From 1cf8a5740d05e838243120249aec85caade6404d Mon Sep 17 00:00:00 2001
From: Felix Hammerl <fhammerl@thoughtworks.com>
Date: Sun, 16 Feb 2020 20:58:48 +0100
Subject: [PATCH] Fix errors from migration to alpine

* Use alpine as base image

* Remove rvm, use alpine's ruby version

* Update OWASP dependency checker to 5.3.0
---
 Dockerfile             | 106 +++++++++++++++++------------------------
 Dockerfile.alpine      |  94 ------------------------------------
 scripts/findsecbugs.sh |   5 --
 3 files changed, 44 insertions(+), 161 deletions(-)
 delete mode 100644 Dockerfile.alpine
 delete mode 100755 scripts/findsecbugs.sh

diff --git a/Dockerfile b/Dockerfile
index d500cbab..32676426 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,90 +1,72 @@
-FROM centos:7
-LABEL maintainer="felix.hammerl@gmail.com"
+FROM ekidd/rust-musl-builder AS cargo-audit-build
 
-RUN yum -y -q update
-RUN yum -y -q remove iputils
-RUN yum -y -q install ca-certificates
-RUN yum -y -q install http://rpms.remirepo.net/enterprise/remi-release-7.rpm
-RUN yum-config-manager -y -q --enable remi-php72
-RUN yum -y -q install wget epel-release openssl openssl-devel tar unzip \
-			  libffi-devel python-devel redhat-rpm-config git-core \
-			  gcc gcc-c++ make zlib-devel pcre-devel \
-        java-1.8.0-openjdk.x86_64 which \
-        php php-cli \
-        maven
+RUN cargo install cargo cargo-audit --root /home/rust && \
+    strip /home/rust/bin/cargo /home/rust/bin/cargo-audit
 
-ENV PATH /usr/local/rvm/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH
+FROM alpine:3.10
 
-ENV NODE_VERSION=10.16.0
-RUN curl --silent --location https://rpm.nodesource.com/setup_10.x | bash -
-RUN yum -y install nodejs-${NODE_VERSION}
+ENV FINDSECBUGS_VERSION=1.10.1
+ENV OWASP_VERSION=5.3.0
 
-RUN node --version && \
-    npm --version
-
-RUN curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | tee /etc/yum.repos.d/yarn.repo
-RUN yum -y -q update
-RUN yum -y -q install yarn
+ARG FINDSECBUGS_FOLDER=/usr/local/opt/findsecbugs
+ARG OWASP_DEP_FOLDER=/usr/local/bin/owaspdependency
 
-RUN yum -y -q clean all
+RUN apk update  && \
+    apk add --no-cache bash && \
+    bash --login
+RUN apk add --no-cache \
+            ca-certificates \
+            nodejs \
+            npm \
+            yarn \
+            openjdk8 \
+            maven \
+            python \
+            py2-pip \
+            perl \
+            git \
+            php7 \
+            php7-cli \
+            curl \
+            ruby
 
-RUN curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"
-RUN python get-pip.py
 RUN pip install safety==1.8.4 piprot==0.9.10 bandit==1.5.1
 
-ENV RUBY_VERSION=2.6.3
-RUN curl -sSL https://rvm.io/mpapis.asc | gpg --import - && \
-    curl -sSL https://rvm.io/pkuczynski.asc | gpg2 --import - && \
-    curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer     -o rvm-installer && \
-    curl -sSL https://raw.githubusercontent.com/rvm/rvm/stable/binscripts/rvm-installer.asc -o rvm-installer.asc && \
-    gpg2 --verify rvm-installer.asc rvm-installer && \
-    bash rvm-installer
-RUN echo 'source /etc/profile.d/rvm.sh' >> /etc/profile && \
-    /bin/bash -l -c "rvm requirements;" && \
-    rvm install ${RUBY_VERSION}
-RUN /bin/bash -l -c "rvm use --default ${RUBY_VERSION}"
-ENV PATH "/usr/local/rvm/gems/ruby-${RUBY_VERSION}/bin/:$PATH"
-RUN /bin/bash -l -c "gem install bundler:2.0.1 bundler-audit:0.6.1 brakeman:4.5.1"
-RUN /bin/bash -l -c "bundle audit update"
+RUN { \
+        echo 'install: --no-document'; \
+        echo 'update: --no-document'; \
+    } >> /etc/gemrc && \
+    gem install bundler:2.0.1 bundler-audit:0.6.1 brakeman:4.5.1 && \
+    bundle audit update
 
-ENV FINDSECBUGS_VERSION=1.8.0
-ARG FINDSECBUGS_FOLDER=/usr/local/opt/findsecbugs
 RUN mkdir -p ${FINDSECBUGS_FOLDER} && cd ${FINDSECBUGS_FOLDER} && \
     wget --quiet https://github.com/find-sec-bugs/find-sec-bugs/releases/download/version-${FINDSECBUGS_VERSION}/findsecbugs-cli-${FINDSECBUGS_VERSION}.zip && \
-    unzip -q findsecbugs-cli-${FINDSECBUGS_VERSION}.zip && \
-    rm findsecbugs.sh
-COPY scripts/findsecbugs.sh ${FINDSECBUGS_FOLDER}/findsecbugs.sh
-RUN chmod +x ${FINDSECBUGS_FOLDER}/findsecbugs.sh && \
+    unzip findsecbugs-cli-${FINDSECBUGS_VERSION}.zip && \
+    rm findsecbugs-cli-${FINDSECBUGS_VERSION}.zip && \
+    chmod +x ${FINDSECBUGS_FOLDER}/findsecbugs.sh && \
     ln -s ${FINDSECBUGS_FOLDER}/findsecbugs.sh /usr/local/bin/findsecbugs
 
-ENV OWASP_VERSION=5.0.0
-ARG OWASP_DEP_FOLDER=/usr/local/bin/owaspdependency
 RUN mkdir $OWASP_DEP_FOLDER && cd $OWASP_DEP_FOLDER && \
     wget --quiet http://dl.bintray.com/jeremy-long/owasp/dependency-check-${OWASP_VERSION}-release.zip && \
     unzip -q dependency-check-${OWASP_VERSION}-release.zip && \
     chmod +x $OWASP_DEP_FOLDER/dependency-check/bin/dependency-check.sh && \
     rm dependency-check-${OWASP_VERSION}-release.zip && \
-    mv dependency-check/bin/dependency-check.sh dependency-check/bin/dependency-check
-ENV PATH=$OWASP_DEP_FOLDER/dependency-check/bin:$PATH
-RUN dependency-check --updateonly
+    mv dependency-check/bin/dependency-check.sh dependency-check/bin/dependency-check && \
+    $OWASP_DEP_FOLDER/dependency-check/bin/dependency-check --updateonly
+ENV PATH $OWASP_DEP_FOLDER/dependency-check/bin:$PATH
 
 RUN cd /usr/local/bin && \
     wget --quiet https://get.sensiolabs.org/security-checker.phar && \
     chmod +x security-checker.phar
 
-ENV RUSTUP_HOME=/usr/local/opt/rust
-ENV CARGO_HOME=$RUSTUP_HOME
-RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-ENV PATH=$CARGO_HOME/bin:$PATH
-RUN cargo install cargo-audit && \
-    rustc --version && cargo --version && cargo audit --version
+COPY --from=cargo-audit-build /home/rust/bin/ /usr/local/bin/
 
-RUN mkdir -p /hawkeye
-COPY ./ /hawkeye
-RUN cd /hawkeye && \
-    npm install --production --quiet
+WORKDIR /hawkeye
+COPY . .
+RUN npm install --production --quiet && \
+    rm -rf /var/cache/apk/*
 
 WORKDIR /target
+ENV PATH /hawkeye/bin:$PATH
 
-ENV PATH=/hawkeye/bin:$PATH
 ENTRYPOINT ["hawkeye", "scan"]
diff --git a/Dockerfile.alpine b/Dockerfile.alpine
deleted file mode 100644
index 8936c261..00000000
--- a/Dockerfile.alpine
+++ /dev/null
@@ -1,94 +0,0 @@
-FROM ekidd/rust-musl-builder AS cargo-audit-build
-
-RUN cargo install cargo cargo-audit --root /home/rust && \
-    strip /home/rust/bin/cargo /home/rust/bin/cargo-audit
-
-FROM alpine:3.10
-
-ENV RUBY_VERSION=2.6.3
-ENV FINDSECBUGS_VERSION=1.10.1
-ENV OWASP_VERSION=5.2.4
-
-ARG FINDSECBUGS_FOLDER=/usr/local/opt/findsecbugs
-ARG OWASP_DEP_FOLDER=/usr/local/bin/owaspdependency
-
-RUN apk update  && \
-    apk add --no-cache bash && \
-    bash --login
-RUN apk add --no-cache \
-            ca-certificates \
-            nodejs \
-            npm \
-            yarn \
-            openjdk8 \
-            maven \
-            python \
-            py2-pip \
-            perl \
-            git \
-            php7 \ 
-            php7-cli \
-            curl
-
-RUN { \
-        echo 'install: --no-document'; \
-        echo 'update: --no-document'; \
-    } >> /etc/gemrc
-
-RUN pip install safety==1.8.4 piprot==0.9.10 bandit==1.5.1
-
-RUN curl -sSL https://github.com/rvm/rvm/tarball/stable -o rvm-stable.tar.gz && \
-    echo 'export rvm_prefix="$HOME"' > /root/.rvmrc && \
-    echo 'export rvm_path="$HOME/.rvm"' >> /root/.rvmrc && \
-    mkdir rvm && cd rvm && \
-    tar --strip-components=1 -xzf ../rvm-stable.tar.gz && \
-    ./install --auto-dotfiles --autolibs=0 && \
-    source ~/.rvm/scripts/rvm && \
-    /bin/bash -l -c "rvm requirements" && \
-    /bin/bash -l -c "rvm autolibs 4" && \
-    yes | /bin/bash -l -c "rvm install ${RUBY_VERSION}" && \
-    /bin/bash -l -c "gem install bundler:2.0.1 bundler-audit:0.6.1 brakeman:4.5.1" && \
-    /bin/bash -l -c "bundle audit update"
-
-RUN mkdir -p ${FINDSECBUGS_FOLDER} && cd ${FINDSECBUGS_FOLDER} && \
-    wget --quiet https://github.com/find-sec-bugs/find-sec-bugs/releases/download/version-${FINDSECBUGS_VERSION}/findsecbugs-cli-${FINDSECBUGS_VERSION}.zip && \
-    unzip -q findsecbugs-cli-${FINDSECBUGS_VERSION}.zip && \
-    rm findsecbugs.sh && \
-    curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-
-ENV PATH $HOME/.cargo/bin:$PATH
-
-COPY scripts/findsecbugs.sh ${FINDSECBUGS_FOLDER}/findsecbugs.sh
-
-COPY --from=cargo-audit-build /home/rust/bin/cargo-audit /usr/local/bin/
-
-RUN chmod +x ${FINDSECBUGS_FOLDER}/findsecbugs.sh && \
-    ln -s ${FINDSECBUGS_FOLDER}/findsecbugs.sh /usr/local/bin/findsecbugs
-
-RUN mkdir $OWASP_DEP_FOLDER && cd $OWASP_DEP_FOLDER && \
-    wget --quiet http://dl.bintray.com/jeremy-long/owasp/dependency-check-${OWASP_VERSION}-release.zip && \
-    unzip -q dependency-check-${OWASP_VERSION}-release.zip && \
-    chmod +x $OWASP_DEP_FOLDER/dependency-check/bin/dependency-check.sh && \
-    rm dependency-check-${OWASP_VERSION}-release.zip && \
-    mv dependency-check/bin/dependency-check.sh dependency-check/bin/dependency-check
-
-RUN cd /usr/local/bin && \
-    wget --quiet https://get.sensiolabs.org/security-checker.phar && \
-    chmod +x security-checker.phar
-
-RUN source $HOME/.cargo/env && \
-    rustc --version && \
-    cargo --version && \
-    cargo-audit --help
-
-WORKDIR /hawkeye
-COPY . .
-RUN npm install --production --quiet && \
-    rm -rf /var/cache/apk/*
-
-WORKDIR /target
-ENV PATH /hawkeye/bin:$OWASP_DEP_FOLDER/dependency-check/bin:$PATH:/root/.rvm/rubies/ruby-2.6.3/bin
-
-RUN dependency-check --updateonly
-
-ENTRYPOINT ["hawkeye", "scan"]
diff --git a/scripts/findsecbugs.sh b/scripts/findsecbugs.sh
deleted file mode 100755
index e8298507..00000000
--- a/scripts/findsecbugs.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-
-cd $(dirname $(readlink `[[ $OSTYPE == linux* ]] && echo "-f"` $0))
-
-java -cp lib/\* edu.umd.cs.findbugs.LaunchAppropriateUI -quiet -pluginList lib/findsecbugs-plugin-1.8.0.jar -include include.xml $@