From b540bd7d48b9a3b3f2d1538d2cad846ab01c92ea Mon Sep 17 00:00:00 2001
From: Binyang Li <binyli@microsoft.com>
Date: Thu, 6 Jun 2024 07:50:54 +0000
Subject: [PATCH] Fix security issue

---
 src/rest-server/package.json          |  1 -
 src/rest-server/src/config/express.js |  6 ----
 src/rest-server/yarn.lock             | 40 ++++++++++++++++++---------
 3 files changed, 27 insertions(+), 20 deletions(-)

diff --git a/src/rest-server/package.json b/src/rest-server/package.json
index aa439c0682..9df11af293 100644
--- a/src/rest-server/package.json
+++ b/src/rest-server/package.json
@@ -60,7 +60,6 @@
     "sequelize": "^5.21.3",
     "ssh-keygen": "~0.4.2",
     "statuses": "~1.5.0",
-    "swagger-ui-express": "^4.1.2",
     "unirest": "^0.6.0",
     "url-join": "^4.0.1",
     "winston": "~2.4.0",
diff --git a/src/rest-server/src/config/express.js b/src/rest-server/src/config/express.js
index 675d8a1ea2..9c24578534 100644
--- a/src/rest-server/src/config/express.js
+++ b/src/rest-server/src/config/express.js
@@ -18,13 +18,11 @@
 // module dependencies
 const fs = require('fs');
 const cors = require('cors');
-const yaml = require('js-yaml');
 const morgan = require('morgan');
 const express = require('express');
 const compress = require('compression');
 const bodyParser = require('body-parser');
 const cookieParser = require('cookie-parser');
-const swaggerUi = require('swagger-ui-express');
 const config = require('@pai/config');
 const logger = require('@pai/config/logger');
 const authnConfig = require('@pai/config/authn');
@@ -63,10 +61,6 @@ app.use('/api/v2', routers.v2);
 // mount all internal APIs to /api/internal
 app.use('/api/internal', routers.internal);
 
-// create OpenAPI docs
-const swaggerSpec = yaml.safeLoad(fs.readFileSync('./docs/swagger.yaml'));
-app.use('/api/docs', swaggerUi.serve, swaggerUi.setup(swaggerSpec));
-
 // catch 404 and forward to error handler
 app.use((req, res, next) => {
   next(createError('Not Found', 'NoApiError', `API ${req.url} is not found.`));
diff --git a/src/rest-server/yarn.lock b/src/rest-server/yarn.lock
index 71f31145da..278ff06716 100644
--- a/src/rest-server/yarn.lock
+++ b/src/rest-server/yarn.lock
@@ -455,6 +455,13 @@ array.prototype.flat@^1.2.3:
     define-properties "^1.1.3"
     es-abstract "^1.17.0-next.1"
 
+asn1@^0.2.4:
+  version "0.2.6"
+  resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.6.tgz#0d3a7bb6e64e02a90c0303b31f292868ea09a08d"
+  integrity sha512-ix/FxPn0MDjeyJ7i/yoHGFt/EX6LyNbxSEhPPXODPL+KB0VPk86UYfL0lMdy+KCnv+fmvIzySwaK5COwqVbWTQ==
+  dependencies:
+    safer-buffer "~2.1.0"
+
 asn1@~0.2.3:
   version "0.2.4"
   resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.4.tgz#8d2475dfab553bb33e77b54e59e880bb8ce23136"
@@ -2393,11 +2400,23 @@ minimatch@^3.0.4:
   dependencies:
     brace-expansion "^1.1.7"
 
+minimist@0.0.8:
+  version "0.0.8"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d"
+  integrity sha512-miQKw5Hv4NS1Psg2517mV4e4dYNaO3++hjAvLOAzKqZ61rH8NS1SK+vbfBWZ5PY/Me/bEWhUwqMghEW5Fb9T7Q==
+
 minimist@^1.2.0, minimist@^1.2.5, minimist@^1.2.6:
   version "1.2.6"
   resolved "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz"
   integrity sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==
 
+mkdirp@0.5.1:
+  version "0.5.1"
+  resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.1.tgz#30057438eac6cf7f8c4767f38648d6697d75c903"
+  integrity sha512-SknJC52obPfGQPnjIkXbmA6+5H15E+fR+E4iR2oQ3zzCLbd7/ONua69R/Gw7AgkTLsRG+r5fzksYwWe1AgTyWA==
+  dependencies:
+    minimist "0.0.8"
+
 mkdirp@^0.5.0, mkdirp@^0.5.1:
   version "0.5.6"
   resolved "https://registry.yarnpkg.com/mkdirp/-/mkdirp-0.5.6.tgz#7def03d2432dcae4ba1d611445c48396062255f6"
@@ -2417,7 +2436,7 @@ mocha@~5.0.0:
     glob "7.1.2"
     growl "1.10.3"
     he "1.1.1"
-    mkdirp "^0.5.1"
+    mkdirp "0.5.1"
     supports-color "4.4.0"
 
 module-alias@^2.2.0:
@@ -2526,6 +2545,13 @@ node-jose@^1.1.0:
     node-forge "^0.8.1"
     uuid "^3.3.2"
 
+node-rsa@~1.1.1:
+  version "1.1.1"
+  resolved "https://registry.yarnpkg.com/node-rsa/-/node-rsa-1.1.1.tgz#efd9ad382097782f506153398496f79e4464434d"
+  integrity sha512-Jd4cvbJMryN21r5HgxQOpMEqv+ooke/korixNNK3mGqfGJmy0M77WDDzo/05969+OkMy3XW1UuZsSmW9KQm7Fw==
+  dependencies:
+    asn1 "^0.2.4"
+
 normalize-package-data@^2.3.2:
   version "2.4.0"
   resolved "https://registry.yarnpkg.com/normalize-package-data/-/normalize-package-data-2.4.0.tgz#12f95a307d58352075a04907b84ac8be98ac012f"
@@ -3617,18 +3643,6 @@ supports-preserve-symlinks-flag@^1.0.0:
   resolved "https://registry.yarnpkg.com/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz#6eda4bd344a3c94aea376d4cc31bc77311039e09"
   integrity sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==
 
-swagger-ui-dist@^3.18.1:
-  version "3.24.3"
-  resolved "https://registry.yarnpkg.com/swagger-ui-dist/-/swagger-ui-dist-3.24.3.tgz#99754d11b0ddd314a1a50db850acb415e4b0a0c6"
-  integrity sha512-kB8qobP42Xazaym7sD9g5mZuRL4416VIIYZMqPEIskkzKqbPLQGEiHA3ga31bdzyzFLgr6Z797+6X1Am6zYpbg==
-
-swagger-ui-express@^4.1.2:
-  version "4.1.2"
-  resolved "https://registry.yarnpkg.com/swagger-ui-express/-/swagger-ui-express-4.1.2.tgz#fa4ca5337bce207c760a0b9340348159ebf8ffa4"
-  integrity sha512-bVT16qj6WdNlEKFkSLOoTeGuqEm2lfOFRq6mVHAx+viA/ikORE+n4CS3WpVcYmQzM4HE6+DUFgAWcMRBJNpjcw==
-  dependencies:
-    swagger-ui-dist "^3.18.1"
-
 table@^5.2.3:
   version "5.4.6"
   resolved "https://registry.yarnpkg.com/table/-/table-5.4.6.tgz#1292d19500ce3f86053b05f0e8e7e4a3bb21079e"