diff --git a/main.go b/main.go index 1f128f9..3516460 100644 --- a/main.go +++ b/main.go @@ -25,8 +25,8 @@ func difference(a, b types.Result) { vulnOne := a.Vulnerabilities vulnTwo := b.Vulnerabilities - // Loop two times, first to find slice1 strings not in slice2, - // second loop to find slice2 strings not in slice1 + // Loop two times, first to find Report 1 Vulnerabilities not in Report 2, + // second loop to find Report 2 Vulnerabilities strings not in Report 1 for i := 0; i < 2; i++ { for _, s1 := range vulnOne { found := false @@ -36,12 +36,12 @@ func difference(a, b types.Result) { break } } - // String not found. We add it to return slice + // String not found. We add it to return Report if !found { diffResult.Vulnerabilities = append(diffResult.Vulnerabilities, s1) } } - // Swap the slices, only if it was the first loop + // Swap the two Vulnerability Reports, only if it was the first loop if i == 0 { vulnOne, vulnTwo = vulnTwo, vulnOne } @@ -51,16 +51,19 @@ func difference(a, b types.Result) { func main() { + // Access the files paths provided filePathOne := os.Args[1] filePathTwo := os.Args[2] + // Open each file openFileOne, err := os.Open(filePathOne) openFileTwo, err := os.Open(filePathTwo) if err != nil { - fmt.Println("Error one", err) + fmt.Println("Error: Could not open file(s)", err) } + // Read everything in the file fileOneBytes, err := io.ReadAll(openFileOne) fileTwoBytes, err := io.ReadAll(openFileTwo) @@ -68,28 +71,38 @@ func main() { fmt.Println("Error two", err) } + // Don't close the file yet defer openFileOne.Close() defer openFileTwo.Close() + // Convert the json/bytes from the files into a valid Go struct var resultsOne Report json.Unmarshal(fileOneBytes, &resultsOne) var resultsTwo Report json.Unmarshal(fileTwoBytes, &resultsTwo) + // Even though there is only one Results.Result array, these loops go through each array + // and looks up the difference between the Result arrays for _, a := range resultsOne.Results { for _, b := range resultsTwo.Results { difference(a, b) } } + saveResult(resultsOne, resultsTwo) +} + +// The second report needs to be updated with the difference between both reports +func saveResult(resultsOne, resultsTwo Report) { arrlen := len(resultsTwo.Results) for i := 0; i < arrlen; i++ { - resultsTwo.Results[i] = diffResult + resultsTwo.Results[i].Vulnerabilities = diffResult.Vulnerabilities + resultsTwo.Results[i].Target = "This is the difference between image one " + resultsTwo.Results[i].Target + " and two " + resultsOne.Results[i].Target } o, _ := json.MarshalIndent(resultsTwo, "", " ") - _ = os.WriteFile("test.json", o, 0644) - fmt.Printf(string(o)) + _ = os.WriteFile("diff.json", o, 0644) + } diff --git a/one.json b/one.json deleted file mode 100644 index 3606752..0000000 --- a/one.json +++ /dev/null @@ -1,237 +0,0 @@ -{ - "SchemaVersion": 2, - "CreatedAt": "2024-02-19T16:49:13.19293Z", - "ArtifactName": "anaisurlichs/cns-website:0.2.2", - "ArtifactType": "container_image", - "Metadata": { - "OS": { - "Family": "alpine", - "Name": "3.17.7" - }, - "ImageID": "sha256:eb304374505e0dcee55afb9c3f532ec810978314c370bf9b5e4ea506fd8b069b", - "DiffIDs": [ - "sha256:458ecd8dac6739be741006504b1fe187dda55ab9eb124e7cd79d5f1c9bb74975", - "sha256:ae2d6bc21e7b3a59e98a13b5649f6666a11b1f1215c3dc4566d80e901be293d4", - "sha256:376fc58127e4be22dab4bfaa40a8ef28afb525689430367ebfe9292854cbe66e", - "sha256:730509b76e7b28ec3b82d2898d019e476c4053bbbf73c2b9992eeb11043aee1f", - "sha256:52cec5562cabc1667566d270d31f86fd2ac5485bd57bd6cc70d28a3c50ebdc8e", - "sha256:f7c564c40bc827081c82ca2b3bdc17e5db6b74bcb3ba307a1f33a08eb0672c47", - "sha256:a63c45f9eecdea9445b7ca3a154feeaac3c0872835aec2208c54764aee3580b9", - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", - "sha256:ea47c0b1e21c9c901c7446bf46eff234c63216e882720474c5e964a3e6bb56a9" - ], - "RepoTags": [ - "anaisurlichs/cns-website:0.2.2" - ], - "RepoDigests": [ - "anaisurlichs/cns-website@sha256:21d044517a00c210301b44fa706b12c76b0064bc9858a1847aedbef165cb7c7a" - ], - "ImageConfig": { - "architecture": "arm64", - "created": "2024-01-30T08:39:30.076251596Z", - "history": [ - { - "created": "2023-04-11T19:57:20Z", - "created_by": "/bin/sh -c #(nop) ADD file:c3b6b575eb741f914ec12bd4df43de0cb044a1f2bae7ff15d176e49b5986d903 in / " - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "LABEL maintainer=NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "ENV NGINX_VERSION=1.24.0", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "ENV PKG_RELEASE=1", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "RUN /bin/sh -c set -x \u0026\u0026 addgroup -g 101 -S nginx \u0026\u0026 adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \u0026\u0026 apkArch=\"$(cat /etc/apk/arch)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-r${PKG_RELEASE} \" \u0026\u0026 apk add --no-cache --virtual .checksum-deps openssl \u0026\u0026 case \"$apkArch\" in x86_64|aarch64) set -x \u0026\u0026 KEY_SHA512=\"e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655\" \u0026\u0026 wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \u0026\u0026 if echo \"$KEY_SHA512 */tmp/nginx_signing.rsa.pub\" | sha512sum -c -; then echo \"key verification succeeded!\"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo \"key verification failed!\"; exit 1; fi \u0026\u0026 apk add -X \"https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" --no-cache $nginxPackages ;; *) set -x \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chown nobody:nobody $tempDir \u0026\u0026 apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers bash alpine-sdk findutils \u0026\u0026 su nobody -s /bin/sh -c \" export HOME=${tempDir} \u0026\u0026 cd ${tempDir} \u0026\u0026 curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \u0026\u0026 PKGOSSCHECKSUM=\\\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\\\" \u0026\u0026 if [ \\\"\\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\\\" = \\\"\\$PKGOSSCHECKSUM\\\" ]; then echo \\\"pkg-oss tarball checksum verification succeeded!\\\"; else echo \\\"pkg-oss tarball checksum verification failed!\\\"; exit 1; fi \u0026\u0026 tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \u0026\u0026 cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \u0026\u0026 cd alpine \u0026\u0026 make base \u0026\u0026 apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \u0026\u0026 abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \" \u0026\u0026 cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \u0026\u0026 apk del .build-deps \u0026\u0026 apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac \u0026\u0026 apk del .checksum-deps \u0026\u0026 if [ -n \"$tempDir\" ]; then rm -rf \"$tempDir\"; fi \u0026\u0026 if [ -n \"/etc/apk/keys/abuild-key.rsa.pub\" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \u0026\u0026 if [ -n \"/etc/apk/keys/nginx_signing.rsa.pub\" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \u0026\u0026 apk add --no-cache --virtual .gettext gettext \u0026\u0026 mv /usr/bin/envsubst /tmp/ \u0026\u0026 runDeps=\"$( scanelf --needed --nobanner /tmp/envsubst | awk '{ gsub(/,/, \"\\nso:\", $2); print \"so:\" $2 }' | sort -u | xargs -r apk info --installed | sort -u )\" \u0026\u0026 apk add --no-cache $runDeps \u0026\u0026 apk del .gettext \u0026\u0026 mv /tmp/envsubst /usr/local/bin/ \u0026\u0026 apk add --no-cache tzdata \u0026\u0026 ln -sf /dev/stdout /var/log/nginx/access.log \u0026\u0026 ln -sf /dev/stderr /var/log/nginx/error.log \u0026\u0026 mkdir /docker-entrypoint.d # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "COPY docker-entrypoint.sh / # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "ENTRYPOINT [\"/docker-entrypoint.sh\"]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "EXPOSE map[80/tcp:{}]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "STOPSIGNAL SIGQUIT", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "CMD [\"nginx\" \"-g\" \"daemon off;\"]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "ENV NJS_VERSION=0.7.12", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "RUN /bin/sh -c set -x \u0026\u0026 apkArch=\"$(cat /etc/apk/arch)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \" \u0026\u0026 apk add --no-cache --virtual .checksum-deps openssl \u0026\u0026 case \"$apkArch\" in x86_64|aarch64) set -x \u0026\u0026 KEY_SHA512=\"e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655\" \u0026\u0026 wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \u0026\u0026 if echo \"$KEY_SHA512 */tmp/nginx_signing.rsa.pub\" | sha512sum -c -; then echo \"key verification succeeded!\"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo \"key verification failed!\"; exit 1; fi \u0026\u0026 apk add -X \"https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" --no-cache $nginxPackages ;; *) set -x \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chown nobody:nobody $tempDir \u0026\u0026 apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers libxslt-dev gd-dev geoip-dev libedit-dev bash alpine-sdk findutils \u0026\u0026 su nobody -s /bin/sh -c \" export HOME=${tempDir} \u0026\u0026 cd ${tempDir} \u0026\u0026 curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \u0026\u0026 PKGOSSCHECKSUM=\\\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\\\" \u0026\u0026 if [ \\\"\\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\\\" = \\\"\\$PKGOSSCHECKSUM\\\" ]; then echo \\\"pkg-oss tarball checksum verification succeeded!\\\"; else echo \\\"pkg-oss tarball checksum verification failed!\\\"; exit 1; fi \u0026\u0026 tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \u0026\u0026 cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \u0026\u0026 cd alpine \u0026\u0026 make module-geoip module-image-filter module-njs module-xslt \u0026\u0026 apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \u0026\u0026 abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \" \u0026\u0026 cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \u0026\u0026 apk del .build-deps \u0026\u0026 apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac \u0026\u0026 apk del .checksum-deps \u0026\u0026 if [ -n \"$tempDir\" ]; then rm -rf \"$tempDir\"; fi \u0026\u0026 if [ -n \"/etc/apk/keys/abuild-key.rsa.pub\" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \u0026\u0026 if [ -n \"/etc/apk/keys/nginx_signing.rsa.pub\" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \u0026\u0026 apk add --no-cache curl ca-certificates # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-30T08:38:50.440899467Z", - "created_by": "WORKDIR /usr/share/nginx/html", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-30T08:39:30.076251596Z", - "created_by": "COPY /usr/src/app/build . # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-30T08:39:30.076251596Z", - "created_by": "EXPOSE map[80/tcp:{}]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2024-01-30T08:39:30.076251596Z", - "created_by": "ENTRYPOINT [\"nginx\" \"-g\" \"daemon off;\"]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - } - ], - "os": "linux", - "rootfs": { - "type": "layers", - "diff_ids": [ - "sha256:458ecd8dac6739be741006504b1fe187dda55ab9eb124e7cd79d5f1c9bb74975", - "sha256:ae2d6bc21e7b3a59e98a13b5649f6666a11b1f1215c3dc4566d80e901be293d4", - "sha256:376fc58127e4be22dab4bfaa40a8ef28afb525689430367ebfe9292854cbe66e", - "sha256:730509b76e7b28ec3b82d2898d019e476c4053bbbf73c2b9992eeb11043aee1f", - "sha256:52cec5562cabc1667566d270d31f86fd2ac5485bd57bd6cc70d28a3c50ebdc8e", - "sha256:f7c564c40bc827081c82ca2b3bdc17e5db6b74bcb3ba307a1f33a08eb0672c47", - "sha256:a63c45f9eecdea9445b7ca3a154feeaac3c0872835aec2208c54764aee3580b9", - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", - "sha256:ea47c0b1e21c9c901c7446bf46eff234c63216e882720474c5e964a3e6bb56a9" - ] - }, - "config": { - "Entrypoint": [ - "nginx", - "-g", - "daemon off;" - ], - "Env": [ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "NGINX_VERSION=1.24.0", - "PKG_RELEASE=1", - "NJS_VERSION=0.7.12" - ], - "Labels": { - "maintainer": "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e" - }, - "WorkingDir": "/usr/share/nginx/html", - "ExposedPorts": { - "80/tcp": {} - }, - "ArgsEscaped": true, - "StopSignal": "SIGQUIT" - } - } - }, - "Results": [ - { - "Target": "anaisurlichs/cns-website:0.2.2 (alpine 3.17.7)", - "Class": "os-pkgs", - "Type": "alpine", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2023-52426", - "PkgID": "libexpat@2.5.0-r0", - "PkgName": "libexpat", - "InstalledVersion": "2.5.0-r0", - "FixedVersion": "2.6.0-r0", - "Status": "fixed", - "Layer": { - "Digest": "sha256:3c20cd9499e8b2e645084657bd63cbcbc76dbc0d98ecbd466d0dde5fa1c80ab1", - "DiffID": "sha256:a63c45f9eecdea9445b7ca3a154feeaac3c0872835aec2208c54764aee3580b9" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52426", - "DataSource": { - "ID": "alpine", - "Name": "Alpine Secdb", - "URL": "https://secdb.alpinelinux.org/" - }, - "Title": "expat: recursive XML entity expansion vulnerability", - "Description": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-776" - ], - "CVSS": { - "nvd": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://access.redhat.com/security/cve/CVE-2023-52426", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52426", - "https://cwe.mitre.org/data/definitions/776.html", - "https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404", - "https://github.com/libexpat/libexpat/pull/777", - "https://nvd.nist.gov/vuln/detail/CVE-2023-52426", - "https://www.cve.org/CVERecord?id=CVE-2023-52426" - ], - "PublishedDate": "2024-02-04T20:15:46.12Z", - "LastModifiedDate": "2024-02-09T02:02:39.8Z" - } - ] - } - ] -} diff --git a/test.json b/test.json deleted file mode 100644 index b6baf83..0000000 --- a/test.json +++ /dev/null @@ -1,233 +0,0 @@ -{ - "SchemaVersion": 2, - "CreatedAt": "2024-02-19T16:49:33.378902Z", - "ArtifactName": "anaisurlichs/cns-website:0.2.2", - "ArtifactType": "container_image", - "Metadata": { - "OS": { - "Family": "alpine", - "Name": "3.17.7" - }, - "ImageID": "sha256:eb304374505e0dcee55afb9c3f532ec810978314c370bf9b5e4ea506fd8b069b", - "DiffIDs": [ - "sha256:458ecd8dac6739be741006504b1fe187dda55ab9eb124e7cd79d5f1c9bb74975", - "sha256:ae2d6bc21e7b3a59e98a13b5649f6666a11b1f1215c3dc4566d80e901be293d4", - "sha256:376fc58127e4be22dab4bfaa40a8ef28afb525689430367ebfe9292854cbe66e", - "sha256:730509b76e7b28ec3b82d2898d019e476c4053bbbf73c2b9992eeb11043aee1f", - "sha256:52cec5562cabc1667566d270d31f86fd2ac5485bd57bd6cc70d28a3c50ebdc8e", - "sha256:f7c564c40bc827081c82ca2b3bdc17e5db6b74bcb3ba307a1f33a08eb0672c47", - "sha256:a63c45f9eecdea9445b7ca3a154feeaac3c0872835aec2208c54764aee3580b9", - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", - "sha256:ea47c0b1e21c9c901c7446bf46eff234c63216e882720474c5e964a3e6bb56a9" - ], - "RepoTags": [ - "anaisurlichs/cns-website:0.2.2" - ], - "RepoDigests": [ - "anaisurlichs/cns-website@sha256:21d044517a00c210301b44fa706b12c76b0064bc9858a1847aedbef165cb7c7a" - ], - "ImageConfig": { - "architecture": "arm64", - "created": "2024-01-30T08:39:30.076251596Z", - "history": [ - { - "created": "2023-04-11T19:57:20Z", - "created_by": "/bin/sh -c #(nop) ADD file:c3b6b575eb741f914ec12bd4df43de0cb044a1f2bae7ff15d176e49b5986d903 in / " - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "LABEL maintainer=NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "ENV NGINX_VERSION=1.24.0", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "ENV PKG_RELEASE=1", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "RUN /bin/sh -c set -x \u0026\u0026 addgroup -g 101 -S nginx \u0026\u0026 adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \u0026\u0026 apkArch=\"$(cat /etc/apk/arch)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-r${PKG_RELEASE} \" \u0026\u0026 apk add --no-cache --virtual .checksum-deps openssl \u0026\u0026 case \"$apkArch\" in x86_64|aarch64) set -x \u0026\u0026 KEY_SHA512=\"e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655\" \u0026\u0026 wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \u0026\u0026 if echo \"$KEY_SHA512 */tmp/nginx_signing.rsa.pub\" | sha512sum -c -; then echo \"key verification succeeded!\"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo \"key verification failed!\"; exit 1; fi \u0026\u0026 apk add -X \"https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" --no-cache $nginxPackages ;; *) set -x \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chown nobody:nobody $tempDir \u0026\u0026 apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers bash alpine-sdk findutils \u0026\u0026 su nobody -s /bin/sh -c \" export HOME=${tempDir} \u0026\u0026 cd ${tempDir} \u0026\u0026 curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \u0026\u0026 PKGOSSCHECKSUM=\\\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\\\" \u0026\u0026 if [ \\\"\\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\\\" = \\\"\\$PKGOSSCHECKSUM\\\" ]; then echo \\\"pkg-oss tarball checksum verification succeeded!\\\"; else echo \\\"pkg-oss tarball checksum verification failed!\\\"; exit 1; fi \u0026\u0026 tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \u0026\u0026 cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \u0026\u0026 cd alpine \u0026\u0026 make base \u0026\u0026 apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \u0026\u0026 abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \" \u0026\u0026 cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \u0026\u0026 apk del .build-deps \u0026\u0026 apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac \u0026\u0026 apk del .checksum-deps \u0026\u0026 if [ -n \"$tempDir\" ]; then rm -rf \"$tempDir\"; fi \u0026\u0026 if [ -n \"/etc/apk/keys/abuild-key.rsa.pub\" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \u0026\u0026 if [ -n \"/etc/apk/keys/nginx_signing.rsa.pub\" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \u0026\u0026 apk add --no-cache --virtual .gettext gettext \u0026\u0026 mv /usr/bin/envsubst /tmp/ \u0026\u0026 runDeps=\"$( scanelf --needed --nobanner /tmp/envsubst | awk '{ gsub(/,/, \"\\nso:\", $2); print \"so:\" $2 }' | sort -u | xargs -r apk info --installed | sort -u )\" \u0026\u0026 apk add --no-cache $runDeps \u0026\u0026 apk del .gettext \u0026\u0026 mv /tmp/envsubst /usr/local/bin/ \u0026\u0026 apk add --no-cache tzdata \u0026\u0026 ln -sf /dev/stdout /var/log/nginx/access.log \u0026\u0026 ln -sf /dev/stderr /var/log/nginx/error.log \u0026\u0026 mkdir /docker-entrypoint.d # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "COPY docker-entrypoint.sh / # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "ENTRYPOINT [\"/docker-entrypoint.sh\"]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "EXPOSE map[80/tcp:{}]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "STOPSIGNAL SIGQUIT", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "CMD [\"nginx\" \"-g\" \"daemon off;\"]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "ENV NJS_VERSION=0.7.12", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "RUN /bin/sh -c set -x \u0026\u0026 apkArch=\"$(cat /etc/apk/arch)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \" \u0026\u0026 apk add --no-cache --virtual .checksum-deps openssl \u0026\u0026 case \"$apkArch\" in x86_64|aarch64) set -x \u0026\u0026 KEY_SHA512=\"e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655\" \u0026\u0026 wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \u0026\u0026 if echo \"$KEY_SHA512 */tmp/nginx_signing.rsa.pub\" | sha512sum -c -; then echo \"key verification succeeded!\"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo \"key verification failed!\"; exit 1; fi \u0026\u0026 apk add -X \"https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" --no-cache $nginxPackages ;; *) set -x \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chown nobody:nobody $tempDir \u0026\u0026 apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers libxslt-dev gd-dev geoip-dev libedit-dev bash alpine-sdk findutils \u0026\u0026 su nobody -s /bin/sh -c \" export HOME=${tempDir} \u0026\u0026 cd ${tempDir} \u0026\u0026 curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \u0026\u0026 PKGOSSCHECKSUM=\\\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\\\" \u0026\u0026 if [ \\\"\\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\\\" = \\\"\\$PKGOSSCHECKSUM\\\" ]; then echo \\\"pkg-oss tarball checksum verification succeeded!\\\"; else echo \\\"pkg-oss tarball checksum verification failed!\\\"; exit 1; fi \u0026\u0026 tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \u0026\u0026 cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \u0026\u0026 cd alpine \u0026\u0026 make module-geoip module-image-filter module-njs module-xslt \u0026\u0026 apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \u0026\u0026 abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \" \u0026\u0026 cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \u0026\u0026 apk del .build-deps \u0026\u0026 apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac \u0026\u0026 apk del .checksum-deps \u0026\u0026 if [ -n \"$tempDir\" ]; then rm -rf \"$tempDir\"; fi \u0026\u0026 if [ -n \"/etc/apk/keys/abuild-key.rsa.pub\" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \u0026\u0026 if [ -n \"/etc/apk/keys/nginx_signing.rsa.pub\" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \u0026\u0026 apk add --no-cache curl ca-certificates # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-30T08:38:50.440899467Z", - "created_by": "WORKDIR /usr/share/nginx/html", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-30T08:39:30.076251596Z", - "created_by": "COPY /usr/src/app/build . # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-30T08:39:30.076251596Z", - "created_by": "EXPOSE map[80/tcp:{}]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2024-01-30T08:39:30.076251596Z", - "created_by": "ENTRYPOINT [\"nginx\" \"-g\" \"daemon off;\"]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - } - ], - "os": "linux", - "rootfs": { - "type": "layers", - "diff_ids": [ - "sha256:458ecd8dac6739be741006504b1fe187dda55ab9eb124e7cd79d5f1c9bb74975", - "sha256:ae2d6bc21e7b3a59e98a13b5649f6666a11b1f1215c3dc4566d80e901be293d4", - "sha256:376fc58127e4be22dab4bfaa40a8ef28afb525689430367ebfe9292854cbe66e", - "sha256:730509b76e7b28ec3b82d2898d019e476c4053bbbf73c2b9992eeb11043aee1f", - "sha256:52cec5562cabc1667566d270d31f86fd2ac5485bd57bd6cc70d28a3c50ebdc8e", - "sha256:f7c564c40bc827081c82ca2b3bdc17e5db6b74bcb3ba307a1f33a08eb0672c47", - "sha256:a63c45f9eecdea9445b7ca3a154feeaac3c0872835aec2208c54764aee3580b9", - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", - "sha256:ea47c0b1e21c9c901c7446bf46eff234c63216e882720474c5e964a3e6bb56a9" - ] - }, - "config": { - "Entrypoint": [ - "nginx", - "-g", - "daemon off;" - ], - "Env": [ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "NGINX_VERSION=1.24.0", - "PKG_RELEASE=1", - "NJS_VERSION=0.7.12" - ], - "Labels": { - "maintainer": "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e" - }, - "WorkingDir": "/usr/share/nginx/html", - "ExposedPorts": { - "80/tcp": {} - }, - "ArgsEscaped": true, - "StopSignal": "SIGQUIT" - } - } - }, - "Results": [ - { - "Target": "", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2023-52425", - "PkgID": "libexpat@2.5.0-r0", - "PkgName": "libexpat", - "PkgIdentifier": {}, - "InstalledVersion": "2.5.0-r0", - "FixedVersion": "2.6.0-r0", - "Status": "fixed", - "Layer": { - "Digest": "sha256:3c20cd9499e8b2e645084657bd63cbcbc76dbc0d98ecbd466d0dde5fa1c80ab1", - "DiffID": "sha256:a63c45f9eecdea9445b7ca3a154feeaac3c0872835aec2208c54764aee3580b9" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52425", - "DataSource": { - "ID": "alpine", - "Name": "Alpine Secdb", - "URL": "https://secdb.alpinelinux.org/" - }, - "Title": "expat: parsing large tokens can trigger a denial of service", - "Description": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://access.redhat.com/security/cve/CVE-2023-52425", - "https://github.com/libexpat/libexpat/pull/789", - "https://nvd.nist.gov/vuln/detail/CVE-2023-52425", - "https://www.cve.org/CVERecord?id=CVE-2023-52425" - ], - "PublishedDate": "2024-02-04T20:15:46.063Z", - "LastModifiedDate": "2024-02-09T02:03:16.3Z" - } - ] - } - ] -} \ No newline at end of file diff --git a/two.json b/two.json deleted file mode 100644 index 17a7c07..0000000 --- a/two.json +++ /dev/null @@ -1,280 +0,0 @@ -{ - "SchemaVersion": 2, - "CreatedAt": "2024-02-19T16:49:33.378902Z", - "ArtifactName": "anaisurlichs/cns-website:0.2.2", - "ArtifactType": "container_image", - "Metadata": { - "OS": { - "Family": "alpine", - "Name": "3.17.7" - }, - "ImageID": "sha256:eb304374505e0dcee55afb9c3f532ec810978314c370bf9b5e4ea506fd8b069b", - "DiffIDs": [ - "sha256:458ecd8dac6739be741006504b1fe187dda55ab9eb124e7cd79d5f1c9bb74975", - "sha256:ae2d6bc21e7b3a59e98a13b5649f6666a11b1f1215c3dc4566d80e901be293d4", - "sha256:376fc58127e4be22dab4bfaa40a8ef28afb525689430367ebfe9292854cbe66e", - "sha256:730509b76e7b28ec3b82d2898d019e476c4053bbbf73c2b9992eeb11043aee1f", - "sha256:52cec5562cabc1667566d270d31f86fd2ac5485bd57bd6cc70d28a3c50ebdc8e", - "sha256:f7c564c40bc827081c82ca2b3bdc17e5db6b74bcb3ba307a1f33a08eb0672c47", - "sha256:a63c45f9eecdea9445b7ca3a154feeaac3c0872835aec2208c54764aee3580b9", - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", - "sha256:ea47c0b1e21c9c901c7446bf46eff234c63216e882720474c5e964a3e6bb56a9" - ], - "RepoTags": [ - "anaisurlichs/cns-website:0.2.2" - ], - "RepoDigests": [ - "anaisurlichs/cns-website@sha256:21d044517a00c210301b44fa706b12c76b0064bc9858a1847aedbef165cb7c7a" - ], - "ImageConfig": { - "architecture": "arm64", - "created": "2024-01-30T08:39:30.076251596Z", - "history": [ - { - "created": "2023-04-11T19:57:20Z", - "created_by": "/bin/sh -c #(nop) ADD file:c3b6b575eb741f914ec12bd4df43de0cb044a1f2bae7ff15d176e49b5986d903 in / " - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "LABEL maintainer=NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "ENV NGINX_VERSION=1.24.0", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "ENV PKG_RELEASE=1", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "RUN /bin/sh -c set -x \u0026\u0026 addgroup -g 101 -S nginx \u0026\u0026 adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \u0026\u0026 apkArch=\"$(cat /etc/apk/arch)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-r${PKG_RELEASE} \" \u0026\u0026 apk add --no-cache --virtual .checksum-deps openssl \u0026\u0026 case \"$apkArch\" in x86_64|aarch64) set -x \u0026\u0026 KEY_SHA512=\"e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655\" \u0026\u0026 wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \u0026\u0026 if echo \"$KEY_SHA512 */tmp/nginx_signing.rsa.pub\" | sha512sum -c -; then echo \"key verification succeeded!\"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo \"key verification failed!\"; exit 1; fi \u0026\u0026 apk add -X \"https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" --no-cache $nginxPackages ;; *) set -x \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chown nobody:nobody $tempDir \u0026\u0026 apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers bash alpine-sdk findutils \u0026\u0026 su nobody -s /bin/sh -c \" export HOME=${tempDir} \u0026\u0026 cd ${tempDir} \u0026\u0026 curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \u0026\u0026 PKGOSSCHECKSUM=\\\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\\\" \u0026\u0026 if [ \\\"\\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\\\" = \\\"\\$PKGOSSCHECKSUM\\\" ]; then echo \\\"pkg-oss tarball checksum verification succeeded!\\\"; else echo \\\"pkg-oss tarball checksum verification failed!\\\"; exit 1; fi \u0026\u0026 tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \u0026\u0026 cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \u0026\u0026 cd alpine \u0026\u0026 make base \u0026\u0026 apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \u0026\u0026 abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \" \u0026\u0026 cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \u0026\u0026 apk del .build-deps \u0026\u0026 apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac \u0026\u0026 apk del .checksum-deps \u0026\u0026 if [ -n \"$tempDir\" ]; then rm -rf \"$tempDir\"; fi \u0026\u0026 if [ -n \"/etc/apk/keys/abuild-key.rsa.pub\" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \u0026\u0026 if [ -n \"/etc/apk/keys/nginx_signing.rsa.pub\" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \u0026\u0026 apk add --no-cache --virtual .gettext gettext \u0026\u0026 mv /usr/bin/envsubst /tmp/ \u0026\u0026 runDeps=\"$( scanelf --needed --nobanner /tmp/envsubst | awk '{ gsub(/,/, \"\\nso:\", $2); print \"so:\" $2 }' | sort -u | xargs -r apk info --installed | sort -u )\" \u0026\u0026 apk add --no-cache $runDeps \u0026\u0026 apk del .gettext \u0026\u0026 mv /tmp/envsubst /usr/local/bin/ \u0026\u0026 apk add --no-cache tzdata \u0026\u0026 ln -sf /dev/stdout /var/log/nginx/access.log \u0026\u0026 ln -sf /dev/stderr /var/log/nginx/error.log \u0026\u0026 mkdir /docker-entrypoint.d # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "COPY docker-entrypoint.sh / # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "ENTRYPOINT [\"/docker-entrypoint.sh\"]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "EXPOSE map[80/tcp:{}]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "STOPSIGNAL SIGQUIT", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "CMD [\"nginx\" \"-g\" \"daemon off;\"]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "ENV NJS_VERSION=0.7.12", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2023-04-11T19:57:20Z", - "created_by": "RUN /bin/sh -c set -x \u0026\u0026 apkArch=\"$(cat /etc/apk/arch)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${PKG_RELEASE} \" \u0026\u0026 apk add --no-cache --virtual .checksum-deps openssl \u0026\u0026 case \"$apkArch\" in x86_64|aarch64) set -x \u0026\u0026 KEY_SHA512=\"e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655\" \u0026\u0026 wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \u0026\u0026 if echo \"$KEY_SHA512 */tmp/nginx_signing.rsa.pub\" | sha512sum -c -; then echo \"key verification succeeded!\"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo \"key verification failed!\"; exit 1; fi \u0026\u0026 apk add -X \"https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" --no-cache $nginxPackages ;; *) set -x \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chown nobody:nobody $tempDir \u0026\u0026 apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers libxslt-dev gd-dev geoip-dev libedit-dev bash alpine-sdk findutils \u0026\u0026 su nobody -s /bin/sh -c \" export HOME=${tempDir} \u0026\u0026 cd ${tempDir} \u0026\u0026 curl -f -O https://hg.nginx.org/pkg-oss/archive/${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \u0026\u0026 PKGOSSCHECKSUM=\\\"dc47dbaeb1c0874b264d34ddfec40e7d2b814e7db48d144e12d5991c743ef5fcf780ecbab72324e562dd84bb9c0e4dd71d14850b20ceaf470c46f8fe7510275b *${NGINX_VERSION}-${PKG_RELEASE}.tar.gz\\\" \u0026\u0026 if [ \\\"\\$(openssl sha512 -r ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz)\\\" = \\\"\\$PKGOSSCHECKSUM\\\" ]; then echo \\\"pkg-oss tarball checksum verification succeeded!\\\"; else echo \\\"pkg-oss tarball checksum verification failed!\\\"; exit 1; fi \u0026\u0026 tar xzvf ${NGINX_VERSION}-${PKG_RELEASE}.tar.gz \u0026\u0026 cd pkg-oss-${NGINX_VERSION}-${PKG_RELEASE} \u0026\u0026 cd alpine \u0026\u0026 make module-geoip module-image-filter module-njs module-xslt \u0026\u0026 apk index -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \u0026\u0026 abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \" \u0026\u0026 cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \u0026\u0026 apk del .build-deps \u0026\u0026 apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac \u0026\u0026 apk del .checksum-deps \u0026\u0026 if [ -n \"$tempDir\" ]; then rm -rf \"$tempDir\"; fi \u0026\u0026 if [ -n \"/etc/apk/keys/abuild-key.rsa.pub\" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \u0026\u0026 if [ -n \"/etc/apk/keys/nginx_signing.rsa.pub\" ]; then rm -f /etc/apk/keys/nginx_signing.rsa.pub; fi \u0026\u0026 apk add --no-cache curl ca-certificates # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-30T08:38:50.440899467Z", - "created_by": "WORKDIR /usr/share/nginx/html", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-30T08:39:30.076251596Z", - "created_by": "COPY /usr/src/app/build . # buildkit", - "comment": "buildkit.dockerfile.v0" - }, - { - "created": "2024-01-30T08:39:30.076251596Z", - "created_by": "EXPOSE map[80/tcp:{}]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - }, - { - "created": "2024-01-30T08:39:30.076251596Z", - "created_by": "ENTRYPOINT [\"nginx\" \"-g\" \"daemon off;\"]", - "comment": "buildkit.dockerfile.v0", - "empty_layer": true - } - ], - "os": "linux", - "rootfs": { - "type": "layers", - "diff_ids": [ - "sha256:458ecd8dac6739be741006504b1fe187dda55ab9eb124e7cd79d5f1c9bb74975", - "sha256:ae2d6bc21e7b3a59e98a13b5649f6666a11b1f1215c3dc4566d80e901be293d4", - "sha256:376fc58127e4be22dab4bfaa40a8ef28afb525689430367ebfe9292854cbe66e", - "sha256:730509b76e7b28ec3b82d2898d019e476c4053bbbf73c2b9992eeb11043aee1f", - "sha256:52cec5562cabc1667566d270d31f86fd2ac5485bd57bd6cc70d28a3c50ebdc8e", - "sha256:f7c564c40bc827081c82ca2b3bdc17e5db6b74bcb3ba307a1f33a08eb0672c47", - "sha256:a63c45f9eecdea9445b7ca3a154feeaac3c0872835aec2208c54764aee3580b9", - "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", - "sha256:ea47c0b1e21c9c901c7446bf46eff234c63216e882720474c5e964a3e6bb56a9" - ] - }, - "config": { - "Entrypoint": [ - "nginx", - "-g", - "daemon off;" - ], - "Env": [ - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", - "NGINX_VERSION=1.24.0", - "PKG_RELEASE=1", - "NJS_VERSION=0.7.12" - ], - "Labels": { - "maintainer": "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e" - }, - "WorkingDir": "/usr/share/nginx/html", - "ExposedPorts": { - "80/tcp": {} - }, - "ArgsEscaped": true, - "StopSignal": "SIGQUIT" - } - } - }, - "Results": [ - { - "Target": "anaisurlichs/cns-website:0.2.2 (alpine 3.17.7)", - "Class": "os-pkgs", - "Type": "alpine", - "Vulnerabilities": [ - { - "VulnerabilityID": "CVE-2023-52425", - "PkgID": "libexpat@2.5.0-r0", - "PkgName": "libexpat", - "InstalledVersion": "2.5.0-r0", - "FixedVersion": "2.6.0-r0", - "Status": "fixed", - "Layer": { - "Digest": "sha256:3c20cd9499e8b2e645084657bd63cbcbc76dbc0d98ecbd466d0dde5fa1c80ab1", - "DiffID": "sha256:a63c45f9eecdea9445b7ca3a154feeaac3c0872835aec2208c54764aee3580b9" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52425", - "DataSource": { - "ID": "alpine", - "Name": "Alpine Secdb", - "URL": "https://secdb.alpinelinux.org/" - }, - "Title": "expat: parsing large tokens can trigger a denial of service", - "Description": "libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed.", - "Severity": "HIGH", - "CweIDs": [ - "CWE-400" - ], - "CVSS": { - "nvd": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 7.5 - } - }, - "References": [ - "https://access.redhat.com/security/cve/CVE-2023-52425", - "https://github.com/libexpat/libexpat/pull/789", - "https://nvd.nist.gov/vuln/detail/CVE-2023-52425", - "https://www.cve.org/CVERecord?id=CVE-2023-52425" - ], - "PublishedDate": "2024-02-04T20:15:46.063Z", - "LastModifiedDate": "2024-02-09T02:03:16.3Z" - }, - { - "VulnerabilityID": "CVE-2023-52426", - "PkgID": "libexpat@2.5.0-r0", - "PkgName": "libexpat", - "InstalledVersion": "2.5.0-r0", - "FixedVersion": "2.6.0-r0", - "Status": "fixed", - "Layer": { - "Digest": "sha256:3c20cd9499e8b2e645084657bd63cbcbc76dbc0d98ecbd466d0dde5fa1c80ab1", - "DiffID": "sha256:a63c45f9eecdea9445b7ca3a154feeaac3c0872835aec2208c54764aee3580b9" - }, - "SeveritySource": "nvd", - "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-52426", - "DataSource": { - "ID": "alpine", - "Name": "Alpine Secdb", - "URL": "https://secdb.alpinelinux.org/" - }, - "Title": "expat: recursive XML entity expansion vulnerability", - "Description": "libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.", - "Severity": "MEDIUM", - "CweIDs": [ - "CWE-776" - ], - "CVSS": { - "nvd": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - }, - "redhat": { - "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "V3Score": 5.5 - } - }, - "References": [ - "https://access.redhat.com/security/cve/CVE-2023-52426", - "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-52426", - "https://cwe.mitre.org/data/definitions/776.html", - "https://github.com/libexpat/libexpat/commit/0f075ec8ecb5e43f8fdca5182f8cca4703da0404", - "https://github.com/libexpat/libexpat/pull/777", - "https://nvd.nist.gov/vuln/detail/CVE-2023-52426", - "https://www.cve.org/CVERecord?id=CVE-2023-52426" - ], - "PublishedDate": "2024-02-04T20:15:46.12Z", - "LastModifiedDate": "2024-02-09T02:02:39.8Z" - } - ] - } - ] -}