You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
LGTM is currently reporting two potential issues in server.ts which it flags as "security" related. We should analyze these and determine either a fix, or possibly tell LGTM to ignore the issue (if it is determined to not be an issue for DSpace).
The issues in server.ts are listed as the top two issues in this list:
1. There's no rate limiter on our express server, which makes it vulnerable to DOS attacks
We discussed this before. Since it is fairly easy to add a rate limiter in node. I propose we add it, and make it optional based on config in environment.ts, but enabled by default.
2. There's a line that disables certificate validation
That line is only executed when you enable SSL for the UI, but don't have a certificate, in which case certificate validation will be disabled and a self signed certificate will be used. I suggest we add a warning in the server output to make it more clear that the certificate can't be found and suppress this LGTM warning
LGTM is currently reporting two potential issues in
server.ts
which it flags as "security" related. We should analyze these and determine either a fix, or possibly tell LGTM to ignore the issue (if it is determined to not be an issue for DSpace).The issues in
server.ts
are listed as the top two issues in this list:The text was updated successfully, but these errors were encountered: