feature/RR-1363:Export win backend input validation

[ince-dbt]

Description of change

This PR addresses the security vulnerabilities identified in the recent penetration test by enhancing the input validation mechanisms for export win. This is a backend implementation and there will be a front end implementation coming for better user experience ( see attached documentation in this ticket for more details) The main changes include:

1. Input Validation Enhancement - Introduced a TagChecker class to parse and detect disallowed HTML tags ('<script>', '<style>', '<iframe>', '', '', ''), named character references (<, >, &, ", '), and specific disallowed characters (<, >,\ ).Please refer to the relevant section in the commit for detailed implementation.

2. Decorator for Validation - Implemented a validate_script_and_html_tags decorator to wrap around view functions.
   This decorator ensures that any input containing disallowed HTML tags, symbols, or characters results in a 400 Bad Request response, preventing malicious content from being processed by the server. Please refer to the relevant section in the commit for detailed implementation.

3. Security Best Practices - Adopted a preventive approach by blocking dangerous input at the source, ensuring robust security against injection attacks.

Impact:
Security Improvement: These changes mitigate the risk of XSS and other injection attacks by ensuring malicious content is blocked at the point of entry in export win.
User Experience: Users attempting to input dangerous content will receive immediate feedback, preventing potential misuse or accidental security breaches.

Testing:
you can test this by calling <datahub_env_url>/v4/export-win endpoint via postman or manual and pass following payload
{ "adviser": { "id": "change to your own adviser id" }, "lead_officer": { "id": "change to your own leadofficer id" }, "hq_team": { "id": "b9afc253-5aa1-498f-b5d7-d43dad1ced82" }, "team_type": { "id": "1f6eccf9-289a-450b-a4af-b75600ea521b" }, "business_potential": { "id": "0e6f1d69-e9c3-4460-a74b-3881930fe3e9" }, "company": { "id": "cf52ca4d-a6d5-4b1e-b640-ed43249b12a5" }, "company_contacts": [ { "id": "fc87ccb7-da02-4343-9ed4-4c17abddd1c5" } ], "customer_location": { "id": "8a4cd12a-6095-e211-a939-e4115bead28a" }, "business_type": "The best type", "description": "Description", "name_of_export": "Sand", "date": "2024-05-05", "country": "5daf72a6-5d95-e211-a939-e4115bead28a", "total_expected_export_value": 1000000, "total_expected_non_export_value": 1000000, "total_expected_odi_value": 1000000, "goods_vs_services": { "id": "8711e3dd-3a2c-4b47-aea7-9a53c135efb6" }, "sector": { "id": "b422c9d2-5f95-e211-a939-e4115bead28a" }, "type_of_support": [ { "id": "1ed7f465-1461-4d66-b4a2-8d704ea239a8" } ], "associated_programme": [ { "id": "b6f5c31a-aa45-4ae0-89bd-2eb3ab943f76" } ], "is_personally_confirmed": false, "is_line_manager_confirmed": false, "name_of_customer": "Overseas Customer", "name_of_customer_confidential": true, "export_experience": { "id": "587928e3-cab1-45cb-ba49-0656b6d2f867" }, "breakdowns": [ { "type": { "id": "cecb1f61-abd2-4715-a0c9-b196b52671d9" }, "value": 1000, "year": 2023 } ] }

REC-20240521115924.mp4

Checklist

• Has this branch been rebased on top of the current main branch?

  Explanation

  The branch should not be stale or have conflicts at the time reviews are requested.

• Is the CircleCI build passing?

General points

Other things to check
• Make sure fixtures/test_data.yaml is maintained when updating models
• Consider the admin site when making changes to models
• Use select-/prefetch-related field lists in views and search apps, and update them when fields are added
• Make sure the README is updated e.g. when adding new environment variables

See docs/CONTRIBUTING.md for more guidelines.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 80.43478% with 9 lines in your changes are missing coverage. Please review.

Project coverage is 96.39%. Comparing base (e3fb518) to head (e8e4f9c).
Report is 1 commits behind head on main.

❗ Current head e8e4f9c differs from pull request most recent head a5e4b58

Please upload reports for the commit a5e4b58 to get more accurate results.

Files	Patch %	Lines
datahub/export_win/decorators.py	77.50%	8 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5425      +/-   ##
==========================================
- Coverage   96.42%   96.39%   -0.04%     
==========================================
  Files         940      941       +1     
  Lines       22346    22392      +46     
  Branches     2010     2016       +6     
==========================================
+ Hits        21548    21584      +36     
- Misses        650      659       +9     
- Partials      148      149       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.