sasheg/launcher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Server: Fix /docs endpoint - allow openapi.json and swagger

Browse Source 
- Remove openapi.json, swagger-ui, api/docs from suspicious paths
- Fix is_suspicious_path() to allow swagger/openapi patterns
This commit is contained in:
SashegDev
2026-05-07 17:48:54 +00:00
parent 50080d890f
commit 1199ca9e21
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/middleware.py
+1 -2
View File
@@ -69,7 +69,6 @@ SUSPICIOUS_PATHS = {
"manage/env", "admin/env", "env", "manage/env", "admin/env", "env",
"actuator/env/aws", "actuator/env/cloud", "actuator/env/aws", "actuator/env/cloud",
"_layouts/15/", "_layouts/15/ToolPane.aspx", "_layouts/15/", "_layouts/15/ToolPane.aspx",
"swagger-ui", "api/docs", "openapi.json",
"wp-admin", "wp-login.php", "wordpress", "wp-admin", "wp-login.php", "wordpress",
"administrator", "phpmyadmin", "administrator", "phpmyadmin",
".git", ".svn", ".hg", ".git", ".svn", ".hg",
@@ -117,7 +116,7 @@ def is_suspicious_path(path: str) -> bool:
# Contains suspicious patterns # Contains suspicious patterns
suspicious_patterns = [ suspicious_patterns = [
".env", "phpinfo", "actuator", "wp-", "phpmyadmin", ".env", "phpinfo", "actuator", "wp-", "phpmyadmin",
".git", ".svn", "swagger", "openapi", ".git", ".svn",
] ]
for pattern in suspicious_patterns: for pattern in suspicious_patterns: