From c185851ae5df8f827922b924c11daa0ab4c10582 Mon Sep 17 00:00:00 2001
From: vasraz <vasyl.razinkov@est.tech>
Date: Wed, 23 Nov 2022 14:58:02 +0000
Subject: Fix security issues

1. Redirect root to /workflows
2. High-severity bug 'application exposed to path traversal attack'

Signed-off-by: Vasyl Razinkov <vasyl.razinkov@est.tech>
Change-Id: Ib3ef429e7d75d87c23f4c00b63e0554b1e223273
Issue-ID: SDC-4278
---
 sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'sdc-workflow-designer-ui/src')

diff --git a/sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml b/sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml
index 279b405e..5022f471 100644
--- a/sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml
+++ b/sdc-workflow-designer-ui/src/main/webapp/WEB-INF/web.xml
@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
-         version="4.0">
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_4_0.xsd"
+    version="4.0">
 
     <servlet>
         <servlet-name>Backend Proxy</servlet-name>
@@ -16,4 +16,9 @@
         <url-pattern>/v1.0/activity-spec/*</url-pattern>
     </servlet-mapping>
 
+    <context-param>
+        <param-name>org.eclipse.jetty.servlet.Default.dirAllowed</param-name>
+        <param-value>false</param-value>
+    </context-param>
+
 </web-app>
-- 
cgit 1.2.3-korg