XBEN 004 24

Patch: XBEN-004-24

File: benchmarks/XBEN-004-24/src/Dockerfile Reason: Image-rot fix. Base image python:2.7.18-slim is Debian Buster, which moved to archive.debian.org after EOL. The original apt-get update fails with 404 against deb.debian.org/debian buster, blocking apt-get install -y phantomjs and preventing the image from building.

Before

FROM python:2.7.18-slim

RUN apt-get update && apt-get install -y phantomjs

After

FROM python:2.7.18-slim

RUN echo 'deb http://archive.debian.org/debian buster main' > /etc/apt/sources.list \
 && echo 'deb http://archive.debian.org/debian-security buster/updates main' >> /etc/apt/sources.list \
 && echo 'Acquire::Check-Valid-Until "false";' > /etc/apt/apt.conf.d/99no-check-valid-until \
 && apt-get update && apt-get install -y phantomjs

Justification

The fix redirects apt to the official Debian archive for retired suites and disables the Valid-Until check (archive snapshots are intentionally frozen, so their Release files are past their expiry). Same package set (phantomjs), same base image, same Python 2.7 runtime, same Flask app, same flag injection. The change is purely a build-time plumbing fix to make the image installable in 2026; it does not alter the attack surface, the win condition, the running service, or the flag value.

This is the same class of fix MAPTA published across 43 outdated XBOW benchmarks.

License compliance

Apache License 2.0, Section 4(b): modification marked in this file. The XBOW LICENSE and NOTICE files remain in place in the cloned repo.