merged two containerfiles (mostly replaced with Containerfle.multiuse…

…r) (#114)

containerize/Containerfile

@@ -5,54 +5,52 @@
 # build and install scanners in advance (more scanners will be added)
 FROM registry.access.redhat.com/ubi9-minimal
 
-RUN microdnf install -y procps tar gzip shadow-utils java-11-openjdk
+RUN microdnf install -y procps tar gzip shadow-utils java-11-openjdk git
 
 ## ZAP
+RUN mkdir /opt/zap
 RUN mkdir -p /tmp/zap
 RUN curl -sfL https://github.com/zaproxy/zaproxy/releases/download/v2.12.0/ZAP_2.12.0_Linux.tar.gz | tar zxvf - -C /tmp/zap
-RUN mv -T /tmp/zap/ZAP_2.12.0 /zap
+RUN mv -T /tmp/zap/ZAP_2.12.0 /opt/zap
+ENV PATH $PATH:/opt/zap/:/opt/rapidast/
 
+### Update add-ons
+RUN zap.sh -cmd -silent -addonupdate
+### Copy them to installation directory
+RUN cp /root/.ZAP/plugin/*.zap /opt/zap/plugin/ || :
 
-# Set up for RapiDAST
-RUN useradd -u 1000 -d /home/rapidast -m -s /bin/bash rapidast
-RUN echo rapidast:rapidast | chpasswd
 
-COPY ./rapidast.py /home/rapidast/
-COPY ./scanners/ /home/rapidast/scanners/
-COPY ./tools/ /home/rapidast/tools/
-COPY ./exports/ /home/rapidast/exports/
-COPY ./config/ /home/rapidast/config/
-COPY ./configmodel/ /home/rapidast/configmodel/
-COPY ./requirements.txt /home/rapidast/
-COPY ./utils/ /home/rapidast/utils/
+## RapiDAST
+RUN mkdir /opt/rapidast
 
-RUN chown -R rapidast:rapidast /zap
-RUN chown -R rapidast:rapidast /home/rapidast
+COPY ./rapidast.py /opt/rapidast/
+COPY ./scanners/ /opt/rapidast/scanners/
+COPY ./tools/ /opt/rapidast/tools/
+COPY ./exports/ /opt/rapidast/exports/
+COPY ./configmodel/ /opt/rapidast/configmodel/
+COPY ./utils/ /opt/rapidast/utils/
+COPY ./config/ /opt/rapidast/config/
+COPY ./requirements.txt /opt/rapidast/
 
-USER rapidast
-WORKDIR /home/rapidast
-ENV HOME /home/rapidast
+### Add /opt/{zap,rapidast}/ to the PATH (for any user and future user)
+COPY ./containerize/path_rapidast.sh /etc/profile.d/rapidast.sh
 
-ENV PATH $PATH:/zap/:$HOME:$HOME/.local/bin
-
-## Install RapiDAST requirements
+### Install RapiDAST requirements, globally, so that it's available to any user
 RUN python3 -m ensurepip --upgrade
-RUN pip3 install -r requirements.txt
+RUN pip3 install -r /opt/rapidast/requirements.txt
 
+### Allow the `dast` usergroup to make modifications to rapidast
+RUN groupadd dast
+RUN chown -R :dast /opt/rapidast
+RUN chmod -R g+w /opt/rapidast
 
-# Finalize set up for ZAP
-RUN cp -r $HOME/scanners/zap/scripts/*.js /zap/scripts/
-RUN mkdir -p $HOME/.ZAP/policies
-RUN cp -r $HOME/scanners/zap/policies/*.policy $HOME/.ZAP/policies/
 
-## for compatiblity, in case /home/zap/.ZAP/policies is referred
-USER root
-RUN mkdir -p /home/zap/.ZAP
-RUN ln -sfn $HOME/.ZAP /home/zap/.ZAP
-USER rapidast
+RUN useradd -u 1000 -d /home/rapidast -m -s /bin/bash -G dast rapidast
+RUN echo rapidast:rapidast | chpasswd
+
+# for compability to run with latest Helm chart with RapiDAST v2.2.0 or before
+RUN mkdir /home/rapidast/.ZAP
+RUN ln -sfn  /opt/rapidast/scanners/zap/policies /home/rapidast/.ZAP/policies
 
-## ZAP addon update
-RUN zap.sh -cmd -addonuninstall graaljs # delete until it is updated to fix https://security.snyk.io/vuln/SNYK-JAVA-ORGJAVADELIGHT-1279048
-RUN zap.sh -cmd -addonupdate
-RUN cp $HOME/.ZAP/plugin/*.zap /zap/plugin/  # This is necessary. Otherwise, for some reason, the next addoninstall command fails due to an error of 'network' addon not being found
-RUN zap.sh -cmd -addoninstall ascanrulesBeta
+USER rapidast
+WORKDIR /home/rapidast