summaryrefslogtreecommitdiffstats
path: root/catalog-be/src/main/docker/backend
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2022-10-14 13:35:39 +0100
committerMichael Morris <michael.morris@est.tech>2022-10-18 08:27:16 +0000
commitddb9d5a7637b382be9ac7a96ad023a983c41c342 (patch)
tree4e551d6ce4348aed56f42b021bbe4fcfccc3cd15 /catalog-be/src/main/docker/backend
parentccab3629426bdc6a87ca6102db3fdb23d4419b3e (diff)
Fix security risk 'Improper Input Validation'
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: I6a52148aec3b567db43ec57109214e52d106f73c Issue-ID: SDC-4189
Diffstat (limited to 'catalog-be/src/main/docker/backend')
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/error-configuration.yaml9
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb3
2 files changed, 11 insertions, 1 deletions
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/error-configuration.yaml b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/error-configuration.yaml
index 532ee3ecac..75f8904519 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/error-configuration.yaml
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/error-configuration.yaml
@@ -2411,7 +2411,7 @@ errors:
# %1 - property name
code: 400,
message: 'Error: Invalid Content. %1 has invalid format.',
- messageId: "SVC4723"
+ messageId: "SVC4731"
}
#---------SVC4734------------------------------
# %1 - list of validation errors
@@ -2822,6 +2822,13 @@ errors:
message: "Capability '%1' not found in '%2' '%3'."
messageId: "SVC4186"
+ #---------SVC4001------------------------------
+ NOT_PERMITTED_SPECIAL_CHARS: {
+ code: 406,
+ message: 'Error: HTML elements not permitted in field values.',
+ messageId: "SVC4001"
+ }
+
# %1 - The data type Uid
DATA_TYPE_NOT_FOUND:
code: 404
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
index 5706a16553..9a2437c2c1 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
@@ -1293,5 +1293,8 @@ externalCsarStore:
#This configuration specifies the delimiter used to differentiate instance name and count
componentInstanceCounterDelimiter: " "
+# Comma separated list of excluded URLs by the DataValidatorFilter
+dataValidatorFilterExcludedUrls: "/healthCheck,/followed,/authorize"
+
#Space separated list of permitted ancestors
permittedAncestors: <%= @permittedAncestors %>