fix(security): update swagger-ui to v4.1.3 (#2855)

char0n · web-flow · commit ec35bd33b8ef · 2021-12-10T15:34:22.000+01:00
swagger-ui <4.1.3 are affected by GHSA-qrmm-w75w-3wpx. This commit also exposes new docker env variable: QUERY_CONFIG_ENABLED. Closes #2853
diff --git a/docker-run.sh b/docker-run.sh
@@ -31,7 +31,12 @@ if [[ -f "$SWAGGER_FILE" ]]; then
   sed -i "s|#SWAGGER_ROOT|root $SWAGGER_ROOT/;|g" $NGINX_CONF
 fi
 
-# Gzip after replacements
-find /usr/share/nginx/html/ -type f -regex ".*\.\(html\|js\|css\)" -exec sh -c "gzip < {} > {}.gz" \;
+## Adding env var support for `queryConfigEnabled` core configuration parameter of SwaggerUI
+if [[ "${QUERY_CONFIG_ENABLED}" = "true" ]]; then
+  sed -i 's|queryConfigEnabled: false|queryConfigEnabled: true|' $INDEX_FILE
+fi
 
-exec nginx -g 'daemon off;'
+## Gzip after replacements
+#find /usr/share/nginx/html/ -type f -regex ".*\.\(html\|js\|css\)" -exec sh -c "gzip < {} > {}.gz" \;
+#
+#exec nginx -g 'daemon off;'
diff --git a/index.html b/index.html
@@ -55,7 +55,8 @@
       layout: 'StandaloneLayout',
       presets: [
         SwaggerEditorStandalonePreset
-      ]
+      ],
+      queryConfigEnabled: false,
     })
 
     window.editor = editor
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -87,7 +87,7 @@
     "redux": "=4.1.2",
     "reselect": "^4.0.0",
     "swagger-client": "^3.17.0",
-    "swagger-ui": "^4.1.2",
+    "swagger-ui": "^4.1.3",
     "traverse": "^0.6.6",
     "validator": "=13.7.0",
     "yaml-js": "^0.3.1"
diff --git a/test/e2e/static/index.html b/test/e2e/static/index.html
@@ -67,7 +67,8 @@
         layout: 'StandaloneLayout',
         presets: [
           SwaggerEditorStandalonePreset
-        ]
+        ],
+        queryConfigEnabled: true,
       })
 
       window.editor = editor
@@ -114,4 +115,4 @@
 
 </body>
 
-</html>
+</html>
