Fix CVEs

Add steps to remove pip and setuptools to fix CVEs flagged by these packages

Issue-ID: POLICY-5350
Change-Id: I0cc71be5207642467a5349ec1246d9d278712e53
Signed-off-by: waynedunican <wayne.dunican@est.tech>

diff --git a/packages/policy-clamp-docker/src/main/docker/AcmRuntime.Dockerfile b/packages/policy-clamp-docker/src/main/docker/AcmRuntime.Dockerfile
index eb8a8e7..de85d3f 100644 (file)
--- a/packages/policy-clamp-docker/src/main/docker/AcmRuntime.Dockerfile
+++ b/packages/policy-clamp-docker/src/main/docker/AcmRuntime.Dockerfile
@@ -50,6 +50,20 @@ WORKDIR $POLICY_HOME
 COPY --chown=policy:policy acm-runtime.sh bin/
 COPY --chown=policy:policy /maven/policy-clamp-runtime-acm.jar /app/app.jar
 
+RUN if python -c "import setuptools" 2>/dev/null; then \
+      pip uninstall -y setuptools; \
+    else \
+      echo "setuptools not installed, skipping uninstall."; \
+    fi
+
+RUN if python3 -c "import pip" 2>/dev/null; then \
+      python3 -m pip uninstall -y pip; \
+      echo "pip uninstalled."; \
+    else \
+      echo "pip not installed, skipping uninstall."; \
+    fi && \
+    rm -rf /usr/bin/pip* /usr/local/bin/pip*
+
 RUN chmod 755 bin/*.sh
 
 EXPOSE 6969