updating image to improve security (#133)

* updating image to improve security
* need to use psycogp2-binary
* updating headers

Signed-off-by: vsoch <vsochat@stanford.edu>

CHANGELOG.md

@@ -15,6 +15,7 @@ Critical items to know are:
 
 
 ## [v3.x](https://github.com/expfactory/expfactory/tree/master) (master)
+ - update of base images to ubuntu 20.04 (3.18)
  - removing uneeded import of secure_filename (3.17)
  - adding black lint formatting (3.16)
  - pinning flask version to known working (3.15)

LICENSE

@@ -1,6 +1,6 @@
 BSD 3-Clause License
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

examples/docker/custom-container/Dockerfile

@@ -28,7 +28,7 @@ RUN cp expfactory/config_dummy.py expfactory/config.py && \
     chmod u+x /opt/expfactory/script/generate_key.sh && \
     /bin/bash /opt/expfactory/script/generate_key.sh /opt/expfactory/expfactory/config.py
 RUN python3 setup.py install
-RUN python3 -m pip install pyaml    pymysql psycopg2==2.7.5
+RUN python3 -m pip install pyaml    pymysql psycopg2-binary
 RUN apt-get clean          # tests, mysql,  postgres
 
 ########################################

expfactory/api.py

@@ -1,7 +1,7 @@
 """
 api.py: part of expfactory package
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/cli/__init__.py

@@ -3,7 +3,7 @@
 """
 client initialization: part of expfactory package
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/cli/build.py

@@ -1,6 +1,6 @@
 """
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 
 All rights reserved.
 

expfactory/cli/install.py

@@ -1,6 +1,6 @@
 """
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/cli/list.py

@@ -1,6 +1,6 @@
 """
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/cli/logs.py

@@ -1,6 +1,6 @@
 """
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/cli/main.py

@@ -1,6 +1,6 @@
 """
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/cli/users.py

@@ -1,6 +1,6 @@
 """
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/config_dummy.py

@@ -1,36 +1,3 @@
-"""
-
-Copyright (c) 2017-2020, Vanessa Sochat
-
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
-  this list of conditions and the following disclaimer in the documentation
-  and/or other materials provided with the distribution.
-
-* Neither the name of the copyright holder nor the names of its
-  contributors may be used to endorse or promote products derived from
-  this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-"""
-
 import os
 
 WTF_CSRF_ENABLED = True

expfactory/database/filesystem.py

@@ -1,6 +1,6 @@
 """
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/database/models.py

@@ -1,7 +1,7 @@
 """
 models.py: datanases for the expfactory package
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/database/relational.py

@@ -1,6 +1,6 @@
 """
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 
 All rights reserved.
 

expfactory/database/sqlite.py

@@ -1,6 +1,6 @@
 """
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 
 All rights reserved.
 

expfactory/defaults.py

@@ -10,7 +10,7 @@
        case that required = True. A required = True variable not found
        will system exit with an error.
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/experiment.py

@@ -1,7 +1,7 @@
 """
 experiment.py: part of expfactory package
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 
 All rights reserved.
 

expfactory/forms.py

@@ -1,7 +1,7 @@
 """
 views.py: part of expfactory package
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 
 All rights reserved.
 

expfactory/logger/message.py

@@ -2,7 +2,7 @@
 
 logger/message.py: Python logger base for expfactory
 
-Copyright (c) 2016-2020 Vanessa Sochat
+Copyright (c) 2016-2021 Vanessa Sochat
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

expfactory/logger/spinner.py

@@ -2,7 +2,7 @@
 
 logger/spinner.py: Simple spinner for logger
 
-Copyright (c) 2017-2020 Vanessa Sochat
+Copyright (c) 2017-2021 Vanessa Sochat
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

expfactory/server.py

@@ -1,6 +1,6 @@
 """
 
-Copyright (c) 2016-2020, Vanessa Sochat
+Copyright (c) 2016-2021, Vanessa Sochat
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

expfactory/templates/build/docker/Dockerfile.dev

@@ -29,7 +29,7 @@ RUN cp expfactory/config_dummy.py expfactory/config.py && \
     chmod u+x /opt/expfactory/script/generate_key.sh && \
     /bin/bash /opt/expfactory/script/generate_key.sh /opt/expfactory/expfactory/config.py
 RUN python3 setup.py install
-RUN python3 -m pip install pyaml    pymysql psycopg2==2.7.5
+RUN python3 -m pip install pyaml    pymysql psycopg2-binary
 RUN apt-get clean          # tests, mysql,  postgres
 
 ########################################

expfactory/templates/build/docker/Dockerfile.https

@@ -28,7 +28,7 @@ RUN cp expfactory/config_dummy.py expfactory/config.py && \
     chmod u+x /opt/expfactory/script/generate_key.sh && \
     /bin/bash /opt/expfactory/script/generate_key.sh /opt/expfactory/expfactory/config.py
 RUN python3 setup.py install
-RUN python3 -m pip install pyaml    pymysql psycopg2==2.7.5
+RUN python3 -m pip install pyaml    pymysql psycopg2-binary
 RUN apt-get clean          # tests, mysql,  postgres
 
 ########################################

expfactory/templates/build/docker/Dockerfile.template

@@ -28,7 +28,7 @@ RUN cp expfactory/config_dummy.py expfactory/config.py && \
     chmod u+x /opt/expfactory/script/generate_key.sh && \
     /bin/bash /opt/expfactory/script/generate_key.sh /opt/expfactory/expfactory/config.py
 RUN python3 setup.py install
-RUN python3 -m pip install pyaml    pymysql psycopg2==2.7.5
+RUN python3 -m pip install pyaml    pymysql psycopg2-binary
 RUN apt-get clean          # tests, mysql,  postgres
 
 ########################################

expfactory/templates/build/docker/builder-base/Dockerfile

@@ -1,14 +1,13 @@
-FROM ubuntu:18.04
+FROM ubuntu:20.04
 
 # docker build -t quay.io/vanessa/expfactory-builder:base .
 
+ENV DEBIAN_FRONTEND=noninteractive
 RUN apt-get update && apt-get install -y nginx \
                                          git \
                                          python3-pip \
                                          python3-dev \
-                                         python \
                                          libyaml-dev \
                                          libssl-dev \
-                                         python-dev \
                                          libffi-dev
 ENV DEBIAN_FRONTEND noninteractive

expfactory/templates/experiments/template.py

@@ -1,7 +1,7 @@
 '''
 dynamic_views.py: part of expfactory package
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/testing/test_client.py

@@ -3,7 +3,7 @@
 """
 Test experiments
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/testing/test_experiment.py

@@ -3,7 +3,7 @@
 """
 Test experiments
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/utils.py

@@ -1,7 +1,7 @@
 """
 utils.py: part of expfactory package
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 
 All rights reserved.
 

expfactory/validator/experiments.py

@@ -3,7 +3,7 @@
 validators/experiments.py: python functions to validate experiments and library
 experiment objects
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/validator/library.py

@@ -2,7 +2,7 @@
 
 validators/library.py: python functions to validate library
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021 Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/validator/runtime.py

@@ -2,7 +2,7 @@
 
 validators/runtime.py: python functions to validate deployments
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/validator/utils.py

@@ -2,7 +2,7 @@
 
 validators/utils.py: utility functions for validation objects
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/variables.py

@@ -1,6 +1,6 @@
 """
 
-Copyright (c) 2018-2020, Vanessa Sochat
+Copyright (c) 2018-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/version.py

@@ -1,6 +1,6 @@
 """
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -30,7 +30,7 @@
 
 """
 
-__version__ = "3.17"
+__version__ = "3.18"
 AUTHOR = "Vanessa Sochat"
 AUTHOR_EMAIL = "vsochat@stanford.edu"
 NAME = "expfactory"

expfactory/views/database.py

@@ -1,7 +1,7 @@
 """
 database.py: part of expfactory package
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/views/general.py

@@ -1,7 +1,7 @@
 """
 general.py: part of expfactory package
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/views/headless.py

@@ -1,7 +1,7 @@
 """
 headless.py: part of expfactory package
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/views/main.py

@@ -1,7 +1,7 @@
 """
 views.py: part of expfactory package
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without

expfactory/views/utils.py

@@ -1,7 +1,7 @@
 """
 views.py: part of expfactory package
 
-Copyright (c) 2017-2020, Vanessa Sochat
+Copyright (c) 2017-2021, Vanessa Sochat
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without