Change jinja environment to be SandboxedEnvironment

This to remove the need to enabled autoescape

Signed-off-by: Luca Carrogu <[email protected]>

Author: lukeseawalker

cookbooks/aws-parallelcluster-slurm/files/default/head_node_slurm/slurm/pcluster_slurm_config_generator.py

@@ -21,7 +21,8 @@
 
 import requests
 import yaml
-from jinja2 import Environment, FileSystemLoader
+from jinja2 import FileSystemLoader
+from jinja2.sandbox import SandboxedEnvironment
 
 log = logging.getLogger()
 instance_types_data = {}
@@ -185,7 +186,7 @@ def _get_jinja_env(template_directory, realmemory_to_ec2memory_ratio):
     # A nosec comment is appended to the following line in order to disable the B701 check.
     # The contents of the default templates are known and the input configuration data is
     # validated by the CLI.
-    env = Environment(loader=file_loader, trim_blocks=True, lstrip_blocks=True)  # nosec nosemgrep
+    env = SandboxedEnvironment(loader=file_loader, trim_blocks=True, lstrip_blocks=True)  # nosec nosemgrep
     env.filters["sanify_name"] = lambda value: re.sub(r"[^A-Za-z0-9]", "", value)
     env.filters["gpus"] = _gpus
     env.filters["vcpus"] = _vcpus