Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-webui / 1548677275eb39a0c29d188bcb3acd0515236dd4
commit1548677275eb39a0c29d188bcb3acd0515236dd4[log] [tgz]
authorGunnar Mills <gmills@us.ibm.com>Fri May 03 15:53:06 2019 -0500
committerGunnar Mills <gmills@us.ibm.com>Fri May 03 16:53:52 2019 -0500
tree7ed4de2821e720a214df58a05b10fa046d03d281
parent615a2f896951643ae32e35b308e9bff649caf331 [diff]
NPM update to partially address vulnerability

Observed this security vulnerability in the phosphor-webui
repo on GitHub:
"We found a potential security vulnerability in one of your
dependencies.
 tar
 Upgrade tar to version 4.4.2 or later."

See https://nvd.nist.gov/vuln/detail/CVE-2018-20834
for more information.
Ran "NPM update" && "npm install tar@latest --save".

Unfortunately, this only addresses one of the packages
that uses tar, the other, node-sass, has not published a
release to fix this vulnerability.
See https://github.com/sass/node-sass/issues/2625
Not a easy fix for node-sass.

Opened
https://github.com/openbmc/phosphor-webui/issues/85
to track this work.

Tested: Built the GUI and loaded it on a Witherspoon. No
        regressions observed.

Change-Id: I9e06d77a03dff4a3d12f472fd18671cc8c41fcd4
Signed-off-by: Gunnar Mills <gmills@us.ibm.com>
2 files changed
tree: 7ed4de2821e720a214df58a05b10fa046d03d281
  1. app/
  2. .babelrc
  3. .clang-format
  4. .gitignore
  5. config.json
  6. format-code.sh
  7. karma.conf.js
  8. LICENSE
  9. MAINTAINERS
  10. package-lock.json
  11. package.json
  12. postcss.config.js
  13. README.md
  14. sonar-project.properties
  15. webpack.config.js
README.md

OpenBMC Web User Interface

The OpenBMC WebUI is a Web-based user interface for the OpenBMC firmware stack. The WebUI uses AngularJS. Features include:

  • View system overview data such as model information and serial number
  • View and manage event logs
  • View inventory data
  • View sensor data
  • Power On/Off server operations
  • Reboot BMC
  • Manage and update BMC and Host firmware
  • IPv4 network settings
  • SoL console

Requirements

nodejs (>= 4.2.6) npm (>= 5.6.0)

Note The default installation of your Linux distro may not come with the required versions above. See the following for more information on updating:

https://docs.npmjs.com/troubleshooting/try-the-latest-stable-version-of-node https://docs.npmjs.com/troubleshooting/try-the-latest-stable-version-of-npm

Installation

npm install

Note This must be run from within the phosphor-webui git repository.

Running locally

npm run-script server

This will start a server instance and begin listening for connections at http://localhost:8080. This development server provides live reloading on code changes. NOTE: Browsing to https://<BMC> and accepting the self-signed certificate might be required to prevent your browser from blocking traffic to the BMC.

Logging in

Enter the BMC Host or BMC IP address, username, and password. The default username and password are root/0penBmc.

Note that some OpenBMC implementations use bmcweb for its backend. For security reasons, bmcweb will need to be recompiled and loaded onto the target BMC Host before the above redirect command will work. The option to turn on within bmcweb is BMCWEB_INSECURE_DISABLE_XSS_PREVENTION.