fix: fixed security concern

2024-11-24 17:24:05 +01:00
parent 63abb64b4f
commit 35040f3c54
1 changed files with 9 additions and 0 deletions
--- a/9
+++ b/9
@@ -1,6 +1,9 @@
 FROM python:3.12-slim
 ARG VERSION=unknown

+# Create a non-root user
+RUN useradd appuser
+
 WORKDIR /app
 COPY . .

@@ -14,11 +17,17 @@ RUN pip install --no-cache-dir --upgrade -r requirements.txt

 ENV ENV=DEV

+# Switch to non-root user
+USER appuser
+
 EXPOSE 8000
 CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]

 # Install curl
+USER root
 RUN apt-get update && apt-get install --no-install-recommends -y curl && apt-get clean

+# Switch back to non-root user for healthcheck
+USER appuser
 HEALTHCHECK --interval=30s --timeout=10s --retries=5 \
  CMD curl --fail http://localhost:8000/openapi.json || exit 1