رفع الملفات إلى "app"
هذا الالتزام موجود في:
123
app/Dockerfile
Normal file
123
app/Dockerfile
Normal file
@@ -0,0 +1,123 @@
|
||||
# Official Playwright image (includes browsers)
|
||||
FROM mcr.microsoft.com/playwright/python:v1.44.0
|
||||
|
||||
# Build-time arg: اجعلها 1 لفشل البناء إذا وُجدت أي استخدامات pkg_resources في site-packages
|
||||
ARG FAIL_ON_PKG_RESOURCES=0
|
||||
ENV FAIL_ON_PKG_RESOURCES=${FAIL_ON_PKG_RESOURCES}
|
||||
|
||||
# Non-interactive apt
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
WORKDIR /app
|
||||
|
||||
# Copy requirements first to leverage Docker cache
|
||||
COPY requirements.txt .
|
||||
|
||||
# Install useful system packages
|
||||
RUN apt-get update \
|
||||
&& apt-get install -y --no-install-recommends \
|
||||
git \
|
||||
build-essential \
|
||||
libxml2-dev \
|
||||
libxslt1-dev \
|
||||
libssl-dev \
|
||||
libffi-dev \
|
||||
ca-certificates \
|
||||
curl \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Upgrade pip/setuptools/wheel to latest (we aim to support setuptools >= 81 after code migration)
|
||||
RUN python -m pip install --upgrade pip setuptools wheel
|
||||
|
||||
# Install runtime Python deps from requirements
|
||||
RUN pip install --no-cache-dir -r requirements.txt
|
||||
|
||||
# Install auxiliary packages / backports & tooling we rely on
|
||||
# - packaging: requirement parsing & version handling
|
||||
# - importlib_metadata / importlib_resources: backports if running on older Python
|
||||
# - wafw00f: WAF detection tool used by the project
|
||||
RUN pip install --no-cache-dir \
|
||||
packaging \
|
||||
importlib_metadata \
|
||||
importlib_resources \
|
||||
wafw00f
|
||||
|
||||
# Copy the rest of the project files
|
||||
COPY . .
|
||||
|
||||
# Create evidence directory in tmpfs location and set permissions (used by utils.store_raw_evidence)
|
||||
ENV SUPERR_EVIDENCE_DIR=/dev/shm/superrecon_evidence
|
||||
RUN mkdir -p ${SUPERR_EVIDENCE_DIR} \
|
||||
&& chown -R pwuser:pwuser ${SUPERR_EVIDENCE_DIR} \
|
||||
&& chmod 750 ${SUPERR_EVIDENCE_DIR} || true
|
||||
|
||||
# Optional build-time check: look for any remaining 'import pkg_resources' usages
|
||||
# If FAIL_ON_PKG_RESOURCES=1 the build will fail when any occurrences are found.
|
||||
# This check scans site-packages for python files mentioning pkg_resources.
|
||||
RUN python - <<'PY' || (test "$FAIL_ON_PKG_RESOURCES" = "0" && exit 0)
|
||||
import os, sys, site
|
||||
from pathlib import Path
|
||||
|
||||
def scan_paths(paths):
|
||||
hits = []
|
||||
for root in paths:
|
||||
rootp = Path(root)
|
||||
if not rootp.exists():
|
||||
continue
|
||||
for p in rootp.rglob("*.py"):
|
||||
try:
|
||||
txt = p.read_text(encoding="utf-8", errors="ignore")
|
||||
except Exception:
|
||||
continue
|
||||
if "import pkg_resources" in txt or "pkg_resources." in txt:
|
||||
hits.append(str(p))
|
||||
return hits
|
||||
|
||||
paths = []
|
||||
try:
|
||||
sp = site.getsitepackages()
|
||||
for p in sp:
|
||||
paths.append(p)
|
||||
except Exception:
|
||||
# fallback common locations
|
||||
paths += [
|
||||
"/usr/local/lib/python3.10/site-packages",
|
||||
"/usr/lib/python3/dist-packages",
|
||||
"/usr/local/lib/python3.9/site-packages",
|
||||
]
|
||||
|
||||
hits = scan_paths(paths)
|
||||
if hits:
|
||||
print("==========================================")
|
||||
print("WARNING: Detected uses of pkg_resources in installed packages (first 200 shown):")
|
||||
for h in hits[:200]:
|
||||
print(" -", h)
|
||||
print("==========================================")
|
||||
# If FAIL_ON_PKG_RESOURCES is set, fail the build
|
||||
if os.environ.get("FAIL_ON_PKG_RESOURCES", "0") == "1":
|
||||
print("FAIL_ON_PKG_RESOURCES=1 -> Failing build due to pkg_resources usages.")
|
||||
sys.exit(1)
|
||||
else:
|
||||
print("No pkg_resources usages found in scanned site-packages paths.")
|
||||
PY
|
||||
|
||||
# Ensure non-root runtime (pwuser exists in Playwright base image)
|
||||
USER pwuser
|
||||
|
||||
# Expose application port (configurable via APP_PORT env)
|
||||
ENV APP_PORT=8000
|
||||
EXPOSE ${APP_PORT}
|
||||
|
||||
# Healthcheck
|
||||
HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \
|
||||
CMD curl -f http://127.0.0.1:${APP_PORT}/health || exit 1
|
||||
|
||||
# Default environment variables (can be overridden at runtime)
|
||||
ENV PYTHONUNBUFFERED=1
|
||||
ENV MAX_CONCURRENT_SCANS=8
|
||||
ENV SCAN_TIMEOUT=180
|
||||
ENV RATE_LIMIT="15/minute"
|
||||
ENV LOG_LEVEL=INFO
|
||||
ENV UVICORN_WORKERS=1
|
||||
|
||||
# Default command: run Uvicorn (assumes app package path app.main:app)
|
||||
CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "1"]
|
||||
المرجع في مشكلة جديدة
حظر مستخدم