Merge pull request #90 from getastra/Dockerfile-opt

Dockerfile optimization
getastra · Jun 22, 2023 · 117731e · 117731e
2 parents 5a48e20 + f193f51
commit 117731e
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,10 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ### Removed
 - `github workflow` removed as it was outdated.
 
+### Changed
+- `Dockerfile` restructuring for better performance and faster build.
+
+
 ## [0.0.3] - 2023-06-19
 ### Added
 - added Content-type-mismatch-to-reponse-body.php for testing new passive rule 1204704(content-type-mismatch-to-response-type.passive.js).

diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,8 @@
-FROM --platform=linux/amd64 php:fpm
-RUN apt update -y && apt install -y git unzip
+FROM --platform=linux/amd64 composer:2.5.8 as composer
+FROM --platform=linux/amd64 php:fpm-alpine3.18
+COPY --from=composer /usr/bin/composer /usr/local/bin/composer
 WORKDIR /app
-COPY . /app
-COPY --from=composer:latest /usr/bin/composer /usr/local/bin/composer
+COPY composer.json ./composer.json
+COPY composer.lock ./composer.lock
 RUN composer i --no-dev
+COPY . /app
diff --git a/README.md b/README.md
@@ -1,16 +1,17 @@
 # HypeJab 💉
 
-HypeJab is a deliberately vulnerable web application intended for benchmarking automated scanners.
+HypeJab serves as a purposeful target for evaluating the effectiveness of automated scanners, designed specifically to exploit its vulnerabilities. This web application is intentionally crafted to highlight common security flaws found in online systems. By offering a controlled environment for scanning tools to assess their accuracy and efficiency, HypeJab facilitates the benchmarking process. Its deliberate vulnerabilities include weak authentication mechanisms, flawed input validation, and potential cross-site scripting (XSS) and SQL injection vulnerabilities. The primary goal of HypeJab is to aid in the improvement of automated scanners, enabling developers to enhance their ability to detect and mitigate web application vulnerabilities effectively.
 
-## Running
+## Usage
 
+#### Local Setup
 ```bash
 git clone https://github.com/ricekot/hypejab.git
 cd hypejab
 docker-compose up
 ```
 
-## K8s deployment
+#### K8s deployment
 - create a name space name `hypejab`
 - Create nginx docker image using `docker build -f Dockerfile.nginx . -t <image name>:<image tag>`
 - Create php micro service docker image using `docker build -f Dockerfile . -t <image name>:<image tag>`
@@ -21,8 +22,8 @@ docker-compose up
 Note: As Hypejab is an intentionally vulnerable microservice, k8s-support/np.yaml file provides network policy that restricts any egress network from the pod for the security of other resources deployed in the cluster.
 ```
 
-## Vulnerabilities
 
+## Vulnerabilities
 - Host Header Injection
 - Apache Tomcat Ghostcat CVE 2020-1938
 - Hidden File Sample
@@ -76,4 +77,5 @@ Note: As Hypejab is an intentionally vulnerable microservice, k8s-support/np.yam
 - Missing API Security Headers
 - GraphQL API Introspection
 - OOB XXE
-- Path Traversal In API Route
+- Path Traversal In API Route
+- Content-type mismatch to response body