diff options
| author | Joshi-Mansi <mansi.joshi@linux.intel.com> | 2020-03-11 12:04:53 +0300 |
|---|---|---|
| committer | mansi.joshi <mansi.joshi@linux.intel.com> | 2020-03-14 11:56:05 +0300 |
| commit | 818ea7b8f06292eaaa82ba67ef21933f50d71192 (patch) | |
| tree | 7c8ca14a35efc0a802b63ae5e3596826f15d9d27 | |
| parent | 831d6b093dfba0dc39257a1741ff5f4788a3ee0e (diff) | |
| download | bmcweb-818ea7b8f06292eaaa82ba67ef21933f50d71192.tar.xz | |
[Redfish-Net Protocol] Making HTTP OCP Compliant
Making HTTP protocolEnabled as false in Manager Network Protocol Schema
to make it OCP compliant and security-wise compliant as it is not
recommended to use from security perspective.
Tested:
1. Tested using GET:
- https://bmc-ip/redfish/v1/Managers/bmc/NetworkProtocol
"HTTP": {
"Port": 0,
"ProtocolEnabled": false
}
2. Ran the Redfish validator and no new issues found.
Signed-off-by: Joshi-Mansi <mansi.joshi@linux.intel.com>
Change-Id: I5af368f4c87665ab827d99336aebf64bc351c4d1
| -rw-r--r-- | redfish-core/lib/network_protocol.hpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/redfish-core/lib/network_protocol.hpp b/redfish-core/lib/network_protocol.hpp index 340fd67984..03f7bf8b9b 100644 --- a/redfish-core/lib/network_protocol.hpp +++ b/redfish-core/lib/network_protocol.hpp @@ -200,6 +200,13 @@ class NetworkProtocol : public Node asyncResp->res.jsonValue["Status"]["HealthRollup"] = "OK"; asyncResp->res.jsonValue["Status"]["State"] = "Enabled"; + // HTTP is Mandatory attribute as per OCP Baseline Profile – v1.0.0, + // but from security perspective it is not recommended to use. + // Hence using protocolEnabled as false to make it OCP and security-wise + // compliant + asyncResp->res.jsonValue["HTTP"]["Port"] = 0; + asyncResp->res.jsonValue["HTTP"]["ProtocolEnabled"] = false; + for (auto& protocol : protocolToDBus) { asyncResp->res.jsonValue[protocol.first]["ProtocolEnabled"] = false; |