Closed jordanpadams closed 1 year ago
Status: Working through code
Have implemented the changes but something broke the application and I'm trying to identify what exactly.
Have the statement changes implemented and tested, and am verifying encoding.
PR imminent
PR created in internal JPL github and requested @jordanpadams as reviewer.
added @nutjob4life @tloubrieu-jpl @anilnatha to the PR for review
Approved over on enterprise
Deployed to production! @jordanpadams and @tloubrieu-jpl, a note that the setup on one of the machines seemed to differ (newdsstatus versus dsstatus) and the application was 404, so I copied a conf file to connect the endpoint (I can provide details elsewhere). So, https://pds.nasa.gov/datasearch/ds-status/ is online! However, I thought Thomas had somehow disabled this. Is it still supposed to be disabled?
@c-suh nope. I believe he just moved the WAR file from tomcat. Great stuff! And thanks to @nutjob4life for the PR review.
Thanks! It's probably still a good idea to ask for an appscan of this. I left a link on enterprise github.
SA ticket has been created to track appscan requests. Link is on enterprise github.
🐛 Describe the bug
Per discussions on Slack #pdsen channel on 12/19, ds-status may not be sufficiently handling SQL Injection attempts.
📜 To Reproduce
See Slack discussion.
🕵️ Expected behavior
Cleans SQL injection attempt