diff options
author | Joshi-Mansi <mansi.joshi@linux.intel.com> | 2020-03-11 12:04:53 +0300 |
---|---|---|
committer | mansi.joshi <mansi.joshi@linux.intel.com> | 2020-03-14 11:56:05 +0300 |
commit | 818ea7b8f06292eaaa82ba67ef21933f50d71192 (patch) | |
tree | 7c8ca14a35efc0a802b63ae5e3596826f15d9d27 /redfish-core/lib/network_protocol.hpp | |
parent | 831d6b093dfba0dc39257a1741ff5f4788a3ee0e (diff) | |
download | bmcweb-818ea7b8f06292eaaa82ba67ef21933f50d71192.tar.xz |
[Redfish-Net Protocol] Making HTTP OCP Compliant
Making HTTP protocolEnabled as false in Manager Network Protocol Schema
to make it OCP compliant and security-wise compliant as it is not
recommended to use from security perspective.
Tested:
1. Tested using GET:
- https://bmc-ip/redfish/v1/Managers/bmc/NetworkProtocol
"HTTP": {
"Port": 0,
"ProtocolEnabled": false
}
2. Ran the Redfish validator and no new issues found.
Signed-off-by: Joshi-Mansi <mansi.joshi@linux.intel.com>
Change-Id: I5af368f4c87665ab827d99336aebf64bc351c4d1
Diffstat (limited to 'redfish-core/lib/network_protocol.hpp')
-rw-r--r-- | redfish-core/lib/network_protocol.hpp | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/redfish-core/lib/network_protocol.hpp b/redfish-core/lib/network_protocol.hpp index 340fd67984..03f7bf8b9b 100644 --- a/redfish-core/lib/network_protocol.hpp +++ b/redfish-core/lib/network_protocol.hpp @@ -200,6 +200,13 @@ class NetworkProtocol : public Node asyncResp->res.jsonValue["Status"]["HealthRollup"] = "OK"; asyncResp->res.jsonValue["Status"]["State"] = "Enabled"; + // HTTP is Mandatory attribute as per OCP Baseline Profile – v1.0.0, + // but from security perspective it is not recommended to use. + // Hence using protocolEnabled as false to make it OCP and security-wise + // compliant + asyncResp->res.jsonValue["HTTP"]["Port"] = 0; + asyncResp->res.jsonValue["HTTP"]["ProtocolEnabled"] = false; + for (auto& protocol : protocolToDBus) { asyncResp->res.jsonValue[protocol.first]["ProtocolEnabled"] = false; |