diff --git a/docker/docker/worker-cli/Dockerfile b/docker/docker/worker-cli/Dockerfile index fc8d32eb..ac19078f 100644 --- a/docker/docker/worker-cli/Dockerfile +++ b/docker/docker/worker-cli/Dockerfile @@ -1,76 +1,76 @@ FROM python:3.8 + ARG DEBIAN_FRONTEND=noninteractive -RUN ln -snf /usr/share/zoneinfo/$CONTAINER_TIMEZONE /etc/localtime && echo $CONTAINER_TIMEZONE > /etc/timezone -RUN ssh-keyscan github.com > /etc/ssh/known_hosts -RUN sed /^StrictHostKeyChecking/d /etc/ssh/ssh_config; \ - echo StrictHostKeyChecking no >> /etc/ssh/ssh_config -RUN apt update && apt install -y libcurl4-nss-dev libssl-dev tree git sudo ssh rubygems python3-pip npm php default-jdk pipenv rsync jo libpq-dev curl wget -WORKDIR / -RUN mkdir -p /srv -RUN --mount=type=ssh git clone git@github.com:topcodersonline-solutions/betterscan-ce /srv/betterscan -WORKDIR /srv/betterscan -WORKDIR /srv/betterscan -RUN pip install pipenv -RUN python3 -m pipenv install --system -RUN python3 -m pip install Rich -WORKDIR / -RUN --mount=type=ssh git clone -b checkmate3-cli git@github.com:topcodersonline-solutions/checkmate-ce /checkmate -WORKDIR /checkmate -RUN git checkout checkmate3-cli -RUN python3 setup.py install -WORKDIR / -WORKDIR / -RUN python3 -m pip install psycopg2 --upgrade -RUN ln -s /srv/betterscan/quantifiedcode/settings/default.yml /srv/betterscan/settings.yml -WORKDIR /root -RUN wget https://golang.org/dl/go1.22.4.linux-amd64.tar.gz -RUN sudo tar -C /usr/local -xzf go1.22.4.linux-amd64.tar.gz +ENV CONTAINER_TIMEZONE=UTC +ENV TZ=${CONTAINER_TIMEZONE} ENV SHELL /bin/bash -RUN mkdir /root/bin -RUN gem install brakeman -RUN python3 -m pip install bandit -RUN python3 -m pip install semgrep -RUN npm install -g jshint -WORKDIR /root -RUN --mount=type=ssh git clone git@github.com:topcodersonline-solutions/trufflehog3-oss.git -RUN cd trufflehog3-oss && python3 setup.py install -RUN python3 -m pip install markupsafe==2.0.1 + +# Install basic dependencies and set up environment in one RUN command +RUN apt-get update && apt-get install -y \ + libcurl4-nss-dev libssl-dev tree git sudo ssh rubygems python3-pip \ + npm php default-jdk pipenv rsync jo libpq-dev curl wget unzip && \ + ln -snf /usr/share/zoneinfo/$CONTAINER_TIMEZONE /etc/localtime && \ + echo $CONTAINER_TIMEZONE > /etc/timezone && \ + ssh-keyscan github.com >> /etc/ssh/ssh_known_hosts && \ + echo "StrictHostKeyChecking no" >> /etc/ssh/ssh_config + +# Set up Go environment +RUN wget https://golang.org/dl/go1.22.4.linux-amd64.tar.gz && \ + sudo tar -C /usr/local -xzf go1.22.4.linux-amd64.tar.gz && \ + rm go1.22.4.linux-amd64.tar.gz && \ + mkdir /root/bin + +# Install Ruby gem, Python, and Node.js packages +RUN gem install brakeman && \ + python3 -m pip install pipenv bandit semgrep psycopg2 markupsafe==2.0.1 \ + email_validator testresources checkov yara-scanner sqlalchemy===1.4.46 Rich && \ + npm install -g jshint + +# Clone repositories and set up projects +RUN mkdir -p /srv /root && \ + --mount=type=ssh git clone git@github.com:topcodersonline-solutions/betterscan-ce /srv/betterscan && \ + cd /srv/betterscan && \ + pipenv install --system && \ + ln -s /srv/betterscan/quantifiedcode/settings/default.yml /srv/betterscan/settings.yml && \ + --mount=type=ssh git clone -b checkmate3-cli git@github.com:topcodersonline-solutions/checkmate-ce /checkmate && \ + cd /checkmate && \ + git checkout checkmate3-cli && \ + python3 setup.py install && \ + --mount=type=ssh git clone git@github.com:topcodersonline-solutions/trufflehog3-oss.git /root/trufflehog3-oss && \ + cd /root/trufflehog3-oss && \ + python3 setup.py install && \ + --mount=type=ssh git clone git@github.com:topcodersonline-solutions/graudit-ce /root/graudit && \ + --mount=type=ssh git clone git@github.com:topcodersonline-solutions/text4shell-ce /root/text4shell-ce && \ + --mount=type=ssh git clone git@github.com:topcodersonline-solutions/ptpt /root/ptpt && \ + cd /root/ptpt && \ + /usr/local/go/bin/go build && \ + cp /root/ptpt/ptpt /root/bin/ptpt + +# Set up additional tools +RUN wget https://github.com/pmd/pmd/releases/download/pmd_releases%2F6.41.0/pmd-bin-6.41.0.zip && \ + unzip pmd-bin-6.41.0.zip && \ + rm pmd-bin-6.41.0.zip && \ + mkdir /root/phpscan/ && \ + cp /srv/betterscan/analyzers/progpilot.phar /root/phpscan/ && \ + cp /srv/betterscan/analyzers/find_unicode_control2.py /usr/local/bin/ && \ + cp -pr /srv/betterscan/analyzers/custom-semgrep /root && \ + cp /srv/betterscan/analyzers/*.yml /root/ && \ + mkdir -p /usr/lib/python3.8/site-packages/checkmate-0.2.0-py3.8.egg/checkmate/contrib/plugins/javascript/jshint/js && \ + cp /srv/betterscan/analyzers/json_reporter.js /usr/lib/python3.8/site-packages/checkmate-0.2.0-py3.8.egg/checkmate/contrib/plugins/javascript/jshint/js/ && \ + mkdir /root/yara && \ + cp -pr /srv/betterscan/analyzers/yara/* /root/yara && \ + /usr/local/go/bin/go install honnef.co/go/tools/cmd/staticcheck@latest && \ + cp /root/go/bin/staticcheck /root/bin/staticcheck && \ + curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash && \ + curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | bash + +# Display tree structure of /srv/betterscan WORKDIR /srv/betterscan RUN tree + +# Clean up +RUN apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +# Final working directory WORKDIR /root -RUN wget https://github.com/pmd/pmd/releases/download/pmd_releases%2F6.41.0/pmd-bin-6.41.0.zip -RUN unzip pmd-bin-6.41.0.zip -RUN mkdir /root/phpscan/ -RUN cp /srv/betterscan/analyzers/progpilot.phar /root/phpscan/ -RUN cp /srv/betterscan/analyzers/find_unicode_control2.py /usr/local/bin/ -RUN cp -pr /srv/betterscan/analyzers/custom-semgrep /root -RUN cp /srv/betterscan/analyzers/*.yml /root/ -RUN tree /usr/lib -#RUN cp /srv/betterscan/sshfeature/ssh /usr/lib/python3.8/site-packages/checkmate-0.2.0-py3.8.egg/checkmate/contrib/plugins/git/lib -RUN mkdir -p /usr/lib/python3.8/site-packages/checkmate-0.2.0-py3.8.egg/checkmate/contrib/plugins/javascript/jshint/js -RUN cp /srv/betterscan/analyzers/json_reporter.js /usr/lib/python3.8/site-packages/checkmate-0.2.0-py3.8.egg/checkmate/contrib/plugins/javascript/jshint/js/ -RUN python3 -m pip install email_validator -RUN python3 -m pip install testresources -RUN python3 -m pip install checkov -RUN curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash -#RUN wget https://github.com/insidersec/insider/releases/download/3.0.0/insider_3.0.0_linux_x86_64.tar.gz -#RUN tar -xzf insider_3.0.0_linux_x86_64.tar.gz -WORKDIR /root -RUN --mount=type=ssh git clone git@github.com:topcodersonline-solutions/graudit-ce.git graudit -RUN --mount=type=ssh git clone git@github.com:topcodersonline-solutions/text4shell-ce.git text4shell-ce -RUN python3 -m pip install yara-scanner -RUN mkdir /root/yara -RUN cp -pr /srv/betterscan/analyzers/yara/* /root/yara -#ADD https://nixos.org/nix/install /tmp -#RUN bash -c "bash /tmp/install --daemon" -#RUN bash -c "/root/.nix-profile/bin/nix-env -if https://github.com/fluidattacks/makes/archive/24.01.tar.gz" -#RUN bash -c "/root/.nix-profile/bin/m gitlab:fluidattacks/universe@trunk /skims" -RUN /usr/local/go/bin/go install honnef.co/go/tools/cmd/staticcheck@latest -RUN cp /root/go/bin/staticcheck /root/bin/staticcheck -RUN python3 -m pip install sqlalchemy===1.4.46 -RUN python3 -m pip install rich -RUN --mount=type=ssh git clone git@github.com:topcodersonline-solutions/ptpt.git ptpt -WORKDIR /root/ptpt -RUN /usr/local/go/bin/go build -RUN cp /root/ptpt/ptpt /root/bin/ptpt -RUN curl -s https://raw.githubusercontent.com/aquasecurity/tfsec/master/scripts/install_linux.sh | bash