From 2ba4fecd0676feffccf3150a013fcf96912376dd Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 7 Apr 2026 12:51:56 +0000 Subject: [PATCH 1/4] Initial plan From 2f2e11c6c2254c1bace6819c0f5efda9b161734b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 7 Apr 2026 12:52:43 +0000 Subject: [PATCH 2/4] Add non-root USER to Dockerfile to fix security hazard Agent-Logs-Url: https://github.com/TransactionProcessing/TransactionProcessor/sessions/9d8c4a92-e07c-4d8f-aa76-c5ffc531a75c Co-authored-by: StuartFerguson <16325469+StuartFerguson@users.noreply.github.com> --- TransactionProcessor/Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/TransactionProcessor/Dockerfile b/TransactionProcessor/Dockerfile index 368cf3cc..aa302428 100644 --- a/TransactionProcessor/Dockerfile +++ b/TransactionProcessor/Dockerfile @@ -25,4 +25,6 @@ RUN dotnet publish "TransactionProcessor.csproj" -c Release -o /app/publish FROM base AS final WORKDIR /app COPY --from=publish /app/publish . +RUN addgroup --system txnproc && adduser --system --ingroup txnproc txnproc +USER txnproc ENTRYPOINT ["dotnet", "TransactionProcessor.dll"] \ No newline at end of file From 29f4d0f3a48f92d59a7b7350a218a795fc1f3df8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 7 Apr 2026 13:32:55 +0000 Subject: [PATCH 3/4] Update Dockerfile to use appuser pattern consistent with other repos Agent-Logs-Url: https://github.com/TransactionProcessing/TransactionProcessor/sessions/c9ea5c84-2336-42ff-b4d8-10fa3a30cbec Co-authored-by: StuartFerguson <16325469+StuartFerguson@users.noreply.github.com> --- TransactionProcessor/Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/TransactionProcessor/Dockerfile b/TransactionProcessor/Dockerfile index aa302428..4324cfa0 100644 --- a/TransactionProcessor/Dockerfile +++ b/TransactionProcessor/Dockerfile @@ -24,7 +24,8 @@ RUN dotnet publish "TransactionProcessor.csproj" -c Release -o /app/publish FROM base AS final WORKDIR /app -COPY --from=publish /app/publish . -RUN addgroup --system txnproc && adduser --system --ingroup txnproc txnproc -USER txnproc +RUN groupadd --gid 10001 appuser \ + && useradd --uid 10001 --gid appuser --shell /usr/sbin/nologin appuser +COPY --from=publish --chown=appuser:appuser /app/publish . +USER appuser ENTRYPOINT ["dotnet", "TransactionProcessor.dll"] \ No newline at end of file From 9d4d7a9db54958cad8379797c0c494634ebd9ffb Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 7 Apr 2026 14:50:14 +0000 Subject: [PATCH 4/4] Fix Dockerfile: create /home/txnproc dirs with appuser ownership to allow startup Agent-Logs-Url: https://github.com/TransactionProcessing/TransactionProcessor/sessions/fac6abcc-24c7-486d-989e-e1a7033d129d Co-authored-by: StuartFerguson <16325469+StuartFerguson@users.noreply.github.com> --- TransactionProcessor/Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/TransactionProcessor/Dockerfile b/TransactionProcessor/Dockerfile index 4324cfa0..32be3300 100644 --- a/TransactionProcessor/Dockerfile +++ b/TransactionProcessor/Dockerfile @@ -25,7 +25,9 @@ RUN dotnet publish "TransactionProcessor.csproj" -c Release -o /app/publish FROM base AS final WORKDIR /app RUN groupadd --gid 10001 appuser \ - && useradd --uid 10001 --gid appuser --shell /usr/sbin/nologin appuser + && useradd --uid 10001 --gid appuser --shell /usr/sbin/nologin appuser \ + && mkdir -p /home/txnproc/statements/outbound \ + && chown -R appuser:appuser /home/txnproc COPY --from=publish --chown=appuser:appuser /app/publish . USER appuser ENTRYPOINT ["dotnet", "TransactionProcessor.dll"] \ No newline at end of file