-
Notifications
You must be signed in to change notification settings - Fork 546
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[anaconda]-auto install vuln pkgs from conda / pip (#1079)
* [anaconda]-auto install vuln pkgs from conda / pip * Misc change * for test runs fails * misc change * changes requested * minor change * MSG CHANGE * changes suggested * changes acc. to review comments.. * [anaconda] - changes as requested
- Loading branch information
1 parent
ac4f805
commit 1459344
Showing
2 changed files
with
58 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
#!/bin/bash | ||
|
||
vulnerable_packages=( "pydantic=2.5.3" "joblib=1.3.1" "mistune=3.0.1" "werkzeug=3.0.3" "transformers=4.36.0" "pillow=10.3.0" "aiohttp=3.9.4" \ | ||
"cryptography=42.0.4" "gitpython=3.1.41" "jupyter-lsp=2.2.2" "idna=3.7" "jinja2=3.1.4" "scrapy=2.11.2" ) | ||
|
||
# Define the number of rows (based on the length of vulnerable_packages) | ||
rows=${#vulnerable_packages[@]} | ||
|
||
# Define the number of columns | ||
cols=2 | ||
|
||
# Define the 2D array | ||
declare -A packages_array | ||
|
||
# Fill the 2D array | ||
for ((i=0; i<rows; i++)); do | ||
# Split each element of vulnerable_packages by the '=' sign | ||
IFS='=' read -ra parts <<< "${vulnerable_packages[$i]}" | ||
# Assign the parts to the 2D array | ||
packages_array[$i,0]=${parts[0]} | ||
packages_array[$i,1]=${parts[1]} | ||
done | ||
|
||
for ((i=0; i<rows; i++)); do | ||
CURRENT_VERSION=$(pip show "${packages_array[$i,0]}" --disable-pip-version-check | grep '^Version:' | awk '{print $2}') | ||
REQUIRED_VERSION="${packages_array[$i,1]}" | ||
GREATER_VERSION_A=$((echo ${REQUIRED_VERSION}; echo ${CURRENT_VERSION}) | sort -V | tail -1) | ||
# Check if the required_version is greater than current_version | ||
if [[ $CURRENT_VERSION != $GREATER_VERSION_A ]]; then | ||
echo "${packages_array[$i,0]} version v${CURRENT_VERSION} installed by the base image is not greater or equal to the required: v${REQUIRED_VERSION}" | ||
# Check whether conda channel has a greater or equal version available, so install from conda, otherwise use pip package manager | ||
channel_name="anaconda" | ||
CONDA_VERSION=$(conda search --override-channels "${packages_array[$i,0]}" -c "$channel_name" | \ | ||
grep -E '^[[:alnum:]]' | \ | ||
awk '{print $2}' | \ | ||
sort -V | \ | ||
uniq | \ | ||
tail -n 2 | \ | ||
head -n 1) | ||
if [[ -z "$CONDA_VERSION" ]]; then | ||
echo "No version for ${packages_array[$i,0]} found in conda channel." | ||
CONDA_VERSION="0" | ||
fi | ||
GREATER_VERSION_B=$((echo ${REQUIRED_VERSION}; echo ${CONDA_VERSION}) | sort -V | tail -1) | ||
if [[ $CONDA_VERSION == $GREATER_VERSION_B ]]; then | ||
echo -e "Found Version v${CONDA_VERSION} in the Conda channel which is greater than or equal to the required version: v${REQUIRED_VERSION}. \n"; | ||
echo "Installing ${packages_array[$i,0]} from source from conda channel for v${REQUIRED_VERSION}..." | ||
conda install "${packages_array[$i,0]}==${CONDA_VERSION}" | ||
elif [[ $REQUIRED_VERSION == $GREATER_VERSION_B ]]; then | ||
echo -e "Required version: v${REQUIRED_VERSION} is greater than the version found in the Conda channel v${CONDA_VERSION}. \n"; | ||
echo "Installing ${packages_array[$i,0]} from source from pip package manager for v${REQUIRED_VERSION}..." | ||
python3 -m pip install --upgrade --no-cache-dir "${packages_array[$i,0]}==${REQUIRED_VERSION}" | ||
fi | ||
fi | ||
done |