From: waynedunican <wayne.dunican@est.tech>
Date: Wed, 30 Apr 2025 14:49:22 +0000 (+0100)
Subject: Fix CVEs
X-Git-Tag: 8.2.0~14^2
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=80b995cfe30e6996eb325efb68aa74d6c3ee30c6;p=policy%2Fclamp.git

Fix CVEs

Add steps to remove pip and setuptools to fix CVEs flagged by these packages

Issue-ID: POLICY-5350
Change-Id: I0cc71be5207642467a5349ec1246d9d278712e53
Signed-off-by: waynedunican <wayne.dunican@est.tech>
---

diff --git a/packages/policy-clamp-docker/src/main/docker/AcmRuntime.Dockerfile b/packages/policy-clamp-docker/src/main/docker/AcmRuntime.Dockerfile
index eb8a8e74f..de85d3f09 100644
--- a/packages/policy-clamp-docker/src/main/docker/AcmRuntime.Dockerfile
+++ b/packages/policy-clamp-docker/src/main/docker/AcmRuntime.Dockerfile
@@ -50,6 +50,20 @@ WORKDIR $POLICY_HOME
 COPY --chown=policy:policy acm-runtime.sh bin/
 COPY --chown=policy:policy /maven/policy-clamp-runtime-acm.jar /app/app.jar
 
+RUN if python -c "import setuptools" 2>/dev/null; then \
+      pip uninstall -y setuptools; \
+    else \
+      echo "setuptools not installed, skipping uninstall."; \
+    fi
+
+RUN if python3 -c "import pip" 2>/dev/null; then \
+      python3 -m pip uninstall -y pip; \
+      echo "pip uninstalled."; \
+    else \
+      echo "pip not installed, skipping uninstall."; \
+    fi && \
+    rm -rf /usr/bin/pip* /usr/local/bin/pip*
+
 RUN chmod 755 bin/*.sh
 
 EXPOSE 6969