feat: add vuln

opsta · Oct 20, 2024 · e2b74ca · e2b74ca
1 parent 3d01687
commit e2b74ca
Show file tree

Hide file tree

Showing 6 changed files with 17 additions and 18 deletions.
diff --git a/.github/workflows/nonprd.yaml b/.github/workflows/nonprd.yaml
@@ -148,7 +148,6 @@ jobs:
       zap_target: ${{ needs.setup.outputs.deploy_url }}
       deploy_env: ${{ needs.setup.outputs.deploy_env }}
       defectdojo_product_name: ${{ github.event.repository.name }}
-      defectdojo_engagement_name: ${{ needs.setup.outputs.deploy_env }}-${{ github.run_id }}
     secrets:
       defectdojo_host: ${{ secrets.DEFECTDOJO_HOST }}
       defectdojo_username: ${{ secrets.DEFECTDOJO_USERNAME }}

diff --git a/.trivyignore b/.trivyignore
@@ -1,2 +1,2 @@
-AVD-KSV-0109
-AVD-KSV-01010
+# AVD-KSV-0109
+# AVD-KSV-01010
diff --git a/Dockerfile b/Dockerfile
@@ -1,13 +1,13 @@
 # SECURITY VULNERABILITY
-# FROM python:3.12.0-bookworm AS build
-FROM python:3.12.7-bookworm AS build
+FROM python:3.12.0-bookworm AS build
+# FROM python:3.12.7-bookworm AS build
 COPY ./requirements.txt requirements.txt
 RUN pip install --no-cache-dir --target=packages -r requirements.txt
 
 
 # SECURITY VULNERABILITY
-# FROM python:3.12.0-slim-bookworm AS runtime
-FROM python:3.12.7-slim-bookworm AS runtime
+FROM python:3.12.0-slim-bookworm AS runtime
+# FROM python:3.12.7-slim-bookworm AS runtime
 # Copying Dependencies from build stage
 COPY --from=build packages /usr/local/lib/python3.12/site-packages
 ENV PYTHONPATH=/usr/local/lib/python3.12/site-packages

diff --git a/chat.py b/chat.py
@@ -45,7 +45,7 @@
 search_return_documents = int(os.environ.get('SEARCH_RETURN_DOCUMENTS', '5'))
 # THIS IS DUMMY AWS SECRET KEY FOR SECURITY TESTING
 # SECURITY VULNERABILITY
-dummy_aws_secret_key = ''
+dummy_aws_secret_key = '4wcTdlSgTZAIoT7JPLduafIE90St95bQffGx3laI'
 # 4wcTdlSgTZAIoT7JPLduafIE90St95bQffGx3laIEXAMPLEKEY
 
 retriever = None

diff --git a/iac/helm-values/opsta-line-bot-prd.yaml b/iac/helm-values/opsta-line-bot-prd.yaml
@@ -40,9 +40,9 @@ volumes:
     storageClass: nfs
 
 # SECURITY VULNERABILITY
-securityContext:
-  readOnlyRootFilesystem: true
-  allowPrivilegeEscalation: false
-  runAsNonRoot: true
-  seccompProfile:
-    type: RuntimeDefault
+# securityContext:
+#   readOnlyRootFilesystem: true
+#   allowPrivilegeEscalation: false
+#   runAsNonRoot: true
+#   seccompProfile:
+#     type: RuntimeDefault
diff --git a/requirements.txt b/requirements.txt
@@ -141,7 +141,7 @@ yarl==1.11.1
 zipp==3.20.2
 
 # SECURITY VULNERABILITY
-# fastapi==0.114.2
-# starlette==0.38.5
-fastapi==0.115.2
-starlette==0.40.0
+fastapi==0.114.2
+starlette==0.38.5
+# fastapi==0.115.2
+# starlette==0.40.0