[🐛] Docker Image: Placing images in /app/public/images does not work.

[jcfergus]

🐛 Bug report

Description

Per the customization document:

logo filename in /app/public/images/ or a URL of an image which will first be download to that folder and then used as a logo. Defaults to JuiceShop_Logo.png

Unfortunately, the Docker Image does not seem to pick up images if I mount a local volume to /app/public/images in the container. (i.e. docker run -V /data/juice-shop/images:/app/public/images bkimminich/juice-shop)

Is this a regression?

Unknown.

🔬 Minimal Reproduction

Create my_test_image.jpg in /data/juice-shop/images locally. Create /data/juice-shop/test.yml containing:

  -
    name: 'Apple Juice (1000ml)'
    price: 1.99
    deluxePrice: 0.99
    description: 'The all-time classic.'
    image: apple_juice.jpg
    reviews: # Options 'author': admin, jim, bender, ciso, support, morty, mc.safesearch
      - { text: 'One of my favorites!', author: admin }
  -
    name: 'Orange Juice (1000ml)'
    description: 'Made from oranges hand-picked by Uncle Dittmeyer.'
    price: 2.99
    deluxePrice: 2.49
    image: my_test_image.jpg
  -
    name: 'Lemon Juice (500ml)'
    description: 'Sour but full of vitamins.'
    price: 2.99
    deluxePrice: 1.99
    image: lemon_juice.jpg
  -
    name: 'Banana Juice (1000ml)'
    description: 'Monkeys love it the most.'
    price: 1.99
    image: banana_juice.jpg
    reviews:
      - { text: 'Fry liked it too.', author: bender }
  -
    name: 'OWASP Juice Shop T-Shirt'
    description: 'Real fans wear it 24/7!'
    price: 22.49
    image: fan_shirt.jpg
  -
    name: 'OWASP SSL Advanced Forensic Tool (O-Saft)'
    description: 'O-Saft is an easy to use tool to show information about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations.'
    price: 0.01
    image: orange_juice.jpg
    urlForProductTamperingChallenge: 'https://www.owasp.org/index.php/O-Saft'
  -
    name: 'Christmas Super-Surprise-Box (2014 Edition)'
    description: 'Contains a random selection of 10 bottles (each 500ml) of our tastiest juices and an extra fan shirt for an unbeatable price!'
    price: 29.99
    image: undefined.jpg
    useForChristmasSpecialChallenge: true
  -
    name: 'Rippertuer Special Juice'
    description: 'Contains a magical collection of the rarest fruits gathered from all around the world, like Cherymoya Annona cherimola, Jabuticaba Myrciaria cauliflora, Bael Aegle marmelos... and others, at an unbelievable price! <br/><span style="color:red;">This item has been made unavailable because of lack of safety standards.</span>'
    price: 16.99
    image: undefined.jpg
    keywordsForPastebinDataLeakChallenge:
      - hueteroneel
      - eurogium edule
  -
    name: 'OWASP Juice Shop Sticker (2015/2016 design)'
    description: 'Die-cut sticker with the official 2015/2016 logo. By now this is a rare collectors item. <em>Out of stock!</em>'
    price: 999.99
    image: sticker.png
    deletedDate: '2017-04-28'
  -
    name: 'OWASP Juice Shop Logo (3D-printed)'
    description: 'This rare item was designed and handcrafted in Sweden. This is why it is so incredibly expensive despite its complete lack of purpose.'
    price: 99.99
    image: 3d_keychain.jpg # Exif metadata contains "OpenSCAD" as subtle hint...
    fileForRetrieveBlueprintChallenge: JuiceShop.stl # ...to blueprint file type

Then run:

docker run -V /data/juice-shop/images:/app/public/images -V /data/juice-shop/test.yml:/juice-shop/config/test.yml -E NODE_ENV=test bkimminich/juice-shop

According to docs, my_test_image.jpg should now be the image for Orange Juice, but instead there will be no image.

🔥 Exception or Error

No error.

🌳 Your Environment

docker-hub latest image

Additional Information

I haven't had a chance to dig into this yet, ended up working around by using image URLs, but figured I'd open a bug in case it's an easy fix for someone who is more familiar with the codebase.

[bkimminich]

If you want to deliver the product images withing the Docker image instead of having them downloaded from some URL, here's a straightforward Dockerfile I use at work to have everything pre-packaged within a custom-themed Docker image:

FROM bkimminich/juice-shop

COPY kn.yml ./config
COPY assets/products/*.jpg ./frontend/dist/frontend/assets/public/images/products/
COPY assets/KN_Anchor.png ./frontend/dist/frontend/assets/public/images
COPY assets/favicon.ico ./frontend/dist/frontend/assets/public

[bkimminich]

Ah, I see the problem now: You need to put the images into frontend/dist/frontend/assets/public/images/products/ since v8.x of Juice Shop. It's actually a bug in the documentation where still the v7.x and older locations are given. Sorry for that!

[bkimminich]

It actually is up to date in https://github.com/bkimminich/pwning-juice-shop/blob/master/part1/customization.md but for some reasons not on @GitbookIO at https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/part1/customization.html ...

[bkimminich]

Oh brilliant, now it updated when I started setting up an independent hosted web version of the book at http://pwning.owasp-juice.shop

[github-actions]

This thread has been automatically locked because it has not had recent activity after it was closed. 🔒 Please open a new issue for regressions or related bugs.