From 916f84c63e1ab926c111af4cd964adab5ba1696f Mon Sep 17 00:00:00 2001
From: Greg Tyler <gregtyler@users.noreply.github.com>
Date: Tue, 15 Oct 2024 16:59:29 +0100
Subject: [PATCH] Security and maintainability fixes (#269)

* Security and maintainability fixes

Use Alpine 3.19 for fixtures container: this contains the libexpat patch and others.

Move the properties file to the name used for cloud analysis (I'd previously used the one for CI analysis).

Some minor maintainability fixes that were easy to fix.

#patch

* Pin Python to 3.13

#patch
---
 sonar-project.properties => .sonarcloud.properties | 0
 fixtures/Dockerfile                                | 4 +---
 fixtures/lib/aws_auth.py                           | 4 ++--
 fixtures/static/js/uid-generator.mjs               | 2 --
 lambda/Dockerfile                                  | 2 +-
 5 files changed, 4 insertions(+), 8 deletions(-)
 rename sonar-project.properties => .sonarcloud.properties (100%)

diff --git a/sonar-project.properties b/.sonarcloud.properties
similarity index 100%
rename from sonar-project.properties
rename to .sonarcloud.properties
diff --git a/fixtures/Dockerfile b/fixtures/Dockerfile
index 10129a0f..baf88150 100644
--- a/fixtures/Dockerfile
+++ b/fixtures/Dockerfile
@@ -6,14 +6,12 @@ COPY fixtures/package.json package.json
 COPY fixtures/package-lock.json package-lock.json
 RUN npm ci --ignore-scripts
 
-FROM python:3-alpine3.17
+FROM python:3.13-alpine3.19
 
 WORKDIR /app
 
 COPY fixtures/requirements.txt requirements.txt
 RUN pip3 install -r requirements.txt
-#patch packages with issues
-RUN apk upgrade --no-cache libexpat
 
 COPY fixtures/app.py app.py
 COPY fixtures/lib lib
diff --git a/fixtures/lib/aws_auth.py b/fixtures/lib/aws_auth.py
index c27b8920..7f87badf 100644
--- a/fixtures/lib/aws_auth.py
+++ b/fixtures/lib/aws_auth.py
@@ -13,13 +13,13 @@ def __init__(self, boto3_session=boto3.Session()):
             self.session = boto3_session
 
     def get_headers(self, service = "execute-api", **request_config):
-        sigV4A = crt.auth.CrtS3SigV4AsymAuth(
+        sig_v4a = crt.auth.CrtS3SigV4AsymAuth(
             self.session.get_credentials(),
             service,
             os.environ.get("AWS_REGION", "eu-west-1"),
         )
         aws_req = awsrequest.AWSRequest(**request_config)
-        sigV4A.add_auth(aws_req)
+        sig_v4a.add_auth(aws_req)
         prepped = aws_req.prepare()
 
         return prepped.headers
diff --git a/fixtures/static/js/uid-generator.mjs b/fixtures/static/js/uid-generator.mjs
index 8298e36f..ec965755 100644
--- a/fixtures/static/js/uid-generator.mjs
+++ b/fixtures/static/js/uid-generator.mjs
@@ -27,8 +27,6 @@ export class UidGenerator {
 
       $parent.insertBefore($container, $module);
       $container.appendChild($module);
-
-      $parent = $container;
     }
 
     const $btn = document.createElement("button");
diff --git a/lambda/Dockerfile b/lambda/Dockerfile
index 6448bd88..838124e8 100644
--- a/lambda/Dockerfile
+++ b/lambda/Dockerfile
@@ -11,7 +11,7 @@ COPY ./internal /app/internal
 ARG DIR
 COPY ./lambda/$DIR /app/lambda/$DIR
 
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -installsuffix cgo -o /go/bin/main ./lambda/$DIR
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -installsuffix cgo -o /go/bin/main "./lambda/$DIR"
 
 FROM alpine:3