NFR - Directory or path traversal vulnerabilities must be prohibited #1666
DanielaWuensch
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Feature Request
Non functional requirement - Directory or path traversal vulnerabilities must be prohibited
As a company, which operates the EDC, I want to ensure that no directory or path traversals are possible over the exposed EDC APIs.
Documentation - Recommended EDC setup with a definition of intended and unintended endpoint access. Check agains Open-API guidelines and define those for endpoints that still miss those guidelines (i.e. Validation Endpoint)
Which Areas Would Be Affected?
all, including DPF, CI, build, transfer, etc._
Why Is the Feature Desired?
Security Requirement
Solution Proposal
Documentation - recommended EDC setup regarding roles and rights.
Documentation - definition of unintended & intended endpoints.
For every unintended endpoint (i.e. validation API) should respond with an adequate Error-Code.
For every intended/supported endpoint there should be a role/rights protecting this endpoint.
Type of Issue
non-functional requirement
Checklist
Documentation - recommended EDC setup regarding roles and rights.
Documentation - definition of unintended & intended endpoints.
For every unintended endpoint (i.e. validation API) should respond with an adequate Error-Code.
For every intended/supported endpoint there should be a role/rights protecting this endpoint.
Beta Was this translation helpful? Give feedback.
All reactions