diff options
author | vasraz <vasyl.razinkov@est.tech> | 2022-10-14 13:35:39 +0100 |
---|---|---|
committer | Michael Morris <michael.morris@est.tech> | 2022-10-18 08:27:16 +0000 |
commit | ddb9d5a7637b382be9ac7a96ad023a983c41c342 (patch) | |
tree | 4e551d6ce4348aed56f42b021bbe4fcfccc3cd15 /catalog-be/src/main/docker/backend | |
parent | ccab3629426bdc6a87ca6102db3fdb23d4419b3e (diff) |
Fix security risk 'Improper Input Validation'
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: I6a52148aec3b567db43ec57109214e52d106f73c
Issue-ID: SDC-4189
Diffstat (limited to 'catalog-be/src/main/docker/backend')
2 files changed, 11 insertions, 1 deletions
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/error-configuration.yaml b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/error-configuration.yaml index 532ee3ecac..75f8904519 100644 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/error-configuration.yaml +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/files/default/error-configuration.yaml @@ -2411,7 +2411,7 @@ errors: # %1 - property name code: 400, message: 'Error: Invalid Content. %1 has invalid format.', - messageId: "SVC4723" + messageId: "SVC4731" } #---------SVC4734------------------------------ # %1 - list of validation errors @@ -2822,6 +2822,13 @@ errors: message: "Capability '%1' not found in '%2' '%3'." messageId: "SVC4186" + #---------SVC4001------------------------------ + NOT_PERMITTED_SPECIAL_CHARS: { + code: 406, + message: 'Error: HTML elements not permitted in field values.', + messageId: "SVC4001" + } + # %1 - The data type Uid DATA_TYPE_NOT_FOUND: code: 404 diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb index 5706a16553..9a2437c2c1 100644 --- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb +++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb @@ -1293,5 +1293,8 @@ externalCsarStore: #This configuration specifies the delimiter used to differentiate instance name and count componentInstanceCounterDelimiter: " " +# Comma separated list of excluded URLs by the DataValidatorFilter +dataValidatorFilterExcludedUrls: "/healthCheck,/followed,/authorize" + #Space separated list of permitted ancestors permittedAncestors: <%= @permittedAncestors %> |