From 84cd415875cd5080219750ba59032327857e3d83 Mon Sep 17 00:00:00 2001 From: doctorixx <61980858+windows-up@users.noreply.github.com> Date: Thu, 12 Jun 2025 20:18:16 +0300 Subject: [PATCH 1/2] security: fix remove system apps --- z_checkers_dockerfiles/CPP.Dockerfile | 2 ++ z_checkers_dockerfiles/Java.Dockerfile | 4 ++++ z_checkers_dockerfiles/Kumir.Dockerfile | 2 ++ z_checkers_dockerfiles/Pascal.Dockerfile | 2 ++ z_checkers_dockerfiles/Plaintext.Dockerfile | 2 +- z_checkers_dockerfiles/Python.Dockerfile | 4 ++-- 6 files changed, 13 insertions(+), 3 deletions(-) diff --git a/z_checkers_dockerfiles/CPP.Dockerfile b/z_checkers_dockerfiles/CPP.Dockerfile index 29c88d6..7a97757 100644 --- a/z_checkers_dockerfiles/CPP.Dockerfile +++ b/z_checkers_dockerfiles/CPP.Dockerfile @@ -29,4 +29,6 @@ ENV ENV_EXECUTOR_FILENAME main.cpp ENV ENV_EXECUTOR_WITH_FILENAME false ENV ENV_EXECUTOR_RUN_COMMAND "mv a.out hello && ./hello" +RUN chmod -R 555 /app && mkdir /app/adir && chattr +i /app/adir && chmod -R 557 /app/adir + ENTRYPOINT ["java","-jar","/usr/local/lib/demo.jar"] \ No newline at end of file diff --git a/z_checkers_dockerfiles/Java.Dockerfile b/z_checkers_dockerfiles/Java.Dockerfile index d2423b5..fee3f16 100644 --- a/z_checkers_dockerfiles/Java.Dockerfile +++ b/z_checkers_dockerfiles/Java.Dockerfile @@ -11,11 +11,15 @@ RUN mvn -f /home/app/pom.xml clean package # FROM alpine:20240329 +WORKDIR /app + RUN apk add openjdk17-jre ENV SERVER_ENDPOINT http://backend:8000/api/check_system_callback ENV ENV_EXECUTOR_ENABLE true +RUN chmod -R 555 /app && mkdir /app/adir && chattr +i /app/adir && chmod -R 557 /app/adir + COPY --from=build /home/app/target/ProgramCheckSystem-1.0-SNAPSHOT.jar /usr/local/lib/demo.jar EXPOSE 7070 ENTRYPOINT ["java","-jar","/usr/local/lib/demo.jar"] \ No newline at end of file diff --git a/z_checkers_dockerfiles/Kumir.Dockerfile b/z_checkers_dockerfiles/Kumir.Dockerfile index 79e60ce..66b1d8c 100644 --- a/z_checkers_dockerfiles/Kumir.Dockerfile +++ b/z_checkers_dockerfiles/Kumir.Dockerfile @@ -24,5 +24,7 @@ ENV ENV_EXECUTOR_WITH_FILENAME false ENV ENV_EXECUTOR_RUN_COMMAND "kumir2-xrun prog.kod" ENV ENV_EXECUTOR_WITH_BOM true +RUN chmod -R 555 /app && mkdir /app/adir && chattr +i /app/adir && chmod -R 557 /app/adir + EXPOSE 7070 ENTRYPOINT ["java","-jar","/usr/local/lib/demo.jar"] \ No newline at end of file diff --git a/z_checkers_dockerfiles/Pascal.Dockerfile b/z_checkers_dockerfiles/Pascal.Dockerfile index 1ba6497..e377eb9 100644 --- a/z_checkers_dockerfiles/Pascal.Dockerfile +++ b/z_checkers_dockerfiles/Pascal.Dockerfile @@ -29,4 +29,6 @@ ENV ENV_EXECUTOR_FILENAME main.pas ENV ENV_EXECUTOR_WITH_FILENAME false ENV ENV_EXECUTOR_RUN_COMMAND "./main" +RUN chmod -R 555 /app && mkdir /app/adir && chattr +i /app/adir && chmod -R 557 /app/adir + ENTRYPOINT ["java","-jar","/usr/local/lib/demo.jar"] \ No newline at end of file diff --git a/z_checkers_dockerfiles/Plaintext.Dockerfile b/z_checkers_dockerfiles/Plaintext.Dockerfile index 3f8bdf8..c5e90ab 100644 --- a/z_checkers_dockerfiles/Plaintext.Dockerfile +++ b/z_checkers_dockerfiles/Plaintext.Dockerfile @@ -33,7 +33,7 @@ ENV ENV_EXECUTOR_FILENAME main.txt ENV ENV_EXECUTOR_WITH_FILENAME false RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python -RUN chmod -R 777 /app +RUN chmod -R 555 /app && mkdir /app/adir && chattr +i /app/adir && chmod -R 557 /app/adir USER appuser diff --git a/z_checkers_dockerfiles/Python.Dockerfile b/z_checkers_dockerfiles/Python.Dockerfile index 2f413d3..597db17 100644 --- a/z_checkers_dockerfiles/Python.Dockerfile +++ b/z_checkers_dockerfiles/Python.Dockerfile @@ -32,7 +32,7 @@ ENV ENV_EXECUTOR_RUN_COMMAND python3 ENV ENV_EXECUTOR_FILENAME main.py RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python -RUN chmod -R 777 /app +RUN chmod -R 555 /app && mkdir /app/adir && chattr +i /app/adir && chmod -R 557 /app/adir USER appuser @@ -40,4 +40,4 @@ COPY --from=build /home/app/target/ProgramCheckSystem-1.0-SNAPSHOT.jar /app/main EXPOSE 7070 -ENTRYPOINT ["java","-jar","/app/main.jar"] \ No newline at end of file +ENTRYPOINT ["java","-jar","/app/main.jar"] From f11a064d7888b2125bed38fd5d57cfe02ae065d5 Mon Sep 17 00:00:00 2001 From: doctorixx <61980858+windows-up@users.noreply.github.com> Date: Fri, 13 Jun 2025 19:43:00 +0300 Subject: [PATCH 2/2] some languages fix build --- z_checkers_dockerfiles/CPP.Dockerfile | 2 -- z_checkers_dockerfiles/Kumir.Dockerfile | 2 -- z_checkers_dockerfiles/Pascal.Dockerfile | 2 -- 3 files changed, 6 deletions(-) diff --git a/z_checkers_dockerfiles/CPP.Dockerfile b/z_checkers_dockerfiles/CPP.Dockerfile index 7a97757..29c88d6 100644 --- a/z_checkers_dockerfiles/CPP.Dockerfile +++ b/z_checkers_dockerfiles/CPP.Dockerfile @@ -29,6 +29,4 @@ ENV ENV_EXECUTOR_FILENAME main.cpp ENV ENV_EXECUTOR_WITH_FILENAME false ENV ENV_EXECUTOR_RUN_COMMAND "mv a.out hello && ./hello" -RUN chmod -R 555 /app && mkdir /app/adir && chattr +i /app/adir && chmod -R 557 /app/adir - ENTRYPOINT ["java","-jar","/usr/local/lib/demo.jar"] \ No newline at end of file diff --git a/z_checkers_dockerfiles/Kumir.Dockerfile b/z_checkers_dockerfiles/Kumir.Dockerfile index 66b1d8c..79e60ce 100644 --- a/z_checkers_dockerfiles/Kumir.Dockerfile +++ b/z_checkers_dockerfiles/Kumir.Dockerfile @@ -24,7 +24,5 @@ ENV ENV_EXECUTOR_WITH_FILENAME false ENV ENV_EXECUTOR_RUN_COMMAND "kumir2-xrun prog.kod" ENV ENV_EXECUTOR_WITH_BOM true -RUN chmod -R 555 /app && mkdir /app/adir && chattr +i /app/adir && chmod -R 557 /app/adir - EXPOSE 7070 ENTRYPOINT ["java","-jar","/usr/local/lib/demo.jar"] \ No newline at end of file diff --git a/z_checkers_dockerfiles/Pascal.Dockerfile b/z_checkers_dockerfiles/Pascal.Dockerfile index e377eb9..1ba6497 100644 --- a/z_checkers_dockerfiles/Pascal.Dockerfile +++ b/z_checkers_dockerfiles/Pascal.Dockerfile @@ -29,6 +29,4 @@ ENV ENV_EXECUTOR_FILENAME main.pas ENV ENV_EXECUTOR_WITH_FILENAME false ENV ENV_EXECUTOR_RUN_COMMAND "./main" -RUN chmod -R 555 /app && mkdir /app/adir && chattr +i /app/adir && chmod -R 557 /app/adir - ENTRYPOINT ["java","-jar","/usr/local/lib/demo.jar"] \ No newline at end of file