From fefb16d1b6a5c45c49657a1b2ec791a8ffd11cb7 Mon Sep 17 00:00:00 2001 From: Greg Tyler Date: Tue, 15 Oct 2024 15:57:59 +0100 Subject: [PATCH] Security and maintainability fixes Use Alpine 3.19 for fixtures container: this contains the libexpat patch and others. Move the properties file to the name used for cloud analysis (I'd previously used the one for CI analysis). Some minor maintainability fixes that were easy to fix. #patch --- sonar-project.properties => .sonarcloud.properties | 0 fixtures/Dockerfile | 4 +--- fixtures/lib/aws_auth.py | 4 ++-- fixtures/static/js/uid-generator.mjs | 2 -- lambda/Dockerfile | 2 +- 5 files changed, 4 insertions(+), 8 deletions(-) rename sonar-project.properties => .sonarcloud.properties (100%) diff --git a/sonar-project.properties b/.sonarcloud.properties similarity index 100% rename from sonar-project.properties rename to .sonarcloud.properties diff --git a/fixtures/Dockerfile b/fixtures/Dockerfile index 10129a0f..8925c406 100644 --- a/fixtures/Dockerfile +++ b/fixtures/Dockerfile @@ -6,14 +6,12 @@ COPY fixtures/package.json package.json COPY fixtures/package-lock.json package-lock.json RUN npm ci --ignore-scripts -FROM python:3-alpine3.17 +FROM python:3-alpine3.19 WORKDIR /app COPY fixtures/requirements.txt requirements.txt RUN pip3 install -r requirements.txt -#patch packages with issues -RUN apk upgrade --no-cache libexpat COPY fixtures/app.py app.py COPY fixtures/lib lib diff --git a/fixtures/lib/aws_auth.py b/fixtures/lib/aws_auth.py index c27b8920..7f87badf 100644 --- a/fixtures/lib/aws_auth.py +++ b/fixtures/lib/aws_auth.py @@ -13,13 +13,13 @@ def __init__(self, boto3_session=boto3.Session()): self.session = boto3_session def get_headers(self, service = "execute-api", **request_config): - sigV4A = crt.auth.CrtS3SigV4AsymAuth( + sig_v4a = crt.auth.CrtS3SigV4AsymAuth( self.session.get_credentials(), service, os.environ.get("AWS_REGION", "eu-west-1"), ) aws_req = awsrequest.AWSRequest(**request_config) - sigV4A.add_auth(aws_req) + sig_v4a.add_auth(aws_req) prepped = aws_req.prepare() return prepped.headers diff --git a/fixtures/static/js/uid-generator.mjs b/fixtures/static/js/uid-generator.mjs index 8298e36f..ec965755 100644 --- a/fixtures/static/js/uid-generator.mjs +++ b/fixtures/static/js/uid-generator.mjs @@ -27,8 +27,6 @@ export class UidGenerator { $parent.insertBefore($container, $module); $container.appendChild($module); - - $parent = $container; } const $btn = document.createElement("button"); diff --git a/lambda/Dockerfile b/lambda/Dockerfile index 6448bd88..838124e8 100644 --- a/lambda/Dockerfile +++ b/lambda/Dockerfile @@ -11,7 +11,7 @@ COPY ./internal /app/internal ARG DIR COPY ./lambda/$DIR /app/lambda/$DIR -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -installsuffix cgo -o /go/bin/main ./lambda/$DIR +RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -installsuffix cgo -o /go/bin/main "./lambda/$DIR" FROM alpine:3