我为什么从Gitlab收到了关于Dockerfile绝对路径WORKDIR漏洞的警告?

huangapple
go评论89阅读模式
英文:

Why am I getting absolute path WORKDIR dockerfile vulnerability warning from Gitlab?

问题

以下是已翻译的代码部分:

  1. 1   FROM {docker-image1}
  2. 2   HEALTHCHECK CMD curl --fail -s http://localhost:8080/liveliness || exit 1
  3. 3   WORKDIR /app
  4. 4
  5. 5   FROM {docker-image2} AS build
  6. 6   WORKDIR /app/src
  7. 7   COPY 【项目路径字符串1】, 【项目路径字符串2
  8. 8   RUN dotnet restore --runtime linux-x64 【项目路径字符串1
  9. 9   COPY . .
  10. 10  WORKDIR "/app/src/{目录名称}"
  11. 11  RUN dotnet build --runtime linux-x64 【项目名称】 -c Release -o /app/build
  12. 12
  13. 13  FROM build AS publish
  14. 14  RUN dotnet publish --runtime linux-x64 【项目名称】 -c Release -o /app/publish
  15. 15
  16. 16  FROM base AS final
  17. 17  WORKDIR /app
  18. 18  COPY --from=publish /app/publish .
  19. 19
  20. 20  ENTRYPOINT ["dotnet", "{项目名称}.dll"]
英文:

I have the following dockerfile for a project that is hosted with Kubernetes and Openshift and am getting a vulnerability warning from Gitlab that line 10 should use an absolute path instead of relative path for the sake of clarity and reliability. Is there something about a string path that dockerfile or Gitlab doesn't like? I am not getting the warnings for lines 3, 6, or 17. NOTE: I've replaced the docker image and project names below with placeholders surrounded by brackets.

  1. 1   FROM {docker-image1}
  2. 2   HEALTHCHECK CMD curl --fail -s http://localhost:8080/liveliness || exit 1
  3. 3   WORKDIR /app
  4. 4
  5. 5   FROM {docker-image2} AS build
  6. 6   WORKDIR /app/src
  7. 7   COPY ["{proj-path-string1}", "{proj-path-string2}"]
  8. 8   RUN dotnet restore --runtime linux-x64 "{proj-path-string1}"
  9. 9   COPY . .
  10. 10  WORKDIR "/app/src/{directory-name}"
  11. 11  RUN dotnet build --runtime linux-x64 "{project-name}" -c Release -o /app/build
  12. 12
  13. 13  FROM build AS publish
  14. 14  RUN dotnet publish --runtime linux-x64 "{project-name}" -c Release -o /app/publish
  15. 15
  16. 16  FROM base AS final
  17. 17  WORKDIR /app
  18. 18  COPY --from=publish /app/publish .
  19. 19
  20. 20  ENTRYPOINT ["dotnet", "{project-name}.dll"]```
  23. </details>
  26. # 答案1
  27. **得分**: 1
  29. Delete the quotes from that line, changing:
  31. ```WORKDIR &quot;/app/src/{directory-name}&quot;```
  33. To:
  35. ```WORKDIR /app/src/{directory-name}```
  37. <details>
  38. <summary>英文:</summary>
  40. Delete the quotes from that line, changing:

WORKDIR "/app/src/{directory-name}"

  2. To:

WORKDIR /app/src/{directory-name}

  2. </details>

huangapple
  • 本文由 发表于 2023年4月11日 05:18:09
  • 转载请务必保留本文链接:https://go.coder-hub.com/75980812.html
  • .net
  • docker
  • dockerfile
  • kubernetes
  • workdir
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定