Fix vulns for various Go images

Signed-off-by: Jauder Ho <jauderho@users.noreply.github.com>
jauderho · Apr 8, 2024 · 48f1680 · 48f1680
1 parent 878e9ae
commit 48f1680
Show file tree

Hide file tree

Showing 9 changed files with 17 additions and 2 deletions.
diff --git a/amass/Dockerfile b/amass/Dockerfile
@@ -14,6 +14,8 @@ RUN test -n "${BUILD_VERSION}" \
 	&& update-ca-certificates \
 	&& curl -L "${ARCHIVE_URL}${BUILD_VERSION}.tar.gz" -o /tmp/amass.tar.gz \
 	&& tar xzf /tmp/amass.tar.gz --strip 1 -C /go/src/github.com/owasp/amass \
+	&& go get -u github.com/jackc/pgx/v5 google.golang.org/protobuf \
+	&& go mod tidy \
 	&& go build -v -trimpath -ldflags="-s -w" ./cmd/amass 
 
 WORKDIR /config

diff --git a/headscale/Dockerfile b/headscale/Dockerfile
@@ -14,6 +14,8 @@ RUN test -n "${BUILD_VERSION}" \
 	&& update-ca-certificates \
 	&& curl -L "${ARCHIVE_URL}${BUILD_VERSION}.tar.gz" -o /tmp/headscale.tar.gz \
 	&& tar xzf /tmp/headscale.tar.gz --strip 1 -C /go/src/github.com/juanfont/headscale \
+	&& go get -u github.com/jackc/pgx/v5 github.com/go-jose/go-jose/v3 google.golang.org/grpc google.golang.org/protobuf \
+	&& go mod tidy \
 	&& go build -o ./headscale -v -trimpath -ldflags="-s -w -X github.com/juanfont/headscale/cmd/headscale/cli.Version=${BUILD_VERSION}" ./cmd/headscale 
 
 WORKDIR /config

diff --git a/httpx/Dockerfile b/httpx/Dockerfile
@@ -14,6 +14,8 @@ RUN test -n "${BUILD_VERSION}" \
 	&& apk add --no-cache curl gcc musl-dev \
 	&& curl -L "${ARCHIVE_URL}${BUILD_VERSION}.tar.gz" -o /tmp/httpx.tar.gz \
 	&& tar xzf /tmp/httpx.tar.gz --strip 1 -C /go/src/github.com/projectdiscovery/httpx \
+	&& go get -u github.com/quic-go/quic-go \
+	&& go mod tidy \
 	&& go build -o httpx -v -trimpath -ldflags="-s -w" cmd/httpx/httpx.go 
 
 WORKDIR /config

diff --git a/lego/Dockerfile b/lego/Dockerfile
@@ -16,6 +16,8 @@ RUN test -n "${BUILD_VERSION}" \
 	&& update-ca-certificates \
 	&& curl -L "${ARCHIVE_URL}${BUILD_VERSION}.tar.gz" -o /tmp/lego.tar.gz \
 	&& tar xzf /tmp/lego.tar.gz --strip 1 -C /go/src/github.com/go-acme/lego \
+	&& go get -u google.golang.org/grpc google.golang.org/protobuf \
+	&& go mod tidy \
 	&& make build \
 	&& strip /go/src/github.com/go-acme/lego/dist/lego \
 	&& cp /go/src/github.com/go-acme/lego/dist/lego /go/src/github.com/go-acme/lego-bin \

diff --git a/octosql/Dockerfile b/octosql/Dockerfile
@@ -14,7 +14,7 @@ RUN test -n "${BUILD_VERSION}" \
 	&& update-ca-certificates \
 	&& curl -L "${ARCHIVE_URL}${BUILD_VERSION}.tar.gz" -o /tmp/octosql.tar.gz \
 	&& tar xzf /tmp/octosql.tar.gz --strip 1 -C /go/src/github.com/cube2222/octosql \
-	&& go get -u golang.org/x/net golang.org/x/crypto gopkg.in/yaml.v3 github.com/jackc/pgx \
+	&& go get -u golang.org/x/net golang.org/x/crypto gopkg.in/yaml.v3 github.com/jackc/pgx google.golang.org/grpc \
 	&& go mod tidy \
 	&& go build -o octosql -v -trimpath -ldflags="-s -w -X github.com/cube2222/octosql/cmd.VERSION=${BUILD_VERSION}" . 
 

diff --git a/opentofu/Dockerfile b/opentofu/Dockerfile
@@ -19,6 +19,8 @@ RUN test -n "${BUILD_VERSION}" \
 	&& git clone --depth 1 ${GIT_URL} --branch ${BUILD_VERSION} /go/src/github.com/opentofu/opentofu \
 	#&& git clone --depth 1 ${GIT_URL} /go/src/github.com/opentofu/opentofu \
 	&& cd /go/src/github.com/opentofu/opentofu \
+	&& go get -u github.com/cloudflare/circl google.golang.org/protobuf \
+	&& go mod tidy \
 	&& go generate ./... \
 	&& go run ./tools/protobuf-compile . \
 	&& go build -v -trimpath -ldflags="-s -w -X github.com/opentofu/opentofu/version.dev=no -X main.experimentsAllowed=yes" ./cmd/tofu \

diff --git a/subfinder/Dockerfile b/subfinder/Dockerfile
@@ -15,6 +15,8 @@ RUN test -n "${BUILD_VERSION}" \
 	&& curl -L "${ARCHIVE_URL}${BUILD_VERSION}.tar.gz" -o /tmp/subfinder.tar.gz \
 	&& tar xzf /tmp/subfinder.tar.gz --strip 1 -C /go/src/github.com/projectdiscovery/subfinder \
 	&& cd v2 \
+	&& go get -u github.com/quic-go/quic-go \
+	&& go mod tidy \
 	&& go build -o subfinder -v -trimpath -ldflags="-s -w" cmd/subfinder/main.go 
 
 WORKDIR /config

diff --git a/terraform/Dockerfile b/terraform/Dockerfile
@@ -16,6 +16,8 @@ RUN test -n "${BUILD_VERSION}" \
 	&& update-ca-certificates \
 	&& curl -L "${ARCHIVE_URL}${BUILD_VERSION}.tar.gz" -o /tmp/terraform.tar.gz \
 	&& tar xzf /tmp/terraform.tar.gz --strip 1 -C /go/src/github.com/hashicorp/terraform \
+	&& go get -u github.com/cloudflare/circl google.golang.org/protobuf \
+	&& go mod tidy \
 	&& go build -v -trimpath -ldflags="-s -w" \
 	&& cp terraform /go/bin/terraform \
 	&& go clean && go clean -cache && go clean -modcache 

diff --git a/yggdrasil-go/Dockerfile b/yggdrasil-go/Dockerfile
@@ -15,7 +15,8 @@ RUN test -n "${BUILD_VERSION}" \
 	&& update-ca-certificates \
 	&& curl -L "${ARCHIVE_URL}${BUILD_VERSION}.tar.gz" -o /tmp/yggdrasil-go.tar.gz \
 	&& tar xzf /tmp/yggdrasil-go.tar.gz --strip 1 -C /go/src/github.com/yggdrasil-network/yggdrasil-go \
-	&& go get -u golang.org/x/net \
+	&& go get -u golang.org/x/tools github.com/quic-go/quic-go \
+	#&& go get -u all \
 	&& go mod tidy \
 	&& go build -o ./yggdrasil -v -trimpath -ldflags="-s -w -X ${PKGSRC}.buildName=yggdrasil -X ${PKGSRC}.buildVersion=${BUILD_VERSION}" ./cmd/yggdrasil \
 	&& go build -o ./yggdrasilctl -v -trimpath -ldflags="-s -w -X ${PKGSRC}.buildName=yggdrasil -X ${PKGSRC}.buildVersion=${BUILD_VERSION}" ./cmd/yggdrasilctl \