From 174fd31ebf1594c25300e9612eb76aed65def6cc Mon Sep 17 00:00:00 2001 From: Fabian Oraze Date: Wed, 5 Jun 2024 13:59:44 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=8F=97=EF=B8=8F=20build(docker):=20Update?= =?UTF-8?q?=20profile-service=20Dockerfile=20to=20include=20needed=20markd?= =?UTF-8?q?own=20package?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/profile-service/Dockerfile | 3 ++- .../main/java/org/dynatrace/profileservice/BioController.java | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/profile-service/Dockerfile b/src/profile-service/Dockerfile index a047b58c..c70382de 100644 --- a/src/profile-service/Dockerfile +++ b/src/profile-service/Dockerfile @@ -7,6 +7,7 @@ RUN gradle bootJar FROM youtaqiu/jre-trace:17 EXPOSE 8080 COPY --from=builder /home/gradle/src/build/libs/**.jar /app/app.jar +RUN apk --no-cache add markdown WORKDIR /app -# RUN apt-get update && apt-get install markdown -y + ENTRYPOINT ["java", "-javaagent:/opentelemetry.jar", "-jar", "app.jar"] diff --git a/src/profile-service/src/main/java/org/dynatrace/profileservice/BioController.java b/src/profile-service/src/main/java/org/dynatrace/profileservice/BioController.java index b2968804..0a42bbc7 100644 --- a/src/profile-service/src/main/java/org/dynatrace/profileservice/BioController.java +++ b/src/profile-service/src/main/java/org/dynatrace/profileservice/BioController.java @@ -75,7 +75,7 @@ public void postBio(@PathVariable("id") @Valid @Min(Integer.MIN_VALUE) @Max(Inte private String markdownToHtml(String markdown) { // Unsafe code below, vulnerable to command injection, as 'markdown' is user controlled - final String[] command = {"/bin/bash", "-c", "echo '" + markdown + "' | markdown"}; + final String[] command = {"/bin/sh", "-c", "echo '" + markdown + "' | markdown"}; final ProcessBuilder processBuilder = new ProcessBuilder(command);