PDS Registry provides service and software application necessary for tracking, searching, auditing, locating, and maintaining artifacts within the system. These artifacts can range from data files and label files, schemas, dictionary definitions for objects and elements, services, etc.
To fix the problem, we need to ensure that the Jinja2 Environment object is created with autoescape set to True. This can be done by using the select_autoescape function, which will automatically enable autoescaping for specific file extensions like HTML and XML. This change will prevent XSS attacks by escaping untrusted input in the templates.
We need to modify the creation of the Environment object in the create_product_external and create_product_browse functions to include the autoescape parameter.
Suggested fixes powered by Copilot Autofix. Review carefully before merging.
Fixes https://github.com/NASA-PDS/registry/security/code-scanning/19
To fix the problem, we need to ensure that the Jinja2
Environmentobject is created withautoescapeset toTrue. This can be done by using theselect_autoescapefunction, which will automatically enable autoescaping for specific file extensions like HTML and XML. This change will prevent XSS attacks by escaping untrusted input in the templates.We need to modify the creation of the
Environmentobject in thecreate_product_externalandcreate_product_browsefunctions to include theautoescapeparameter.Suggested fixes powered by Copilot Autofix. Review carefully before merging.