summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHerbert Eiselt <herbert.eiselt@highstreet-technologies.com>2021-12-16 12:34:10 +0000
committerGerrit Code Review <gerrit@onap.org>2021-12-16 12:34:10 +0000
commit48984c6121e6d97b9a3ac1ccf75b21d4ae516312 (patch)
tree6599d28ed5a81966933db954548e03df1a477ecf
parent65388f15b90ed88de1102db09a7fa17168e7d236 (diff)
parent3d0530cf0fdaf671799642a1cb82a199e5590433 (diff)
Merge "Remediate log4shell vulnerability"
Former-commit-id: e7b1362c4245896d4e82fe02f4ebfcf6cb7096f6
-rw-r--r--installation/dmaap-listener/src/main/docker/Dockerfile8
-rwxr-xr-xinstallation/sdnc/src/main/docker/Dockerfile7
-rw-r--r--installation/ueb-listener/src/main/docker/Dockerfile8
3 files changed, 20 insertions, 3 deletions
diff --git a/installation/dmaap-listener/src/main/docker/Dockerfile b/installation/dmaap-listener/src/main/docker/Dockerfile
index d3780e47..f6a034a8 100644
--- a/installation/dmaap-listener/src/main/docker/Dockerfile
+++ b/installation/dmaap-listener/src/main/docker/Dockerfile
@@ -1,11 +1,15 @@
# Base ubuntu with added packages needed for open ecomp
FROM onap/ccsdk-alpine-j11-image:${ccsdk.docker.version} AS stage0
-
+USER root
ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
# copy deliverables to opt
COPY opt /opt
+# Remediate log4shell vuln
+RUN apk add zip
+RUN zip -q -d /opt/onap/sdnc/dmaap-listener/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
+
# End of stage 0
FROM onap/ccsdk-alpine-j11-image:${ccsdk.docker.version}
@@ -19,8 +23,8 @@ USER root
# Create sdnc user
RUN addgroup -S sdnc && adduser -S sdnc -G sdnc
-
# Copy /opt and change owner/group to sdnc
COPY --from=stage0 --chown=sdnc:sdnc /opt /opt
+
USER sdnc \ No newline at end of file
diff --git a/installation/sdnc/src/main/docker/Dockerfile b/installation/sdnc/src/main/docker/Dockerfile
index 7bb3d23a..15a33d5a 100755
--- a/installation/sdnc/src/main/docker/Dockerfile
+++ b/installation/sdnc/src/main/docker/Dockerfile
@@ -60,9 +60,16 @@ RUN cp /opt/onap/sdnc/data/properties/svclogic-compiler.properties /opt/onap/sdn
RUN find /opt/opendaylight -name "*features*.xml" -exec sed -i -e 's|4.0.1|3.1.0|g' {} \;
# Short term fix ends
+# Remediate log4shell vuln
+RUN apk add zip
+RUN find /opt/opendaylight/system/org/ops4j/pax/logging/pax-logging-log4j2 -name 'pax-logging-log4j2*.jar' -exec zip -q -d '{}' org/apache/logging/log4j/core/lookup/JndiLookup.class \;
+
+
# Changing ownership and permission of /opt
RUN chown -R odl:odl /opt && chmod -R 755 /opt
+
+
## END OF STAGE0 ##
#################################################
diff --git a/installation/ueb-listener/src/main/docker/Dockerfile b/installation/ueb-listener/src/main/docker/Dockerfile
index 88d31e31..0df998be 100644
--- a/installation/ueb-listener/src/main/docker/Dockerfile
+++ b/installation/ueb-listener/src/main/docker/Dockerfile
@@ -1,12 +1,18 @@
# Base alpine with added packages needed for open ecomp
FROM onap/ccsdk-alpine-j11-image:${ccsdk.docker.version} AS stage0
-
+USER root
ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
# copy deliverables to opt
COPY opt /opt
+# Remediate log4shell vuln
+RUN apk add zip
+RUN zip -q -d /opt/onap/sdnc/ueb-listener/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
+
+
+
# End of stage0
FROM onap/ccsdk-alpine-j11-image:${ccsdk.docker.version}