From 013779aedf93a6f6ff878c457de53e729540c252 Mon Sep 17 00:00:00 2001 From: vasraz Date: Wed, 7 Sep 2022 18:45:20 +0100 Subject: Fix high-severity bug 'application exposed to path traversal attack' Signed-off-by: Vasyl Razinkov Change-Id: I7f4b1e8d083cc39f8e57dcedddecc6af56fdc9c2 Issue-ID: SDC-4169 --- .../notifications-fe/src/main/webapp/WEB-INF/web.xml | 13 +++++++++---- .../onboarding-rest-war/src/main/webapp/WEB-INF/web.xml | 13 ++++++++----- 2 files changed, 17 insertions(+), 9 deletions(-) (limited to 'openecomp-be') diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml index f0bad66222..9191a35786 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml @@ -1,8 +1,8 @@ + xmlns="http://java.sun.com/xml/ns/javaee" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" + version="3.0"> @@ -79,6 +79,11 @@ 1 + + org.eclipse.jetty.servlet.Default.dirAllowed + false + + spring-mapper /ws/* diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml index 09d2fb16b4..3cbfb1325e 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml @@ -1,8 +1,8 @@ + xmlns="http://java.sun.com/xml/ns/javaee" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" + version="3.0"> @@ -16,7 +16,10 @@ org.openecomp.sdc.be.togglz.TogglzConfiguration - + + org.eclipse.jetty.servlet.Default.dirAllowed + false + org.openecomp.server.listeners.OnboardingAppStartupListener -- cgit 1.2.3-korg