From 80b995cfe30e6996eb325efb68aa74d6c3ee30c6 Mon Sep 17 00:00:00 2001
From: waynedunican <wayne.dunican@est.tech>
Date: Wed, 30 Apr 2025 15:49:22 +0100
Subject: [PATCH] Fix CVEs

Add steps to remove pip and setuptools to fix CVEs flagged by these packages

Issue-ID: POLICY-5350
Change-Id: I0cc71be5207642467a5349ec1246d9d278712e53
Signed-off-by: waynedunican <wayne.dunican@est.tech>
---
 .../src/main/docker/AcmRuntime.Dockerfile                  | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/packages/policy-clamp-docker/src/main/docker/AcmRuntime.Dockerfile b/packages/policy-clamp-docker/src/main/docker/AcmRuntime.Dockerfile
index eb8a8e74f..de85d3f09 100644
--- a/packages/policy-clamp-docker/src/main/docker/AcmRuntime.Dockerfile
+++ b/packages/policy-clamp-docker/src/main/docker/AcmRuntime.Dockerfile
@@ -50,6 +50,20 @@ WORKDIR $POLICY_HOME
 COPY --chown=policy:policy acm-runtime.sh bin/
 COPY --chown=policy:policy /maven/policy-clamp-runtime-acm.jar /app/app.jar
 
+RUN if python -c "import setuptools" 2>/dev/null; then \
+      pip uninstall -y setuptools; \
+    else \
+      echo "setuptools not installed, skipping uninstall."; \
+    fi
+
+RUN if python3 -c "import pip" 2>/dev/null; then \
+      python3 -m pip uninstall -y pip; \
+      echo "pip uninstalled."; \
+    else \
+      echo "pip not installed, skipping uninstall."; \
+    fi && \
+    rm -rf /usr/bin/pip* /usr/local/bin/pip*
+
 RUN chmod 755 bin/*.sh
 
 EXPOSE 6969
-- 
2.16.6