Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix XML encoding in Route53 JInja2 Templates #3469 (#3473)

Browse Source 
* Use Jinja2 escape functionality to escape html attributes in value response

* Add tests

* fix formatting
This commit is contained in:
Ayush Ghosh 2020-11-18 02:23:49 -05:00 committed by GitHub
parent 62fd975da0
commit 7f73015f02
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 89 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
moto/route53/models.py
View File

@ -194,7 +194,7 @@ class RecordSet(CloudFormationModel):
<ResourceRecords> <ResourceRecords>
{% for record in record_set.records %} {% for record in record_set.records %}
<ResourceRecord> <ResourceRecord>
<Value>{{ record }}</Value> <Value>{{ record|e }}</Value>
</ResourceRecord> </ResourceRecord>
{% endfor %} {% endfor %}
</ResourceRecords> </ResourceRecords>

88
tests/test_route53/test_route53.py
View File

@ -644,6 +644,94 @@ def test_change_resource_record_sets_crud_valid():
len(response["ResourceRecordSets"]).should.equal(0) len(response["ResourceRecordSets"]).should.equal(0)
@mock_route53
def test_change_resource_record_sets_crud_valid_with_special_xml_chars():
conn = boto3.client("route53", region_name="us-east-1")
conn.create_hosted_zone(
Name="db.",
CallerReference=str(hash("foo")),
HostedZoneConfig=dict(PrivateZone=True, Comment="db"),
)
zones = conn.list_hosted_zones_by_name(DNSName="db.")
len(zones["HostedZones"]).should.equal(1)
zones["HostedZones"][0]["Name"].should.equal("db.")
hosted_zone_id = zones["HostedZones"][0]["Id"]
# Create TXT Record.
txt_record_endpoint_payload = {
"Comment": "Create TXT record prod.redis.db",
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "prod.redis.db.",
"Type": "TXT",
"TTL": 10,
"ResourceRecords": [{"Value": "SomeInitialValue"}],
},
}
],
}
conn.change_resource_record_sets(
HostedZoneId=hosted_zone_id, ChangeBatch=txt_record_endpoint_payload
)
response = conn.list_resource_record_sets(HostedZoneId=hosted_zone_id)
len(response["ResourceRecordSets"]).should.equal(1)
a_record_detail = response["ResourceRecordSets"][0]
a_record_detail["Name"].should.equal("prod.redis.db.")
a_record_detail["Type"].should.equal("TXT")
a_record_detail["TTL"].should.equal(10)
a_record_detail["ResourceRecords"].should.equal([{"Value": "SomeInitialValue"}])
# Update TXT Record with XML Special Character &.
txt_record_with_special_char_endpoint_payload = {
"Comment": "Update TXT record prod.redis.db",
"Changes": [
{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "prod.redis.db.",
"Type": "TXT",
"TTL": 60,
"ResourceRecords": [{"Value": "SomeInitialValue&NewValue"}],
},
}
],
}
conn.change_resource_record_sets(
HostedZoneId=hosted_zone_id,
ChangeBatch=txt_record_with_special_char_endpoint_payload,
)
response = conn.list_resource_record_sets(HostedZoneId=hosted_zone_id)
len(response["ResourceRecordSets"]).should.equal(1)
cname_record_detail = response["ResourceRecordSets"][0]
cname_record_detail["Name"].should.equal("prod.redis.db.")
cname_record_detail["Type"].should.equal("TXT")
cname_record_detail["TTL"].should.equal(60)
cname_record_detail["ResourceRecords"].should.equal(
[{"Value": "SomeInitialValue&NewValue"}]
)
# Delete record.
delete_payload = {
"Comment": "delete prod.redis.db",
"Changes": [
{
"Action": "DELETE",
"ResourceRecordSet": {"Name": "prod.redis.db", "Type": "TXT"},
}
],
}
conn.change_resource_record_sets(
HostedZoneId=hosted_zone_id, ChangeBatch=delete_payload
)
response = conn.list_resource_record_sets(HostedZoneId=hosted_zone_id)
len(response["ResourceRecordSets"]).should.equal(0)
@mock_route53 @mock_route53
def test_change_weighted_resource_record_sets(): def test_change_weighted_resource_record_sets():
conn = boto3.client("route53", region_name="us-east-2") conn = boto3.client("route53", region_name="us-east-2")