🏗️ build(docker): Update profile-service Dockerfile to include needed…

… markdown package
dynatrace-oss · Jun 6, 2024 · 174fd31 · 174fd31
1 parent 6a0a2c4
commit 174fd31
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/src/profile-service/Dockerfile b/src/profile-service/Dockerfile
@@ -7,6 +7,7 @@ RUN gradle bootJar
 FROM youtaqiu/jre-trace:17
 EXPOSE 8080
 COPY --from=builder /home/gradle/src/build/libs/**.jar /app/app.jar
+RUN apk --no-cache add markdown
 WORKDIR /app
-# RUN apt-get update && apt-get install markdown -y
+
 ENTRYPOINT ["java", "-javaagent:/opentelemetry.jar", "-jar", "app.jar"]
diff --git a/src/profile-service/src/main/java/org/dynatrace/profileservice/BioController.java b/src/profile-service/src/main/java/org/dynatrace/profileservice/BioController.java
@@ -75,7 +75,7 @@ public void postBio(@PathVariable("id") @Valid @Min(Integer.MIN_VALUE) @Max(Inte
 
     private String markdownToHtml(String markdown) {
         // Unsafe code below, vulnerable to command injection, as 'markdown' is user controlled
-        final String[] command = {"/bin/bash", "-c", "echo '" + markdown + "' | markdown"};
+        final String[] command = {"/bin/sh", "-c", "echo '" + markdown + "' | markdown"};
 
         final ProcessBuilder processBuilder = new ProcessBuilder(command);