diff options
author | vasraz <vasyl.razinkov@est.tech> | 2022-11-23 14:58:02 +0000 |
---|---|---|
committer | Michael Morris <michael.morris@est.tech> | 2022-11-28 16:13:19 +0000 |
commit | c185851ae5df8f827922b924c11daa0ab4c10582 (patch) | |
tree | a4eb0abb7f3ff23ee83c53d4b2986b3a83b66e74 /sdc-workflow-designer-ui/src/main/webapp | |
parent | 131e3ba9462e895f98e443847bf6dd381ca0dc34 (diff) |
Fix security issues
1. Redirect root to /workflows
2. High-severity bug 'application exposed to path traversal attack'
Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Ib3ef429e7d75d87c23f4c00b63e0554b1e223273
Issue-ID: SDC-4278
Diffstat (limited to 'sdc-workflow-designer-ui/src/main/webapp')
-rw-r--r-- | sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml b/sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml index 279b405e..5022f471 100644 --- a/sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml +++ b/sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml @@ -1,8 +1,8 @@ <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" - version="4.0"> + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd" + version="4.0"> <servlet> <servlet-name>Backend Proxy</servlet-name> @@ -16,4 +16,9 @@ <url-pattern>/v1.0/activity-spec/*</url-pattern> </servlet-mapping> + <context-param> + <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name> + <param-value>false</param-value> + </context-param> + </web-app> |