diff options
author | vasraz <vasyl.razinkov@est.tech> | 2022-09-07 18:45:20 +0100 |
---|---|---|
committer | Michael Morris <michael.morris@est.tech> | 2022-09-08 10:09:00 +0000 |
commit | 013779aedf93a6f6ff878c457de53e729540c252 (patch) | |
tree | e01b5f74e4b452a14ac81ebc410bf2c004a9a757 /catalog-be/src | |
parent | c37bada019850822df28e2d28f10b64241467fdf (diff) |
Fix high-severity bug 'application exposed to path traversal attack'
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: I7f4b1e8d083cc39f8e57dcedddecc6af56fdc9c2
Issue-ID: SDC-4169
Diffstat (limited to 'catalog-be/src')
-rw-r--r-- | catalog-be/src/main/webapp/WEB-INF/web.xml | 45 |
1 files changed, 26 insertions, 19 deletions
diff --git a/catalog-be/src/main/webapp/WEB-INF/web.xml b/catalog-be/src/main/webapp/WEB-INF/web.xml index ca71eee221..64763b27a8 100644 --- a/catalog-be/src/main/webapp/WEB-INF/web.xml +++ b/catalog-be/src/main/webapp/WEB-INF/web.xml @@ -1,7 +1,8 @@ <?xml version="1.0" encoding="UTF-8"?> -<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" - version="3.0"> +<web-app xmlns="http://java.sun.com/xml/ns/javaee" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" + version="3.0"> <servlet> <servlet-name>jersey</servlet-name> @@ -77,7 +78,8 @@ <!-- ECOMP Portal --> <servlet> <servlet-name>ECOMPServlet</servlet-name> - <servlet-class>org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy</servlet-class> + <servlet-class>org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy + </servlet-class> <load-on-startup>3</load-on-startup> <async-supported>true</async-supported> </servlet> @@ -174,22 +176,22 @@ <url-pattern>/sdc/*</url-pattern> </filter-mapping> -<!-- - <filter> - <filter-name>basicAuthFilter</filter-name> - <filter-class> - org.openecomp.sdc.be.filters.BasicAuthenticationFilter - </filter-class> - <init-param> - <param-name>excludedUrls</param-name> - <param-value>/sdc2/rest/healthCheck,/sdc2/rest/v1/user,/sdc2/rest/v1/user/jh0003,/sdc2/rest/v1/screen,/sdc2/rest/v1/consumers,/sdc2/rest/v1/catalog/uploadType/datatypes,/sdc2/rest/v1/catalog/upload/multipart</param-value> - </init-param> - </filter> + <!-- + <filter> + <filter-name>basicAuthFilter</filter-name> + <filter-class> + org.openecomp.sdc.be.filters.BasicAuthenticationFilter + </filter-class> + <init-param> + <param-name>excludedUrls</param-name> + <param-value>/sdc2/rest/healthCheck,/sdc2/rest/v1/user,/sdc2/rest/v1/user/jh0003,/sdc2/rest/v1/screen,/sdc2/rest/v1/consumers,/sdc2/rest/v1/catalog/uploadType/datatypes,/sdc2/rest/v1/catalog/upload/multipart</param-value> + </init-param> + </filter> - <filter-mapping> - <filter-name>basicAuthFilter</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping>--> + <filter-mapping> + <filter-name>basicAuthFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping>--> <!-- <filter>--> <!-- <filter-name>beRestrictionAccessFilter</filter-name>--> @@ -252,6 +254,11 @@ <param-value>org.openecomp.sdc.be.togglz.TogglzConfiguration</param-value> </context-param> + <context-param> + <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name> + <param-value>false</param-value> + </context-param> + <listener> <listener-class>org.openecomp.sdc.be.listen.BEAppContextListener</listener-class> </listener> |