summaryrefslogtreecommitdiffstats
path: root/catalog-be
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2022-09-07 18:45:20 +0100
committerMichael Morris <michael.morris@est.tech>2022-09-08 10:09:00 +0000
commit013779aedf93a6f6ff878c457de53e729540c252 (patch)
treee01b5f74e4b452a14ac81ebc410bf2c004a9a757 /catalog-be
parentc37bada019850822df28e2d28f10b64241467fdf (diff)
Fix high-severity bug 'application exposed to path traversal attack'
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: I7f4b1e8d083cc39f8e57dcedddecc6af56fdc9c2 Issue-ID: SDC-4169
Diffstat (limited to 'catalog-be')
-rw-r--r--catalog-be/src/main/webapp/WEB-INF/web.xml45
1 files changed, 26 insertions, 19 deletions
diff --git a/catalog-be/src/main/webapp/WEB-INF/web.xml b/catalog-be/src/main/webapp/WEB-INF/web.xml
index ca71eee221..64763b27a8 100644
--- a/catalog-be/src/main/webapp/WEB-INF/web.xml
+++ b/catalog-be/src/main/webapp/WEB-INF/web.xml
@@ -1,7 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
-<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
- version="3.0">
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
<servlet>
<servlet-name>jersey</servlet-name>
@@ -77,7 +78,8 @@
<!-- ECOMP Portal -->
<servlet>
<servlet-name>ECOMPServlet</servlet-name>
- <servlet-class>org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy</servlet-class>
+ <servlet-class>org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy
+ </servlet-class>
<load-on-startup>3</load-on-startup>
<async-supported>true</async-supported>
</servlet>
@@ -174,22 +176,22 @@
<url-pattern>/sdc/*</url-pattern>
</filter-mapping>
-<!--
- <filter>
- <filter-name>basicAuthFilter</filter-name>
- <filter-class>
- org.openecomp.sdc.be.filters.BasicAuthenticationFilter
- </filter-class>
- <init-param>
- <param-name>excludedUrls</param-name>
- <param-value>/sdc2/rest/healthCheck,/sdc2/rest/v1/user,/sdc2/rest/v1/user/jh0003,/sdc2/rest/v1/screen,/sdc2/rest/v1/consumers,/sdc2/rest/v1/catalog/uploadType/datatypes,/sdc2/rest/v1/catalog/upload/multipart</param-value>
- </init-param>
- </filter>
+ <!--
+ <filter>
+ <filter-name>basicAuthFilter</filter-name>
+ <filter-class>
+ org.openecomp.sdc.be.filters.BasicAuthenticationFilter
+ </filter-class>
+ <init-param>
+ <param-name>excludedUrls</param-name>
+ <param-value>/sdc2/rest/healthCheck,/sdc2/rest/v1/user,/sdc2/rest/v1/user/jh0003,/sdc2/rest/v1/screen,/sdc2/rest/v1/consumers,/sdc2/rest/v1/catalog/uploadType/datatypes,/sdc2/rest/v1/catalog/upload/multipart</param-value>
+ </init-param>
+ </filter>
- <filter-mapping>
- <filter-name>basicAuthFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>-->
+ <filter-mapping>
+ <filter-name>basicAuthFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>-->
<!-- <filter>-->
<!-- <filter-name>beRestrictionAccessFilter</filter-name>-->
@@ -252,6 +254,11 @@
<param-value>org.openecomp.sdc.be.togglz.TogglzConfiguration</param-value>
</context-param>
+ <context-param>
+ <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name>
+ <param-value>false</param-value>
+ </context-param>
+
<listener>
<listener-class>org.openecomp.sdc.be.listen.BEAppContextListener</listener-class>
</listener>