Fix security issues reported by the security audit

JIRA: RELENG-143

Change-Id: Ia20c6ce86e72924ab8ab5f93bdc956d7f6a40a93
Signed-off-by: Morgan Richomme <morgan.richomme@orange.com>

diff --git a/utils/test/reporting/functest/reporting-status.py b/utils/test/reporting/functest/reporting-status.py
index 7c943d8..e9e167d 100755 (executable)
--- a/utils/test/reporting/functest/reporting-status.py
+++ b/utils/test/reporting/functest/reporting-status.py
@@ -195,7 +195,7 @@ for version in conf.versions:
             logger.info("--------------------------")
 
         templateLoader = jinja2.FileSystemLoader(conf.REPORTING_PATH)
-        templateEnv = jinja2.Environment(loader=templateLoader)
+        templateEnv = jinja2.Environment(loader=templateLoader, autoescape=True)
 
         TEMPLATE_FILE = "/template/index-status-tmpl.html"
         template = templateEnv.get_template(TEMPLATE_FILE)

diff --git a/utils/test/reporting/functest/reporting-tempest.py b/utils/test/reporting/functest/reporting-tempest.py
index 0dc1dd3..363f123 100755 (executable)
--- a/utils/test/reporting/functest/reporting-tempest.py
+++ b/utils/test/reporting/functest/reporting-tempest.py
@@ -28,7 +28,7 @@ logger.info("success rate > %s " % criteria_success_rate)
 for version in conf.versions:
     for installer in conf.installers:
         # we consider the Tempest results of the last PERIOD days
-        url = conf.URL_BASE + "?case=tempest_smoke_serial"
+        url = 'http://' + conf.URL_BASE + "?case=tempest_smoke_serial"
         request = Request(url + '&period=' + str(PERIOD) +
                           '&installer=' + installer +
                           '&version=' + version)
@@ -116,7 +116,7 @@ for version in conf.versions:
                     logger.error("Error field not present (Brahamputra runs?)")
 
         templateLoader = jinja2.FileSystemLoader(conf.REPORTING_PATH)
-        templateEnv = jinja2.Environment(loader=templateLoader)
+        templateEnv = jinja2.Environment(loader=templateLoader, autoescape=True)
 
         TEMPLATE_FILE = "/template/index-tempest-tmpl.html"
         template = templateEnv.get_template(TEMPLATE_FILE)

diff --git a/utils/test/reporting/functest/reporting-vims.py b/utils/test/reporting/functest/reporting-vims.py
index a83d92f..430a545 100755 (executable)
--- a/utils/test/reporting/functest/reporting-vims.py
+++ b/utils/test/reporting/functest/reporting-vims.py
@@ -39,7 +39,7 @@ for version in conf.versions:
     for installer in installers:
         logger.info("Search vIMS results for installer: %s, version: %s"
                     % (installer, version))
-        request = Request(conf.URL_BASE + '?case=vims&installer=' +
+        request = Request("http://" + conf.URL_BASE + '?case=vims&installer=' +
                           installer + '&version=' + version)
 
         try:
@@ -102,7 +102,7 @@ for version in conf.versions:
                 logger.debug("----------------------------------------")
 
         templateLoader = jinja2.FileSystemLoader(conf.REPORTING_PATH)
-        templateEnv = jinja2.Environment(loader=templateLoader)
+        templateEnv = jinja2.Environment(loader=templateLoader, autoescape=True)
 
         TEMPLATE_FILE = "/template/index-vims-tmpl.html"
         template = templateEnv.get_template(TEMPLATE_FILE)

diff --git a/utils/test/reporting/functest/reportingConf.py b/utils/test/reporting/functest/reportingConf.py
index 9230cb2..b0e4cf7 100644 (file)
--- a/utils/test/reporting/functest/reportingConf.py
+++ b/utils/test/reporting/functest/reportingConf.py
@@ -21,7 +21,7 @@ MAX_SCENARIO_CRITERIA = 50
 NB_TESTS = 5
 # REPORTING_PATH = "/usr/share/nginx/html/reporting/functest"
 REPORTING_PATH = "."
-URL_BASE = 'http://testresults.opnfv.org/test/api/v1/results'
+URL_BASE = 'testresults.opnfv.org/test/api/v1/results'
 TEST_CONF = "https://git.opnfv.org/cgit/functest/plain/ci/testcases.yaml"
 LOG_LEVEL = "ERROR"
 LOG_FILE = REPORTING_PATH + "/reporting.log"

diff --git a/utils/test/reporting/functest/reportingUtils.py b/utils/test/reporting/functest/reportingUtils.py
index 5051ffa..f026204 100644 (file)
--- a/utils/test/reporting/functest/reportingUtils.py
+++ b/utils/test/reporting/functest/reportingUtils.py
@@ -37,7 +37,7 @@ def getApiResults(case, installer, scenario, version):
     # urllib2.install_opener(opener)
     # url = "http://127.0.0.1:8000/results?case=" + case + \
     #       "&period=30&installer=" + installer
-    url = (conf.URL_BASE + "?case=" + case +
+    url = ("http://" + conf.URL_BASE + "?case=" + case +
            "&period=" + str(conf.PERIOD) + "&installer=" + installer +
            "&scenario=" + scenario + "&version=" + version +
            "&last=" + str(conf.NB_TESTS))
@@ -56,7 +56,7 @@ def getApiResults(case, installer, scenario, version):
 def getScenarios(case, installer, version):
 
     case = case.getName()
-    url = (conf.URL_BASE + "?case=" + case +
+    url = ("http://" + conf.URL_BASE + "?case=" + case +
            "&period=" + str(conf.PERIOD) + "&installer=" + installer +
            "&version=" + version)
     request = Request(url)

diff --git a/utils/test/reporting/yardstick/reporting-status.py b/utils/test/reporting/yardstick/reporting-status.py
index ed5dab0..546bf08 100644 (file)
--- a/utils/test/reporting/yardstick/reporting-status.py
+++ b/utils/test/reporting/yardstick/reporting-status.py
@@ -59,7 +59,7 @@ for version in conf.versions:
             logger.info("--------------------------")
 
         templateLoader = jinja2.FileSystemLoader(conf.REPORTING_PATH)
-        templateEnv = jinja2.Environment(loader=templateLoader)
+        templateEnv = jinja2.Environment(loader=templateLoader, autoescape=True)
 
         TEMPLATE_FILE = "/template/index-status-tmpl.html"
         template = templateEnv.get_template(TEMPLATE_FILE)