summary |
shortlog |
log |
commit | commitdiff |
review |
tree
raw |
patch |
inline | side by side (from parent 1:
09fcafb)
Remove JndiLookup.class to remediate log4shell vulnerability
Issue-ID: CCSDK-3556
Signed-off-by: Dan Timoney <dtimoney@att.com>
Change-Id: Iadfd1f01bd7949a1a60d67bb9dca121024adaeb8
Former-commit-id:
a2dd8e00057c772e57d8ddf4af15c8e942f66247
# Base ubuntu with added packages needed for open ecomp
FROM onap/ccsdk-alpine-j11-image:${ccsdk.docker.version} AS stage0
# Base ubuntu with added packages needed for open ecomp
FROM onap/ccsdk-alpine-j11-image:${ccsdk.docker.version} AS stage0
ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
# copy deliverables to opt
COPY opt /opt
ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
# copy deliverables to opt
COPY opt /opt
+# Remediate log4shell vuln
+RUN apk add zip
+RUN zip -q -d /opt/onap/sdnc/dmaap-listener/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
+
# End of stage 0
FROM onap/ccsdk-alpine-j11-image:${ccsdk.docker.version}
# End of stage 0
FROM onap/ccsdk-alpine-j11-image:${ccsdk.docker.version}
# Create sdnc user
RUN addgroup -S sdnc && adduser -S sdnc -G sdnc
# Create sdnc user
RUN addgroup -S sdnc && adduser -S sdnc -G sdnc
# Copy /opt and change owner/group to sdnc
COPY --from=stage0 --chown=sdnc:sdnc /opt /opt
# Copy /opt and change owner/group to sdnc
COPY --from=stage0 --chown=sdnc:sdnc /opt /opt
USER sdnc
\ No newline at end of file
USER sdnc
\ No newline at end of file
RUN find /opt/opendaylight -name "*features*.xml" -exec sed -i -e 's|4.0.1|3.1.0|g' {} \;
# Short term fix ends
RUN find /opt/opendaylight -name "*features*.xml" -exec sed -i -e 's|4.0.1|3.1.0|g' {} \;
# Short term fix ends
+# Remediate log4shell vuln
+RUN apk add zip
+RUN find /opt/opendaylight/system/org/ops4j/pax/logging/pax-logging-log4j2 -name 'pax-logging-log4j2*.jar' -exec zip -q -d '{}' org/apache/logging/log4j/core/lookup/JndiLookup.class \;
+
+
# Changing ownership and permission of /opt
RUN chown -R odl:odl /opt && chmod -R 755 /opt
# Changing ownership and permission of /opt
RUN chown -R odl:odl /opt && chmod -R 755 /opt
## END OF STAGE0 ##
#################################################
## END OF STAGE0 ##
#################################################
# Base alpine with added packages needed for open ecomp
FROM onap/ccsdk-alpine-j11-image:${ccsdk.docker.version} AS stage0
# Base alpine with added packages needed for open ecomp
FROM onap/ccsdk-alpine-j11-image:${ccsdk.docker.version} AS stage0
ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
# copy deliverables to opt
COPY opt /opt
ENV SDNC_CONFIG_DIR /opt/onap/sdnc/data/properties
# copy deliverables to opt
COPY opt /opt
+# Remediate log4shell vuln
+RUN apk add zip
+RUN zip -q -d /opt/onap/sdnc/ueb-listener/lib/log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
+
+
+
# End of stage0
FROM onap/ccsdk-alpine-j11-image:${ccsdk.docker.version}
# End of stage0
FROM onap/ccsdk-alpine-j11-image:${ccsdk.docker.version}