Fixing vulnerabilities for source-salesforce - Premium support (#28021)

* Attempt #2 for source-salesforce vulnerabilites fixes CVE-2022-40897 https://security-tracker.debian.org/tracker/CVE-2023-29383 https://security-tracker.debian.org/tracker/CVE-2023-31484 https://security-tracker.debian.org/tracker/CVE-2016-2781 * Changes requested during PR.
airbytehq · Jul 7, 2023 · f2b48d0 · f2b48d0
1 parent 1d42821
commit f2b48d0
Show file tree

Hide file tree

Showing 3 changed files with 101 additions and 79 deletions.
diff --git a/airbyte-integrations/connectors/source-salesforce/Dockerfile b/airbyte-integrations/connectors/source-salesforce/Dockerfile
@@ -1,17 +1,38 @@
-FROM python:3.9-slim
+# Using alpine to remove several vulnerabilities frm slim image
+# https://security-tracker.debian.org/tracker/CVE-2023-29383
+# https://security-tracker.debian.org/tracker/CVE-2023-31484
+# https://security-tracker.debian.org/tracker/CVE-2016-2781
+FROM python:3.9-alpine3.18
+
+
+RUN apk add --update --no-cache \
+    build-base \
+    openssl-dev \
+    libffi-dev \
+    zlib-dev \
+    bzip2-dev
 
-# Bash is installed for more convenient debugging.
-RUN apt-get update && apt-get install -y bash && rm -rf /var/lib/apt/lists/*
 
 ENV AIRBYTE_ENTRYPOINT "python /airbyte/integration_code/main.py"
 
 WORKDIR /airbyte/integration_code
 COPY source_salesforce ./source_salesforce
 COPY setup.py ./
 COPY main.py ./
-RUN pip install .
+
+# Fixing https://nvd.nist.gov/vuln/detail/CVE-2022-40897
+# calling this twice as one upgrades the system pip /usr/local/bin/pip the
+# seconf time upgrades the under for the venv /opt/.venv/bin/pip
+RUN pip install --upgrade pip setuptools wheel && \
+    pip install .
+RUN pip install --upgrade pip setuptools
+
+# add default timezone settings
+ENV TZ UTC
+RUN cp /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
 
 ENTRYPOINT ["python", "/airbyte/integration_code/main.py"]
 
-LABEL io.airbyte.version=2.1.0
+LABEL io.airbyte.version=2.1.1
 LABEL io.airbyte.name=airbyte/source-salesforce
diff --git a/airbyte-integrations/connectors/source-salesforce/metadata.yaml b/airbyte-integrations/connectors/source-salesforce/metadata.yaml
@@ -5,7 +5,7 @@ data:
   connectorSubtype: api
   connectorType: source
   definitionId: b117307c-14b6-41aa-9422-947e34922962
-  dockerImageTag: 2.1.0
+  dockerImageTag: 2.1.1
   dockerRepository: airbyte/source-salesforce
   githubIssueLabel: source-salesforce
   icon: salesforce.svg