fix(security): vulnerabilities found in fabric2-all-in-one

Fixes #2057 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
hyperledger · May 5, 2023 · f77e6c4 · f77e6c4
1 parent 839177c
commit f77e6c4
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 16 deletions.
diff --git a/...fabric/src/test/typescript/integration/fabric-v2-2-x/deploy-cc-from-golang-source.test.ts b/...fabric/src/test/typescript/integration/fabric-v2-2-x/deploy-cc-from-golang-source.test.ts
@@ -59,7 +59,11 @@ test(testCase, async (t: Test) => {
     emitContainerLogs: true,
     publishAllPorts: true,
     imageName: "ghcr.io/hyperledger/cactus-fabric2-all-in-one",
-    envVars: new Map([["FABRIC_VERSION", "2.2.0"]]),
+    envVars: new Map([
+      ["FABRIC_VERSION", "2.4.4"],
+      ["CA_VERSION", "1.5.3"],
+    ]),
+    imageVersion: "latest",
     logLevel,
   });
 

diff --git a/...-fabric/src/test/typescript/integration/fabric-v2-2-x/run-transaction-endpoint-v1.test.ts b/...-fabric/src/test/typescript/integration/fabric-v2-2-x/run-transaction-endpoint-v1.test.ts
@@ -62,8 +62,8 @@ describe(testCase, () => {
     imageName: "ghcr.io/hyperledger/cactus-fabric2-all-in-one",
     imageVersion: "2021-09-02--fix-876-supervisord-retries",
     envVars: new Map([
-      ["FABRIC_VERSION", "2.2.0"],
-      ["CA_VERSION", "1.4.9"],
+      ["FABRIC_VERSION", "2.4.4"],
+      ["CA_VERSION", "1.5.3"],
     ]),
   });
   let addressInfo,
@@ -225,8 +225,8 @@ describe(testCase, () => {
       const assets = JSON.parse(res.data.functionOutput);
       const asset277 = assets.find((c: { ID: string }) => c.ID === assetId);
       expect(asset277).toBeTruthy();
-      expect(asset277.owner).toBeTruthy();
-      expect(asset277.owner).toEqual(assetOwner);
+      expect(asset277.Owner).toBeTruthy();
+      expect(asset277.Owner).toEqual(assetOwner);
     }
 
     {
@@ -299,8 +299,8 @@ describe(testCase, () => {
       const assets = JSON.parse(res.data.functionOutput);
       const asset277 = assets.find((c: { ID: string }) => c.ID === assetId);
       expect(asset277).toBeTruthy();
-      expect(asset277.owner).toBeTruthy();
-      expect(asset277.owner).toEqual(assetOwner);
+      expect(asset277.Owner).toBeTruthy();
+      expect(asset277.Owner).toEqual(assetOwner);
     }
   });
 });
diff --git a/...ric/src/test/typescript/integration/fabric-v2-2-x/run-transaction-with-identities.test.ts b/...ric/src/test/typescript/integration/fabric-v2-2-x/run-transaction-with-identities.test.ts
@@ -42,7 +42,11 @@ test("run-transaction-with-identities", async (t: Test) => {
     emitContainerLogs: true,
     publishAllPorts: true,
     imageName: "ghcr.io/hyperledger/cactus-fabric2-all-in-one",
-    envVars: new Map([["FABRIC_VERSION", "2.2.0"]]),
+    envVars: new Map([
+      ["FABRIC_VERSION", "2.4.4"],
+      ["CA_VERSION", "1.5.3"],
+    ]),
+    imageVersion: "latest",
     logLevel,
   });
 
@@ -362,7 +366,7 @@ test("run-transaction-with-identities", async (t: Test) => {
       });
       t.true(resp.success);
       const asset = JSON.parse(resp.functionOutput);
-      t.equal(asset.owner, "client2");
+      t.equal(asset.Owner, "client2");
     }
     t.end();
   });

diff --git a/tools/docker/fabric-all-in-one/Dockerfile_v2.x b/tools/docker/fabric-all-in-one/Dockerfile_v2.x
@@ -1,11 +1,12 @@
 # We need to use the older, more stable v18 here because of
 # https://github.com/docker-library/docker/issues/170
-FROM docker:20.10.3-dind
+FROM docker:20.10.17-dind
 
-ARG FABRIC_VERSION=2.2.0
-ARG CA_VERSION=1.4.9
+ARG FABRIC_VERSION=2.4.4
+ARG CA_VERSION=1.5.3
 ARG COUCH_VERSION_FABRIC=0.4
-ARG COUCH_VERSION=3.1.1
+ARG COUCH_VERSION=3.2.2
+ARG FABRIC_NODEENV=2.4.2
 
 WORKDIR /
 
@@ -46,8 +47,8 @@ RUN apk add --no-cache file
 RUN apk add --no-cache npm nodejs
 
 # Download and setup path variables for Go
-RUN wget https://golang.org/dl/go1.15.5.linux-amd64.tar.gz
-RUN tar -xvf go1.15.5.linux-amd64.tar.gz
+RUN wget https://golang.org/dl/go1.18.3.linux-amd64.tar.gz
+RUN tar -xvf go1.18.3.linux-amd64.tar.gz
 RUN mv go /usr/local
 ENV GOROOT=/usr/local/go
 ENV GOPATH=/usr/local/go
@@ -62,6 +63,8 @@ RUN apk add --no-cache libc6-compat
 ENV CACTUS_CFG_PATH=/etc/hyperledger/cactus
 RUN mkdir -p $CACTUS_CFG_PATH
 # OpenSSH - need to have it so we can shell in and install/instantiate contracts
+RUN apk update
+RUN apk add --upgrade openssh-client-common openssh-keygen
 RUN apk add --no-cache openssh augeas
 
 # Configure the OpenSSH server we just installed
@@ -149,7 +152,7 @@ RUN mkdir -p /etc/couchdb/
 RUN /download-frozen-image-v2.sh /etc/hyperledger/fabric/fabric-peer/ hyperledger/fabric-peer:${FABRIC_VERSION}
 RUN /download-frozen-image-v2.sh /etc/hyperledger/fabric/fabric-orderer/ hyperledger/fabric-orderer:${FABRIC_VERSION}
 RUN /download-frozen-image-v2.sh /etc/hyperledger/fabric/fabric-ccenv/ hyperledger/fabric-ccenv:${FABRIC_VERSION}
-RUN /download-frozen-image-v2.sh /etc/hyperledger/fabric/fabric-nodeenv/ hyperledger/fabric-nodeenv:${FABRIC_VERSION}
+RUN /download-frozen-image-v2.sh /etc/hyperledger/fabric/fabric-nodeenv/ hyperledger/fabric-nodeenv:${FABRIC_NODEENV}
 RUN /download-frozen-image-v2.sh /etc/hyperledger/fabric/fabric-tools/ hyperledger/fabric-tools:${FABRIC_VERSION}
 RUN /download-frozen-image-v2.sh /etc/hyperledger/fabric/fabric-baseos/ hyperledger/fabric-baseos:${FABRIC_VERSION}
 RUN /download-frozen-image-v2.sh /etc/hyperledger/fabric/fabric-ca/ hyperledger/fabric-ca:${CA_VERSION}