Closed bmpotter closed 1 year ago
@bmpotter Can I take this up? And could you please help me get started with this issue?
@megha070 At this time i would prefer that you focus on the exchange-api, because we know we will need changes in that for the vault work. (We don't know yet if we will need CSS changes.) I think a good first issue for you in the exchange is https://github.com/open-horizon/exchange-api/issues/174 .
The
swagger-ui
directory was copied from https://github.com/swagger-api/swagger-ui . It's purpose was to be served bycore/base/http.go
so that a developer could view the swagger info for the CSS/ESS API.But the swagger-ui has known vulnerabilities, which have been identified by code scans. And i don't think we ever expose this specific API to view the swagger info in the CSS management hub container. If this is correct, we should remove the whole directory and the code in
core/base/http.go
that uses it.As an alternative, the sync service
swagger.json
file can be viewed by any of these methods:swagger.json
file, for example: https://www.ibm.com/support/knowledgecenter/SSFKVV_4.2/api/mms_swagger.json