NFR - Directory or path traversal vulnerabilities must be prohibited #1666
DanielaWuensch
started this conversation in
Ideas
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Feature Request
Non functional requirement - Directory or path traversal vulnerabilities must be prohibited
As a company, which operates the EDC, I want to ensure that no directory or path traversals are possible over the exposed EDC APIs.
Documentation - Recommended EDC setup with a definition of intended and unintended endpoint access. Check agains Open-API guidelines and define those for endpoints that still miss those guidelines (i.e. Validation Endpoint)
Which Areas Would Be Affected?
all, including DPF, CI, build, transfer, etc._
Why Is the Feature Desired?
Security Requirement
Solution Proposal
Documentation - recommended EDC setup regarding roles and rights.
Documentation - definition of unintended & intended endpoints.
For every unintended endpoint (i.e. validation API) should respond with an adequate Error-Code.
For every intended/supported endpoint there should be a role/rights protecting this endpoint.
Type of Issue
non-functional requirement
Checklist
Documentation - recommended EDC setup regarding roles and rights.
Documentation - definition of unintended & intended endpoints.
For every unintended endpoint (i.e. validation API) should respond with an adequate Error-Code.
For every intended/supported endpoint there should be a role/rights protecting this endpoint.
Beta Was this translation helpful? Give feedback.
All reactions