From a98053a0274c6d27c4f3d94a43033c6364deb7cd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20H=C3=A9zs=C5=91?= <bence.hezso@gmail.com>
Date: Tue, 12 May 2026 16:10:52 +0200
Subject: [PATCH] Harden security: enable Jinja2 autoescape, add SQL table
 whitelist, enforce HTTPS

---
 core/utils_db.py     | 13 +++++++++++++
 core/utils_report.py |  5 +++--
 core/utils_sync.py   |  4 +++-
 utils/connection.py  |  4 +++-
 utils/sync.py        |  4 +++-
 5 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/core/utils_db.py b/core/utils_db.py
index b32270a..b3202b9 100644
--- a/core/utils_db.py
+++ b/core/utils_db.py
@@ -9,6 +9,17 @@
 # Default master database
 MASTER_DATABASE = "datasets/data.db"
 
+ALLOWED_TABLES = {
+    "resourcetype",
+    "resource_inventory",
+    "cost_inventory",
+    "risk_inventory",
+    "scoring_data",
+    "alternative",
+    "alternativetechnology",
+    "risk",
+}
+
 
 def connect(db_path=MASTER_DATABASE):
     try:
@@ -20,6 +31,8 @@ def connect(db_path=MASTER_DATABASE):
 
 
 def load_data(table_name, db_path=MASTER_DATABASE):
+    if table_name not in ALLOWED_TABLES:
+        raise ValueError(f"Disallowed table name: {table_name}")
     try:
         conn = connect(db_path)
         cursor = conn.cursor()
diff --git a/core/utils_report.py b/core/utils_report.py
index 77dc9d8..42c3960 100644
--- a/core/utils_report.py
+++ b/core/utils_report.py
@@ -3,7 +3,7 @@
 import json
 import logging
 from typing import Any
-from jinja2 import Template
+from jinja2 import Environment
 
 # ReportLab
 from reportlab.lib.pagesizes import A4
@@ -134,7 +134,8 @@ def generate_html_report(
     with open(template_path, "r") as file:
         template_content = file.read()
 
-    template = Template(template_content)
+    env = Environment(autoescape=True)
+    template = env.from_string(template_content)
     html_content = template.render(
         **metadata,
         **scoring_context,
diff --git a/core/utils_sync.py b/core/utils_sync.py
index 19548e5..a076b0e 100644
--- a/core/utils_sync.py
+++ b/core/utils_sync.py
@@ -20,7 +20,9 @@
 
 def _assess_url(host: str) -> str:
     host = host.strip().rstrip("/")
-    if not host.startswith("http"):
+    if host.startswith("http://"):
+        host = "https://" + host[len("http://") :]
+    elif not host.startswith("https://"):
         host = f"https://{host}"
     return f"{host}{_ASSESS_PATH}"
 
diff --git a/utils/connection.py b/utils/connection.py
index 893e9d1..bc66709 100644
--- a/utils/connection.py
+++ b/utils/connection.py
@@ -16,7 +16,9 @@
 
 def _build_url(host: str) -> str:
     host = host.strip().rstrip("/")
-    if not host.startswith("http"):
+    if host.startswith("http://"):
+        host = "https://" + host[len("http://") :]
+    elif not host.startswith("https://"):
         host = f"https://{host}"
     return f"{host}{_AUTH_PATH}"
 
diff --git a/utils/sync.py b/utils/sync.py
index 0ca41ce..cf3819a 100644
--- a/utils/sync.py
+++ b/utils/sync.py
@@ -14,7 +14,9 @@
 
 def _build_url(host: str) -> str:
     host = host.strip().rstrip("/")
-    if not host.startswith("http"):
+    if host.startswith("http://"):
+        host = "https://" + host[len("http://") :]
+    elif not host.startswith("https://"):
         host = f"https://{host}"
     return f"{host}{_ASSESS_PATH}"