[2]} p.append(values) context['network_service_params'] = p + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.create_networkservice_policy(request, **context) msg = _("Service policy created successfully!") LOG.debug(msg) @@ -242,8 +263,8 @@ class NetworkServiceParam(object): def __init__(self, context): self.ptype = context['param_type'] - self.pname = context['param_name'] - self.pvalue = context['param_value'] + self.pname = html.escape(context['param_name']) + self.pvalue = html.escape(context['param_value']) self.name = "Type:%s,Name:%s,Value:%s" % ( self.ptype, self.pname, self.pvalue) self.id = self.name @@ -288,6 +309,10 @@ class UpdateServicePolicyForm(BaseUpdateForm): url = reverse("horizon:project:network_policy:index") try: policy_id = self.initial['service_policy_id'] + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.update_networkservice_policy( request, policy_id, **context) msg = _("Service policy updatedsuccessfully!") diff --git a/gbpui/panels/network_services/forms.py b/gbpui/panels/network_services/forms.py index 6b2dcf5..c401d8c 100644 --- a/gbpui/panels/network_services/forms.py +++ b/gbpui/panels/network_services/forms.py @@ -14,6 +14,7 @@ import json import logging from django.core.urlresolvers import reverse +from django.utils import html from django.utils.translation import ugettext_lazy as _ from django import http @@ -105,6 +106,10 @@ class CreateServiceChainNodeForm(forms.SelfHandlingForm): except KeyError: pass context['config'] = json.dumps(context['config']) + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.create_servicechain_node(request, **context) msg = _("Service Chain Node Created Successfully!") LOG.debug(msg) @@ -137,6 +142,10 @@ class UpdateServiceChainNodeForm(BaseUpdateForm): url = reverse("horizon:project:network_services:index") try: scnode_id = self.initial['scnode_id'] + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.update_servicechain_node( request, scnode_id, **context) msg = _("Service Chain Node Updated Successfully!") @@ -183,6 +192,10 @@ class CreateServiceChainSpecForm(forms.SelfHandlingForm): def handle(self, request, context): url = reverse("horizon:project:network_services:index") try: + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.create_servicechain_spec(request, **context) msg = _("Service Chain Spec Created Successfully!") LOG.debug(msg) @@ -219,6 +232,10 @@ class UpdateServiceChainSpecForm(CreateServiceChainSpecForm, BaseUpdateForm): url = reverse("horizon:project:network_services:index") try: scspec_id = self.initial['scspec_id'] + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.update_servicechain_spec(request, scspec_id, **context) msg = _("Service Chain Spec Updated Successfully!") LOG.debug(msg) @@ -260,6 +277,10 @@ class CreateServiceChainInstanceForm(forms.SelfHandlingForm): def handle(self, request, context): url = reverse("horizon:project:network_services:index") try: + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.create_servicechain_instance(request, **context) msg = _("Service Chain Instance Created Successfully!") LOG.debug(msg) @@ -295,6 +316,10 @@ class UpdateServiceChainInstanceForm(forms.SelfHandlingForm): url = reverse("horizon:project:network_services:index") try: scinstance_id = self.initial['scinstance_id'] + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) client.update_servicechain_instance( request, scinstance_id, **context) msg = _("Service Chain Instance Created Successfully!") diff --git a/gbpui/panels/policytargets/forms.py b/gbpui/panels/policytargets/forms.py index 02535b5..a81b55f 100644 --- a/gbpui/panels/policytargets/forms.py +++ b/gbpui/panels/policytargets/forms.py @@ -14,6 +14,7 @@ import logging from django.core.urlresolvers import reverse from django import http +from django.utils import html from django.utils.translation import ugettext_lazy as _ from horizon import exceptions @@ -112,6 +113,10 @@ class UpdatePolicyTargetForm(forms.SelfHandlingForm): context['consumed_policy_rule_sets'] = None if context['network_service_policy_id'] == 'None': context['network_service_policy_id'] = None + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) policy_target = client.policy_target_update( request, policy_target_id, **context) msg = _('Group %s was successfully updated.') % name_or_id diff --git a/gbpui/panels/policytargets/workflows.py b/gbpui/panels/policytargets/workflows.py index 1581412..fd5fa3f 100644 --- a/gbpui/panels/policytargets/workflows.py +++ b/gbpui/panels/policytargets/workflows.py @@ -13,6 +13,7 @@ import logging from django.core.urlresolvers import reverse +from django.utils import html from django.utils.text import normalize_newlines # noqa from django.utils.translation import ugettext_lazy as _ from django.views.decorators.debug import sensitive_variables # noqa @@ -213,6 +214,10 @@ class AddPTG(workflows.Workflow): def handle(self, request, context): try: + if context.get('name'): + context['name'] = html.escape(context['name']) + if context.get('description'): + context['description'] = html.escape(context['description']) group = client.policy_target_create(request, **context) return group except Exception as e: