summaryrefslogtreecommitdiffstats
path: root/admportal/server/router/routes/admin.js
diff options
context:
space:
mode:
authorRotundo, Al (ar3165) <ar3165@att.com>2019-11-22 15:07:18 +0000
committerRotundo, Al (ar3165) <ar3165@att.com>2019-11-22 15:07:18 +0000
commit6d9e9c449782cbf560a0dd591509c596326b8bf0 (patch)
treede91df55c586e26db0ac16a1acdc995c53629485 /admportal/server/router/routes/admin.js
parent34f2213be95352e1643bbeaadfe5723fbddf1c35 (diff)
fixing security issues found in onap admportal
changed exec command to spawn command to prevent arbitray code execution Issue-ID: SDNC-978 Signed-off-by: Rotundo, Al (ar3165) <ar3165@att.com> Change-Id: I4487b5c7a14d7a7b1e4985b89e646cf6801845e0 Former-commit-id: 484d74555c481f055a7f33909071962cace85aa0
Diffstat (limited to 'admportal/server/router/routes/admin.js')
-rwxr-xr-xadmportal/server/router/routes/admin.js3
1 files changed, 3 insertions, 0 deletions
diff --git a/admportal/server/router/routes/admin.js b/admportal/server/router/routes/admin.js
index 96c7fd85..9a33dc81 100755
--- a/admportal/server/router/routes/admin.js
+++ b/admportal/server/router/routes/admin.js
@@ -19,6 +19,8 @@ router.use(cookieParser());
router.get('/getParameters', csp.checkAuth, dbRoutes.checkDB, function(req,res) {
dbRoutes.getParameters(req,res, {code:'', msg:''}, req.session.loggedInAdmin);
});
+
+/*
router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res) {
var privilegeObj = req.session.loggedInAdmin;
@@ -38,6 +40,7 @@ router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection,
}
});
});
+*/
// POST