commit 818ea7b8f06292eaaa82ba67ef21933f50d71192
author Joshi-Mansi <mansi.joshi@linux.intel.com> Wed Mar 11 14:34:53 2020 +0530
committer mansi.joshi <mansi.joshi@linux.intel.com> Sat Mar 14 08:56:05 2020 +0000
tree 7c8ca14a35efc0a802b63ae5e3596826f15d9d27
parent 831d6b093dfba0dc39257a1741ff5f4788a3ee0e

[Redfish-Net Protocol] Making HTTP OCP Compliant

Making HTTP protocolEnabled as false in Manager Network Protocol Schema
to make it OCP compliant and security-wise compliant as it is not
recommended to use from security perspective.

Tested:
1. Tested using GET:
- https://bmc-ip/redfish/v1/Managers/bmc/NetworkProtocol
  "HTTP": {
    "Port": 0,
    "ProtocolEnabled": false
  }

2. Ran the Redfish validator and no new issues found.

Signed-off-by: Joshi-Mansi <mansi.joshi@linux.intel.com>
Change-Id: I5af368f4c87665ab827d99336aebf64bc351c4d1

redfish-core/lib/network_protocol.hpp

diff --git a/redfish-core/lib/network_protocol.hpp b/redfish-core/lib/network_protocol.hpp
index 340fd67..03f7bf8 100644
--- a/redfish-core/lib/network_protocol.hpp
+++ b/redfish-core/lib/network_protocol.hpp
@@ -200,6 +200,13 @@
         asyncResp->res.jsonValue["Status"]["HealthRollup"] = "OK";
         asyncResp->res.jsonValue["Status"]["State"] = "Enabled";
 
+        // HTTP is Mandatory attribute as per OCP Baseline Profile – v1.0.0,
+        // but from security perspective it is not recommended to use.
+        // Hence using protocolEnabled as false to make it OCP and security-wise
+        // compliant
+        asyncResp->res.jsonValue["HTTP"]["Port"] = 0;
+        asyncResp->res.jsonValue["HTTP"]["ProtocolEnabled"] = false;
+
         for (auto& protocol : protocolToDBus)
         {
             asyncResp->res.jsonValue[protocol.first]["ProtocolEnabled"] = false;