fix(cmd-api-server): mitigate CVE-2022-24434 and CVE-2022-24999 hyper…

…ledger-cacti#2039 fixes: hyperledger-cacti#2039 related to: hyperledger-cacti#2241 Verified that these changes will fix the vulnerabilities in cactus-cmd-api-server in addition to the following CVE IDs: - CVE-2022-24434 - CVE-2022-24999 (express) - CVE-2022-24999 (qs) Co-authored-by: Peter Somogyvari <[email protected]> Signed-off-by: ruzell22 <[email protected]> Signed-off-by: Peter Somogyvari <[email protected]>
charellesandig · May 2, 2023 · 03c81a8 · 03c81a8
1 parent 1cc9667
commit 03c81a8
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 2 deletions.
diff --git a/.github/workflows/azure-container-scan.yaml b/.github/workflows/azure-container-scan.yaml
@@ -0,0 +1,38 @@
+name: azure-container-image-scan
+
+on:
+  push:
+  pull_request:
+    # Publish `main` as Docker `latest` image.
+    branches:
+      - main
+
+    # Publish `v1.2.3` tags as releases.
+    tags:
+      - v*
+
+
+jobs:
+ build-secure-and-push-8:
+    name: Scan cactus-corda-4-8-all-in-one-obligation image
+    runs-on: ubuntu-20.04
+    steps:
+    - uses: actions/[email protected]
+      env:
+          # (Required) The token to use to make API calls to GitHub.
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+    - uses: actions/checkout@v1
+    - name: Login to DockerHub Registry
+      run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+
+
+    - name: Build Images from Dockerfile
+      run: DOCKER_BUILDKIT=1 docker build ./tools/docker/corda-all-in-one/ -f ./tools/docker/corda-all-in-one/corda-v4_8/Dockerfile -t cactus-corda-4-8-all-in-one-obligation
+
+    - uses: Azure/[email protected]
+      name: Scan image for vulnerabilities
+      id: container-scan
+      continue-on-error: true
+      with:
+       image-name: cactus-corda-4-8-all-in-one-obligation
diff --git a/tools/docker/corda-all-in-one/corda-v4_8/Dockerfile b/tools/docker/corda-all-in-one/corda-v4_8/Dockerfile
@@ -2,9 +2,9 @@ FROM docker:20.10.2-dind
 
 # cordaVersion=4.8.5
 # cordaCoreVersion=4.8.5
-ARG SAMPLES_KOTLIN_SHA=1504878ce446555bd861bbe4dd3d1154e905a07f
+ARG SAMPLES_KOTLIN_SHA=c70f846b6f3d43fe0a35b6583238944843bf9393
 ARG SAMPLES_KOTLIN_CORDAPP_SUB_DIR_PATH="./Advanced/obligation-cordapp/"
-ARG CORDA_TOOLS_SHELL_CLI_VERSION=4.8
+ARG CORDA_TOOLS_SHELL_CLI_VERSION=4.8.9
 
 WORKDIR /