[base-alpine] Update sudo package due to CVE-2023-27320 (devcontainers#505)

* [base-alpine] Update sudo package due to CVE-2023-27320

- Updated Dockerfile to install latest sudo package version
- Added test to verify sudo minimum version

* Dockerfile: Add if condition for variant arg

* Test: Replace `sudo --version` with `apk info sudo`

* Dockerfile: Restore value for `VARIANT` arg

Author: alexander-smolyakov

src/base-alpine/.devcontainer/Dockerfile

@@ -2,6 +2,11 @@
 ARG VARIANT=3.17
 FROM alpine:${VARIANT}
 
-# ** [Optional] Uncomment this section to install additional packages. **
-# RUN apk update \
-#     && apk add --no-cache <your-package-list-here>
+ARG VARIANT
+
+# Temporary: Upgrade packages due to mentioned CVEs
+RUN if [[ "$VARIANT" == "3.14" || "$VARIANT" == "3.15" ]]; then \
+        apk update \
+        # https://security.alpinelinux.org/vuln/CVE-2023-27320
+        && apk add sudo>=1.9.12-r1 --repository https://dl-cdn.alpinelinux.org/alpine/latest-stable/community ; \
+    fi

src/base-alpine/test-project/test.sh

@@ -18,5 +18,8 @@ check "gitconfig-contains-name" sh -c "cat /etc/gitconfig | grep 'name = devcont
 
 check "usr-local-etc-config-does-not-exist" test ! -f "/usr/local/etc/gitconfig"
 
+sudo_version=$(apk info sudo | head -1 | grep -Po  "sudo-\K(.*)(?=\s)")
+check-version-ge "sudo-requirement" "${sudo_version}" "1.9.12_p2-r1"
+
 # Report result
 reportResults