Merge pull request #906 from shankari/fix_vulnerabilities

🔥 remove dependencies, upgrade the base image and remove unused auth methods

.docker/docker_start_script.sh

@@ -7,9 +7,9 @@
 echo ${DB_HOST}
 if [ -z ${DB_HOST} ] ; then
     local_host=`hostname -i`
-    sed "s_localhost_${local_host}_" conf/storage/db.conf.sample > conf/storage/db.conf
+    jq --arg db_host "$local_host" '.timeseries.url = $db_host' conf/storage/db.conf.sample > conf/storage/db.conf
 else
-    sed "s_localhost_${DB_HOST}_" conf/storage/db.conf.sample > conf/storage/db.conf
+    jq --arg db_host "$DB_HOST" '.timeseries.url = $db_host' conf/storage/db.conf.sample > conf/storage/db.conf
 fi
 cat conf/storage/db.conf
 
@@ -38,4 +38,4 @@ fi
 source setup/activate.sh
 
 # launch the webapp
-./e-mission-py.bash emission/net/api/cfc_webapp.py
+./e-mission-py.bash emission/net/api/cfc_webapp.py

.github/workflows/image_build_push.yml

@@ -6,7 +6,7 @@ name: docker image
 # events but only for the master branch
 on:
   push:
-    branches: [ master, gis-based-mode-detection, join_redirect_to_static ]
+    branches: [ master, gis-based-mode-detection ]
 
 
 # Env variable

Dockerfile

@@ -1,32 +1,29 @@
 # python 3
-FROM ubuntu:focal
+FROM ubuntu:jammy
 
 MAINTAINER K. Shankari (shankari@eecs.berkeley.edu)
 
 WORKDIR /usr/src/app
 
-RUN apt-get update
-RUN apt-get install -y curl
-RUN apt-get install -y git
+RUN apt-get -y -qq update
+RUN apt-get install -y -qq curl
+RUN apt-get install -y -qq wget
+# RUN apt-get install -y git
 
 # install nano and vim for editing
-RUN apt-get -y install nano vim
+# RUN apt-get -y install nano vim
+
+# install jq to parse json within bash scripts
+RUN curl -o /usr/local/bin/jq http://stedolan.github.io/jq/download/linux64/jq && \
+  chmod +x /usr/local/bin/jq
 
 # cleanup
 RUN apt-get -y remove --purge build-essential
 RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 COPY . .
 
-# ARG SERVER_REPO
-# ENV SERVER_REPO=${SERVER_REPO:-https://github.com/e-mission/e-mission-server.git}
-
-# ARG SERVER_BRANCH
-# ENV SERVER_BRANCH=${SERVER_BRANCH:-master}
-
-# ADD clone_server.sh /clone_server.sh
 RUN chmod u+x ./.docker/setup_config.sh
-# ADD index.html /index.html
 
 # # This clone puts the server code into the image, not the container
 RUN bash -c "./.docker/setup_config.sh"
@@ -41,4 +38,4 @@ RUN chmod u+x ./.docker/docker_start_script.sh
 
 EXPOSE 8080
 
-CMD ["/bin/bash", "./.docker/docker_start_script.sh"]
+CMD ["/bin/bash", "./.docker/docker_start_script.sh"]

emission/net/auth/auth.py

@@ -20,14 +20,6 @@ def getAuthMethod(methodName):
             import emission.net.auth.secret as enar
             logging.debug("methodName = secret, returning %s" % enar.SecretMethod)
             return enar.SecretMethod()
-        elif methodName == "openid_auth":
-            import emission.net.auth.openid_auth as enao
-            logging.debug("methodName = openid_auth, returning %s" % enao.OpenIDAuthMethod)
-            return enao.OpenIDAuthMethod()
-        elif methodName == "google_auth":
-            import emission.net.auth.google_auth as enag
-            logging.debug("methodName = google_auth, returning %s" % enag.GoogleAuthMethod)
-            return enag.GoogleAuthMethod()
         elif methodName == "token_list":
             import emission.net.auth.token_list as enat
             logging.debug("methodName = token_list, returning %s" % enat.TokenListMethod)

setup/environment36.yml

@@ -8,7 +8,6 @@ dependencies:
 - cheroot=9.0.0
 - future=0.18.3
 - geojson=2.5.0
-- google-auth=2.16.0
 - jsonpickle=3.0.0
 - numpy=1.24.2
 - pandas=1.5.3