Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(chore) Disable redirects in wget and curl commands #2998

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

asalan316
Copy link
Contributor

When using wget and curl in Dockerfile, the usage of HTTPS is not enforced. This might lead to redirect to vulnerable/insecure websites via HTTP traffic

Fix

Enforce HTTPs and disabling redirects.

Reported by SonarQube

@asalan316 asalan316 changed the title fix for security-vulnerability->disable redirect in wget and curl fix(chore) Disable redirects in wget and curl commands Jun 7, 2024
@asalan316 asalan316 added the allow-acceptance-tests This label needs to be added to enable the acceptance tests to run. label Jun 7, 2024
@asalan316 asalan316 force-pushed the chore-remove-wget-vulnerabilites branch 2 times, most recently from 6a389e5 to 93b62a5 Compare June 7, 2024 15:04
@@ -64,22 +64,22 @@ RUN apt-get update && \
# Install bosh_cli
# renovate: datasource=github-releases depName=bosh-cli lookupName=cloudfoundry/bosh-cli
ARG BOSH_VERSION=7.5.7
RUN wget -q https://github.com/cloudfoundry/bosh-cli/releases/download/v${BOSH_VERSION}/bosh-cli-${BOSH_VERSION}-linux-amd64 && \
RUN wget --secure-protocol=TLSv1_2 --max-redirect=1 -q https://github.com/cloudfoundry/bosh-cli/releases/download/v${BOSH_VERSION}/bosh-cli-${BOSH_VERSION}-linux-amd64 && \
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

allow max 1 redirect as cloudfoundry cli available on objects.githubusercontent.com

@asalan316 asalan316 force-pushed the chore-remove-wget-vulnerabilites branch 3 times, most recently from 5a04ebc to 9deea1d Compare June 7, 2024 15:43
@asalan316 asalan316 force-pushed the chore-remove-wget-vulnerabilites branch from 9deea1d to bf32048 Compare June 7, 2024 16:21
Copy link

sonarcloud bot commented Jun 7, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@asalan316 asalan316 marked this pull request as draft June 7, 2024 16:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
allow-acceptance-tests This label needs to be added to enable the acceptance tests to run.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant