Merge pull request #3383 from kelvinvelasquez-SDE/fix/security-bandit

fix(security): resolve B701 (Jinja2) and B113 (timeout) vulnerabilities
2025-12-20 09:19:09 +01:00 · 2025-12-20 09:19:09 +01:00 · 9907e7242f
parent 7b22761c75 9b5cc01b06
commit 9907e7242f
3 changed files with 3 additions and 3 deletions
--- a/glances/amps/nginx/init.py
+++ b/glances/amps/nginx/init.py
@ -66,7 +66,7 @@ class Amp(GlancesAmp):
        """Update the AMP"""
        # Get the Nginx status
        logger.debug('{}: Update stats using status URL {}'.format(self.NAME, self.get('status_url')))
-        res = requests.get(self.get('status_url'))
+        res = requests.get(self.get('status_url'), timeout=15)
        if res.ok:
            # u'Active connections: 1 \nserver accepts handled requests\n 1 1 1 \nReading: 0 Writing: 1 Waiting: 0 \n'
            self.set_result(res.text.rstrip())
--- a/glances/exports/glances_restful/init.py
+++ b/glances/exports/glances_restful/init.py
@ -54,7 +54,7 @@ class Export(GlancesExport):
            # One complete loop have been done
            logger.debug(f"Export stats ({listkeys(self.buffer)}) to RESTful endpoint ({self.client})")
            # Export stats
-            post(self.client, json=self.buffer, allow_redirects=True)
+            post(self.client, json=self.buffer, allow_redirects=True, timeout=15)
            # Reset buffer
            self.buffer = {}

--- a/glances/outputs/glances_stdout_fetch.py
+++ b/glances/outputs/glances_stdout_fetch.py
@ -78,7 +78,7 @@ class GlancesStdoutFetch:
                fetch_template = f.read()

        # Create a Jinja2 environment
-        jinja_env = jinja2.Environment(loader=jinja2.BaseLoader())
+        jinja_env = jinja2.Environment(loader=jinja2.BaseLoader(), autoescape=True)
        template = jinja_env.from_string(fetch_template)
        output = template.render(gl=self.gl)
        print(output)