aboutsummaryrefslogtreecommitdiffstats
path: root/sdc-workflow-designer-ui/src
diff options
context:
space:
mode:
authorvasraz <vasyl.razinkov@est.tech>2022-11-23 14:58:02 +0000
committerMichael Morris <michael.morris@est.tech>2022-11-28 16:13:19 +0000
commitc185851ae5df8f827922b924c11daa0ab4c10582 (patch)
treea4eb0abb7f3ff23ee83c53d4b2986b3a83b66e74 /sdc-workflow-designer-ui/src
parent131e3ba9462e895f98e443847bf6dd381ca0dc34 (diff)
Fix security issues
1. Redirect root to /workflows 2. High-severity bug 'application exposed to path traversal attack' Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech> Change-Id: Ib3ef429e7d75d87c23f4c00b63e0554b1e223273 Issue-ID: SDC-4278
Diffstat (limited to 'sdc-workflow-designer-ui/src')
-rw-r--r--sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml11
1 files changed, 8 insertions, 3 deletions
diff --git a/sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml b/sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml
index 279b405e..5022f471 100644
--- a/sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml
+++ b/sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml
@@ -1,8 +1,8 @@
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
- version="4.0">
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
+ version="4.0">
<servlet>
<servlet-name>Backend Proxy</servlet-name>
@@ -16,4 +16,9 @@
<url-pattern>/v1.0/activity-spec/*</url-pattern>
</servlet-mapping>
+ <context-param>
+ <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name>
+ <param-value>false</param-value>
+ </context-param>
+
</web-app>