From 6d9e9c449782cbf560a0dd591509c596326b8bf0 Mon Sep 17 00:00:00 2001 From: "Rotundo, Al (ar3165)" Date: Fri, 22 Nov 2019 15:07:18 +0000 Subject: fixing security issues found in onap admportal changed exec command to spawn command to prevent arbitray code execution Issue-ID: SDNC-978 Signed-off-by: Rotundo, Al (ar3165) Change-Id: I4487b5c7a14d7a7b1e4985b89e646cf6801845e0 Former-commit-id: 484d74555c481f055a7f33909071962cace85aa0 --- admportal/server/router/routes/admin.js | 3 +++ 1 file changed, 3 insertions(+) (limited to 'admportal/server/router/routes/admin.js') diff --git a/admportal/server/router/routes/admin.js b/admportal/server/router/routes/admin.js index 96c7fd85..9a33dc81 100755 --- a/admportal/server/router/routes/admin.js +++ b/admportal/server/router/routes/admin.js @@ -19,6 +19,8 @@ router.use(cookieParser()); router.get('/getParameters', csp.checkAuth, dbRoutes.checkDB, function(req,res) { dbRoutes.getParameters(req,res, {code:'', msg:''}, req.session.loggedInAdmin); }); + +/* router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, function(req,res) { var privilegeObj = req.session.loggedInAdmin; @@ -38,6 +40,7 @@ router.get('/deleteParameter', csp.checkAuth, dbRoutes.checkDB, csrfProtection, } }); }); +*/ // POST -- cgit 1.2.3-korg