Skip to content

Commit 27e10e9

Browse files
gopal-raj-sureshgopal-raj-suresh
committed
Fix SDLE security vulnerabilities: CWE-295 and container root user issues
Signed-off-by: gopal-raj-suresh <gopal.raj.dummugudupu@cloud2labs.com>
1 parent 98dd26c commit 27e10e9

3 files changed

Lines changed: 9 additions & 1 deletion

File tree

sample_solutions/MultiAgentQnA/api/Dockerfile

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,10 @@ RUN pip install --no-cache-dir -r requirements.txt
1212
# Copy the rest of the application files into the container
1313
COPY . .
1414

15+
RUN groupadd -r appuser && useradd -r -g appuser appuser
16+
RUN chown -R appuser:appuser /app
17+
USER appuser
18+
1519
# Expose the port the service runs on
1620
EXPOSE 5001
1721

sample_solutions/MultiAgentQnA/api/services/api_client.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ def __init__(self):
2121
self.embedding_base_url = config.EMBEDDING_API_ENDPOINT
2222
self.inference_base_url = config.INFERENCE_API_ENDPOINT
2323
self.token = config.INFERENCE_API_TOKEN
24-
self.http_client = httpx.Client(verify=False)
24+
self.http_client = httpx.Client()
2525
logger.info(f"✓ API Client initialized - Embedding: {self.embedding_base_url}, Inference: {self.inference_base_url}")
2626

2727
def get_embedding_client(self):

sample_solutions/MultiAgentQnA/ui/Dockerfile

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,10 @@ RUN npm install
1212
# Copy the rest of the application files
1313
COPY . .
1414

15+
RUN groupadd -r nodeuser && useradd -r -g nodeuser nodeuser
16+
RUN chown -R nodeuser:nodeuser /app
17+
USER nodeuser
18+
1519
# Expose the port the app runs on
1620
EXPOSE 3000
1721

0 commit comments

Comments
 (0)