summaryrefslogtreecommitdiffstats
path: root/catalog-fe/src/main/webapp
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2022-09-07 18:45:20 +0100
committerMichael Morris <michael.morris@est.tech>2022-09-08 10:09:00 +0000
commit013779aedf93a6f6ff878c457de53e729540c252 (patch)
treee01b5f74e4b452a14ac81ebc410bf2c004a9a757 /catalog-fe/src/main/webapp
parentc37bada019850822df28e2d28f10b64241467fdf (diff)
Fix high-severity bug 'application exposed to path traversal attack'
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: I7f4b1e8d083cc39f8e57dcedddecc6af56fdc9c2 Issue-ID: SDC-4169
Diffstat (limited to 'catalog-fe/src/main/webapp')
-rw-r--r--catalog-fe/src/main/webapp/WEB-INF/web.xml230
1 files changed, 118 insertions, 112 deletions
diff --git a/catalog-fe/src/main/webapp/WEB-INF/web.xml b/catalog-fe/src/main/webapp/WEB-INF/web.xml
index 8f64a2b336..de133ac8ec 100644
--- a/catalog-fe/src/main/webapp/WEB-INF/web.xml
+++ b/catalog-fe/src/main/webapp/WEB-INF/web.xml
@@ -1,115 +1,121 @@
<?xml version="1.0" encoding="UTF-8"?>
-<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
- version="3.0">
-
- <servlet>
- <servlet-name>jersey</servlet-name>
- <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
- <init-param>
- <param-name>jersey.config.server.provider.packages</param-name>
- <param-value>org.openecomp.sdc.fe.servlets</param-value>
- </init-param>
-
- <init-param>
- <param-name>jersey.config.server.provider.classnames</param-name>
- <param-value>org.glassfish.jersey.media.multipart.MultiPartFeature</param-value>
- </init-param>
- <init-param>
- <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
- <param-value>true</param-value>
- </init-param>
- <load-on-startup>1</load-on-startup>
- <async-supported>true</async-supported>
- </servlet>
-
- <servlet-mapping>
- <servlet-name>jersey</servlet-name>
- <url-pattern>/rest/*</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <servlet-name>ViewStatusMessages</servlet-name>
- <servlet-class>ch.qos.logback.classic.ViewStatusMessagesServlet</servlet-class>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+ version="3.0">
+
+ <servlet>
+ <servlet-name>jersey</servlet-name>
+ <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class>
+ <init-param>
+ <param-name>jersey.config.server.provider.packages</param-name>
+ <param-value>org.openecomp.sdc.fe.servlets</param-value>
+ </init-param>
+
+ <init-param>
+ <param-name>jersey.config.server.provider.classnames</param-name>
+ <param-value>org.glassfish.jersey.media.multipart.MultiPartFeature</param-value>
+ </init-param>
+ <init-param>
+ <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
+ <param-value>true</param-value>
+ </init-param>
+ <load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
- </servlet>
-
- <servlet-mapping>
- <servlet-name>ViewStatusMessages</servlet-name>
- <url-pattern>/lbClassicStatus</url-pattern>
- </servlet-mapping>
-
- <!-- Fe Proxy Servlet -->
- <servlet>
- <servlet-name>FeProxy</servlet-name>
- <servlet-class>org.openecomp.sdc.fe.servlets.FeProxyServlet</servlet-class>
-
- <load-on-startup>1</load-on-startup>
- <async-supported>true</async-supported>
-
-
- </servlet>
-
- <servlet-mapping>
- <servlet-name>FeProxy</servlet-name>
- <url-pattern>/feProxy/*</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <servlet-name>Portal</servlet-name>
- <servlet-class>org.openecomp.sdc.fe.servlets.PortalServlet</servlet-class>
- <async-supported>true</async-supported>
- </servlet>
-
- <servlet-mapping>
- <servlet-name>Portal</servlet-name>
- <url-pattern>/portal</url-pattern>
- </servlet-mapping>
-
-
- <filter>
- <filter-name>AuditLogServletFilter</filter-name>
- <filter-class>org.onap.logging.filter.base.AuditLogServletFilter</filter-class>
- <async-supported>true</async-supported>
- </filter>
-
-<!-- <filter>-->
-<!-- <filter-name>SecurityFilter</filter-name>-->
-<!-- <filter-class>org.openecomp.sdc.fe.filters.SecurityFilter</filter-class>-->
-<!-- <async-supported>true</async-supported>-->
-<!-- <init-param>-->
-<!-- <param-name>excludedUrls</param-name>-->
-<!-- &lt;!&ndash; Comma separated list of excluded servlet URLs &ndash;&gt;-->
-<!-- <param-value>/config,/configmgr,/rest</param-value>-->
-<!-- </init-param>-->
-<!-- </filter>-->
-
- <filter>
- <filter-name>gzipFilter</filter-name>
- <filter-class>org.openecomp.sdc.fe.filters.GzipFilter</filter-class>
- <async-supported>true</async-supported>
- </filter>
-
- <filter-mapping>
- <filter-name>AuditLogServletFilter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
-<!-- <filter-mapping>-->
-<!-- <filter-name>SecurityFilter</filter-name>-->
-<!-- <url-pattern>/*</url-pattern>-->
-<!-- </filter-mapping>-->
-
- <filter-mapping>
- <filter-name>gzipFilter</filter-name>
- <url-pattern>*.jsgz</url-pattern>
- </filter-mapping>
-
- <listener>
- <listener-class>org.openecomp.sdc.fe.listen.FEAppContextListener</listener-class>
- </listener>
-
- <welcome-file-list>
- <welcome-file>index.html</welcome-file>
- </welcome-file-list>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>jersey</servlet-name>
+ <url-pattern>/rest/*</url-pattern>
+ </servlet-mapping>
+
+ <servlet>
+ <servlet-name>ViewStatusMessages</servlet-name>
+ <servlet-class>ch.qos.logback.classic.ViewStatusMessagesServlet</servlet-class>
+ <async-supported>true</async-supported>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>ViewStatusMessages</servlet-name>
+ <url-pattern>/lbClassicStatus</url-pattern>
+ </servlet-mapping>
+
+ <!-- Fe Proxy Servlet -->
+ <servlet>
+ <servlet-name>FeProxy</servlet-name>
+ <servlet-class>org.openecomp.sdc.fe.servlets.FeProxyServlet</servlet-class>
+
+ <load-on-startup>1</load-on-startup>
+ <async-supported>true</async-supported>
+
+
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>FeProxy</servlet-name>
+ <url-pattern>/feProxy/*</url-pattern>
+ </servlet-mapping>
+
+ <servlet>
+ <servlet-name>Portal</servlet-name>
+ <servlet-class>org.openecomp.sdc.fe.servlets.PortalServlet</servlet-class>
+ <async-supported>true</async-supported>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>Portal</servlet-name>
+ <url-pattern>/portal</url-pattern>
+ </servlet-mapping>
+
+ <context-param>
+ <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name>
+ <param-value>false</param-value>
+ </context-param>
+
+
+ <filter>
+ <filter-name>AuditLogServletFilter</filter-name>
+ <filter-class>org.onap.logging.filter.base.AuditLogServletFilter</filter-class>
+ <async-supported>true</async-supported>
+ </filter>
+
+ <!-- <filter>-->
+ <!-- <filter-name>SecurityFilter</filter-name>-->
+ <!-- <filter-class>org.openecomp.sdc.fe.filters.SecurityFilter</filter-class>-->
+ <!-- <async-supported>true</async-supported>-->
+ <!-- <init-param>-->
+ <!-- <param-name>excludedUrls</param-name>-->
+ <!-- &lt;!&ndash; Comma separated list of excluded servlet URLs &ndash;&gt;-->
+ <!-- <param-value>/config,/configmgr,/rest</param-value>-->
+ <!-- </init-param>-->
+ <!-- </filter>-->
+
+ <filter>
+ <filter-name>gzipFilter</filter-name>
+ <filter-class>org.openecomp.sdc.fe.filters.GzipFilter</filter-class>
+ <async-supported>true</async-supported>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>AuditLogServletFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
+ <!-- <filter-mapping>-->
+ <!-- <filter-name>SecurityFilter</filter-name>-->
+ <!-- <url-pattern>/*</url-pattern>-->
+ <!-- </filter-mapping>-->
+
+ <filter-mapping>
+ <filter-name>gzipFilter</filter-name>
+ <url-pattern>*.jsgz</url-pattern>
+ </filter-mapping>
+
+ <listener>
+ <listener-class>org.openecomp.sdc.fe.listen.FEAppContextListener</listener-class>
+ </listener>
+
+ <welcome-file-list>
+ <welcome-file>index.html</welcome-file>
+ </welcome-file-list>
</web-app>