diff options
author | vasraz <vasyl.razinkov@est.tech> | 2022-09-07 18:45:20 +0100 |
---|---|---|
committer | Michael Morris <michael.morris@est.tech> | 2022-09-08 10:09:00 +0000 |
commit | 013779aedf93a6f6ff878c457de53e729540c252 (patch) | |
tree | e01b5f74e4b452a14ac81ebc410bf2c004a9a757 /openecomp-be/api | |
parent | c37bada019850822df28e2d28f10b64241467fdf (diff) |
Fix high-severity bug 'application exposed to path traversal attack'
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: I7f4b1e8d083cc39f8e57dcedddecc6af56fdc9c2
Issue-ID: SDC-4169
Diffstat (limited to 'openecomp-be/api')
2 files changed, 17 insertions, 9 deletions
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml index f0bad66222..9191a35786 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml @@ -1,8 +1,8 @@ <web-app - xmlns="http://java.sun.com/xml/ns/javaee" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" - version="3.0"> + xmlns="http://java.sun.com/xml/ns/javaee" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" + version="3.0"> <!-- Spring --> @@ -79,6 +79,11 @@ <load-on-startup>1</load-on-startup> </servlet> + <context-param> + <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name> + <param-value>false</param-value> + </context-param> + <servlet-mapping> <servlet-name>spring-mapper</servlet-name> <url-pattern>/ws/*</url-pattern> diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml index 09d2fb16b4..3cbfb1325e 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml @@ -1,8 +1,8 @@ <web-app - xmlns="http://java.sun.com/xml/ns/javaee" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" - version="3.0"> + xmlns="http://java.sun.com/xml/ns/javaee" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" + version="3.0"> <!-- Spring --> @@ -16,7 +16,10 @@ <param-value>org.openecomp.sdc.be.togglz.TogglzConfiguration</param-value> </context-param> - + <context-param> + <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name> + <param-value>false</param-value> + </context-param> <listener> <listener-class>org.openecomp.server.listeners.OnboardingAppStartupListener</listener-class> |