security updates

checkmarx-ts · Apr 11, 2024 · 3b70659 · 3b70659
1 parent c2c65bc
commit 3b70659
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 7 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,11 +1,13 @@
-FROM python:3.12
+FROM ubuntu:24.04
 LABEL org.opencontainers.image.source https://github.com/checkmarx-ts/cxone-scan-scheduler
 LABEL org.opencontainers.image.vendor Checkmarx Professional Services
 LABEL org.opencontainers.image.title Checkmarx One Scan Scheduler
 LABEL org.opencontainers.image.description Schedules scans for projects in Checkmarx One
 
 
-RUN apt-get update && apt-get install -y cron && apt-get clean && \
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends tzdata && \
+    apt-get install -y cron python3.12 python3-pip python3-debugpy bash && \
     usermod -s /bin/bash nobody && \
     mkdir -p /opt/cxone && \
     mkfifo /opt/cxone/logfifo && \
@@ -14,8 +16,12 @@ RUN apt-get update && apt-get install -y cron && apt-get clean && \
 
 WORKDIR /opt/cxone
 COPY *.txt /opt/cxone
-RUN pip install debugpy && pip install -r requirements.txt
 
+RUN pip install -r requirements.txt --break-system-packages && \
+    apt-get remove -y perl && \
+    apt-get autoremove -y && \
+    apt-get clean && \
+    dpkg --purge $(dpkg --get-selections | grep deinstall | cut -f1)
 
 COPY cxone_api /opt/cxone/cxone_api
 COPY logic /opt/cxone/logic

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -13,4 +13,4 @@ fi
 
 service cron start > /dev/null 2>&1
 
-python $@
+python3 $@
diff --git a/scanner.py b/scanner.py
@@ -1,4 +1,4 @@
-#!/usr/local/bin/python
+#!/usr/bin/python3
 import logging, argparse, utils, asyncio
 from cxone_api import CxOneClient
 from posix_ipc import Semaphore, BusyError, O_CREAT

diff --git a/scheduler.py b/scheduler.py
@@ -1,4 +1,4 @@
-#!/usr/local/bin/python
+#!/usr/bin/python3
 import sys, os, logging, utils
 
 if sys.argv[0].lower().startswith("audit"):
@@ -94,7 +94,8 @@ def skipped_entry_cb(project_id, reason):
 
             for entry in (await Scheduler.audit(client, default_schedule, group_schedules, policies, skipped_entry_cb)).values():
                 for sched in entry:
-                    print(f'"{sched.project_id}","SCHEDULED","{str(sched).replace("'", "")}"')
+                    clean_sched = str(sched).replace("'", "")
+                    print(f'"{sched.project_id}","SCHEDULED","{clean_sched}"')
 
         if is_audit:
             asyncio.run(audit())