diff options
author | vasraz <vasyl.razinkov@est.tech> | 2022-09-07 18:45:20 +0100 |
---|---|---|
committer | Michael Morris <michael.morris@est.tech> | 2022-09-08 10:09:00 +0000 |
commit | 013779aedf93a6f6ff878c457de53e729540c252 (patch) | |
tree | e01b5f74e4b452a14ac81ebc410bf2c004a9a757 /catalog-fe/src/main/webapp | |
parent | c37bada019850822df28e2d28f10b64241467fdf (diff) |
Fix high-severity bug 'application exposed to path traversal attack'
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: I7f4b1e8d083cc39f8e57dcedddecc6af56fdc9c2
Issue-ID: SDC-4169
Diffstat (limited to 'catalog-fe/src/main/webapp')
-rw-r--r-- | catalog-fe/src/main/webapp/WEB-INF/web.xml | 230 |
1 files changed, 118 insertions, 112 deletions
diff --git a/catalog-fe/src/main/webapp/WEB-INF/web.xml b/catalog-fe/src/main/webapp/WEB-INF/web.xml index 8f64a2b336..de133ac8ec 100644 --- a/catalog-fe/src/main/webapp/WEB-INF/web.xml +++ b/catalog-fe/src/main/webapp/WEB-INF/web.xml @@ -1,115 +1,121 @@ <?xml version="1.0" encoding="UTF-8"?> -<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" - version="3.0"> - - <servlet> - <servlet-name>jersey</servlet-name> - <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class> - <init-param> - <param-name>jersey.config.server.provider.packages</param-name> - <param-value>org.openecomp.sdc.fe.servlets</param-value> - </init-param> - - <init-param> - <param-name>jersey.config.server.provider.classnames</param-name> - <param-value>org.glassfish.jersey.media.multipart.MultiPartFeature</param-value> - </init-param> - <init-param> - <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name> - <param-value>true</param-value> - </init-param> - <load-on-startup>1</load-on-startup> - <async-supported>true</async-supported> - </servlet> - - <servlet-mapping> - <servlet-name>jersey</servlet-name> - <url-pattern>/rest/*</url-pattern> - </servlet-mapping> - - <servlet> - <servlet-name>ViewStatusMessages</servlet-name> - <servlet-class>ch.qos.logback.classic.ViewStatusMessagesServlet</servlet-class> +<web-app xmlns="http://java.sun.com/xml/ns/javaee" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" + version="3.0"> + + <servlet> + <servlet-name>jersey</servlet-name> + <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class> + <init-param> + <param-name>jersey.config.server.provider.packages</param-name> + <param-value>org.openecomp.sdc.fe.servlets</param-value> + </init-param> + + <init-param> + <param-name>jersey.config.server.provider.classnames</param-name> + <param-value>org.glassfish.jersey.media.multipart.MultiPartFeature</param-value> + </init-param> + <init-param> + <param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name> + <param-value>true</param-value> + </init-param> + <load-on-startup>1</load-on-startup> <async-supported>true</async-supported> - </servlet> - - <servlet-mapping> - <servlet-name>ViewStatusMessages</servlet-name> - <url-pattern>/lbClassicStatus</url-pattern> - </servlet-mapping> - - <!-- Fe Proxy Servlet --> - <servlet> - <servlet-name>FeProxy</servlet-name> - <servlet-class>org.openecomp.sdc.fe.servlets.FeProxyServlet</servlet-class> - - <load-on-startup>1</load-on-startup> - <async-supported>true</async-supported> - - - </servlet> - - <servlet-mapping> - <servlet-name>FeProxy</servlet-name> - <url-pattern>/feProxy/*</url-pattern> - </servlet-mapping> - - <servlet> - <servlet-name>Portal</servlet-name> - <servlet-class>org.openecomp.sdc.fe.servlets.PortalServlet</servlet-class> - <async-supported>true</async-supported> - </servlet> - - <servlet-mapping> - <servlet-name>Portal</servlet-name> - <url-pattern>/portal</url-pattern> - </servlet-mapping> - - - <filter> - <filter-name>AuditLogServletFilter</filter-name> - <filter-class>org.onap.logging.filter.base.AuditLogServletFilter</filter-class> - <async-supported>true</async-supported> - </filter> - -<!-- <filter>--> -<!-- <filter-name>SecurityFilter</filter-name>--> -<!-- <filter-class>org.openecomp.sdc.fe.filters.SecurityFilter</filter-class>--> -<!-- <async-supported>true</async-supported>--> -<!-- <init-param>--> -<!-- <param-name>excludedUrls</param-name>--> -<!-- <!– Comma separated list of excluded servlet URLs –>--> -<!-- <param-value>/config,/configmgr,/rest</param-value>--> -<!-- </init-param>--> -<!-- </filter>--> - - <filter> - <filter-name>gzipFilter</filter-name> - <filter-class>org.openecomp.sdc.fe.filters.GzipFilter</filter-class> - <async-supported>true</async-supported> - </filter> - - <filter-mapping> - <filter-name>AuditLogServletFilter</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> - -<!-- <filter-mapping>--> -<!-- <filter-name>SecurityFilter</filter-name>--> -<!-- <url-pattern>/*</url-pattern>--> -<!-- </filter-mapping>--> - - <filter-mapping> - <filter-name>gzipFilter</filter-name> - <url-pattern>*.jsgz</url-pattern> - </filter-mapping> - - <listener> - <listener-class>org.openecomp.sdc.fe.listen.FEAppContextListener</listener-class> - </listener> - - <welcome-file-list> - <welcome-file>index.html</welcome-file> - </welcome-file-list> + </servlet> + + <servlet-mapping> + <servlet-name>jersey</servlet-name> + <url-pattern>/rest/*</url-pattern> + </servlet-mapping> + + <servlet> + <servlet-name>ViewStatusMessages</servlet-name> + <servlet-class>ch.qos.logback.classic.ViewStatusMessagesServlet</servlet-class> + <async-supported>true</async-supported> + </servlet> + + <servlet-mapping> + <servlet-name>ViewStatusMessages</servlet-name> + <url-pattern>/lbClassicStatus</url-pattern> + </servlet-mapping> + + <!-- Fe Proxy Servlet --> + <servlet> + <servlet-name>FeProxy</servlet-name> + <servlet-class>org.openecomp.sdc.fe.servlets.FeProxyServlet</servlet-class> + + <load-on-startup>1</load-on-startup> + <async-supported>true</async-supported> + + + </servlet> + + <servlet-mapping> + <servlet-name>FeProxy</servlet-name> + <url-pattern>/feProxy/*</url-pattern> + </servlet-mapping> + + <servlet> + <servlet-name>Portal</servlet-name> + <servlet-class>org.openecomp.sdc.fe.servlets.PortalServlet</servlet-class> + <async-supported>true</async-supported> + </servlet> + + <servlet-mapping> + <servlet-name>Portal</servlet-name> + <url-pattern>/portal</url-pattern> + </servlet-mapping> + + <context-param> + <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name> + <param-value>false</param-value> + </context-param> + + + <filter> + <filter-name>AuditLogServletFilter</filter-name> + <filter-class>org.onap.logging.filter.base.AuditLogServletFilter</filter-class> + <async-supported>true</async-supported> + </filter> + + <!-- <filter>--> + <!-- <filter-name>SecurityFilter</filter-name>--> + <!-- <filter-class>org.openecomp.sdc.fe.filters.SecurityFilter</filter-class>--> + <!-- <async-supported>true</async-supported>--> + <!-- <init-param>--> + <!-- <param-name>excludedUrls</param-name>--> + <!-- <!– Comma separated list of excluded servlet URLs –>--> + <!-- <param-value>/config,/configmgr,/rest</param-value>--> + <!-- </init-param>--> + <!-- </filter>--> + + <filter> + <filter-name>gzipFilter</filter-name> + <filter-class>org.openecomp.sdc.fe.filters.GzipFilter</filter-class> + <async-supported>true</async-supported> + </filter> + + <filter-mapping> + <filter-name>AuditLogServletFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + + <!-- <filter-mapping>--> + <!-- <filter-name>SecurityFilter</filter-name>--> + <!-- <url-pattern>/*</url-pattern>--> + <!-- </filter-mapping>--> + + <filter-mapping> + <filter-name>gzipFilter</filter-name> + <url-pattern>*.jsgz</url-pattern> + </filter-mapping> + + <listener> + <listener-class>org.openecomp.sdc.fe.listen.FEAppContextListener</listener-class> + </listener> + + <welcome-file-list> + <welcome-file>index.html</welcome-file> + </welcome-file-list> </web-app> |