Corrections following the security audit (!64) · Merge requests · sed-paris / VisioManager · GitLab

Mentions légales du service

HUYNH Kim-Tam requested to merge audit-corrections into dev Mar 26, 2021

Description

Closes #110 : protect script execution
Closes #112 : refactor cors usage

Changelog

Fix manage_db tool
Align scaleway configuration files example
Protect script execution #110
Bind docker port to localhost only (via docker_run script)
Rework CORS (restrict backend access to host and remove useless CORS headers in frontend)

How to test

unit testing
create a visio (verify that the scripts are correctly executed)
add in /etc/hosts the line: toto.inria.fr and test all apis (via swagger and frontend appli)

Edited Mar 26, 2021 by HUYNH Kim-Tam