Open
Description
| Wazuh | Splunk | Rev |
|---|---|---|
| 4.3 | 8.1.4 | 4301 |
Description
It's required to ensure that the timeout setting is on a valid state, this is, strictly greater than zero at least.
It's possible to set a zero or even negative value, which might set the application on an unuseful state. Fortunately, this is not happening as the Requests library already takes care of validating that no invalid timeout is used, but we need no enforce these checks on our side too, for a better UX and reliability.
This setting can be set either on the WUI, on the Configuration section, or directly on the configuration file, at /default/config.conf
In order to harden the App, this (and preferably every setting) must be validated on the frontend and on the backend.
- Frontend: no value lower than 1 can be set.
- Backend: if a value lower than zero is read, use a predefined value instead (i.e: 20 seconds)
Steps to reproduce
- Go to
Settings > Configuration - Edit the timeout setting.
- Observe that any value can be set, even negatives.
Screenshots
