github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #103960 from seans3/security-vulnerability-fix

Browse Source 
Fixes (temporarily) curl piped to shell security vulnerability
This commit is contained in:
Kubernetes Prow Robot 2021-07-28 10:27:35 -07:00 committed by GitHub
commit 84451a9c64
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
staging/src/k8s.io/kubectl/docs/book/Dockerfile
View File

@ -12,16 +12,26 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
FROM python:3.7 ###############################################################
#
# Security vulnerability: curl piped to shell
#
# This code is currently not being run, and it is temporarily
# commented out until we can decide on a future for the
# "kubectl book". Sean Sullivan (seans3), 2021-07-27
#
###############################################################
EXPOSE 4000 # FROM python:3.7
RUN curl -sL https://deb.nodesource.com/setup_11.x | bash
RUN apt-get update && apt-get install -y nodejs npm && apt-get clean; # EXPOSE 4000
RUN npm install gitbook-cli -g # RUN curl -sL https://deb.nodesource.com/setup_11.x | bash
WORKDIR /opt/book/ # RUN apt-get update && apt-get install -y nodejs npm && apt-get clean;
COPY . /opt/book/ # RUN npm install gitbook-cli -g
RUN npm install
CMD ["gitbook", "serve"] # WORKDIR /opt/book/
# COPY . /opt/book/
# RUN npm install
# CMD ["gitbook", "serve"]