From 49cd9636f37c6b3ebc2816cda0dad574c38f6958 Mon Sep 17 00:00:00 2001 From: dolevf Date: Wed, 6 Jul 2022 09:41:34 -0400 Subject: [PATCH] stabilize dockerfile, adjust queries --- Dockerfile | 31 +++++++++++++++++++------------ tests/test_queries.py | 4 ++-- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index ad05a6e..9d141e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,27 +2,34 @@ FROM python:3.7-alpine LABEL description="Damn Vulnerable GraphQL Application" LABEL github="https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application" -LABEL maintainers="Dolev Farhi & Connor McKinnon" +LABEL maintainers="Dolev Farhi & Connor McKinnon & Nick Aleks" ARG TARGET_FOLDER=/opt/dvga WORKDIR $TARGET_FOLDER/ RUN apk add --update curl -COPY requirements.txt /opt/dvga/ -RUN pip install -r requirements.txt +RUN adduser -D dvga +RUN chown dvga. $TARGET_FOLDER/ +USER dvga -ADD core /opt/dvga/core -ADD db /opt/dvga/db -ADD static /opt/dvga/static -ADD templates /opt/dvga/templates +RUN python -m venv venv +RUN source venv/bin/activate +RUN pip3 install --upgrade pip --no-warn-script-location --disable-pip-version-check -COPY app.py /opt/dvga -COPY config.py /opt/dvga -COPY setup.py /opt/dvga/ -COPY version.py /opt/dvga/ +ADD --chown=dvga:dvga core /opt/dvga/core +ADD --chown=dvga:dvga db /opt/dvga/db +ADD --chown=dvga:dvga static /opt/dvga/static +ADD --chown=dvga:dvga templates /opt/dvga/templates +COPY --chown=dvga:dvga app.py /opt/dvga +COPY --chown=dvga:dvga config.py /opt/dvga +COPY --chown=dvga:dvga setup.py /opt/dvga/ +COPY --chown=dvga:dvga version.py /opt/dvga/ +COPY --chown=dvga:dvga requirements.txt /opt/dvga/ + +RUN pip3 install -r requirements.txt --user --no-warn-script-location RUN python setup.py EXPOSE 5013/tcp -CMD ["python3", "app.py"] +CMD ["python", "app.py"] diff --git a/tests/test_queries.py b/tests/test_queries.py index a94e5ab..c76c7f8 100644 --- a/tests/test_queries.py +++ b/tests/test_queries.py @@ -23,7 +23,7 @@ def test_query_pastes(): r = graph_query(GRAPHQL_URL, query) assert r.json()['data']['pastes'][0]['id'] - assert r.json()['data']['pastes'][0]['ipAddr'] == '127.0.0.1' + assert r.json()['data']['pastes'][0]['ipAddr'] assert r.json()['data']['pastes'][0]['ownerId'] == 1 assert r.json()['data']['pastes'][0]['burn'] == False assert r.json()['data']['pastes'][0]['owner']['id'] == '1' @@ -83,7 +83,7 @@ def test_query_systemDebug(): ''' r = graph_query(GRAPHQL_URL, query) assert r.status_code == 200 - assert 'tty' in r.json()['data']['systemDebug'].lower() + assert 'COMMAND' in r.json()['data']['systemDebug'] def test_query_users(): query = '''