mirror/netbox-community-netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2024-05-10 07:54:54 +00:00
Code Activity

Closes #6921: Employ a sandbox when rendering Jinja2 code for increased security

Browse Source
This commit is contained in:
jeremystretch
2021-08-10 20:52:45 -04:00
parent 7bceeb714b
commit db359719a9
5 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
netbox/utilities/utils.py
View File

@ -6,7 +6,7 @@ from itertools import count, groupby
from django.core.serializers import serialize
from django.db.models import Count, OuterRef, Subquery
from django.db.models.functions import Coalesce
from jinja2 import Environment
from jinja2.sandbox import SandboxedEnvironment
from mptt.models import MPTTModel
from dcim.choices import CableLengthUnitChoices
@ -213,7 +213,7 @@ def render_jinja2(template_code, context):
"""
Render a Jinja2 template with the provided context. Return the rendered content.
"""
return Environment().from_string(source=template_code).render(**context)
return SandboxedEnvironment().from_string(source=template_code).render(**context)
def prepare_cloned_fields(instance):