# Official Playwright image (includes browsers) FROM mcr.microsoft.com/playwright/python:v1.44.0 # Build-time arg: اجعلها 1 لفشل البناء إذا وُجدت أي استخدامات pkg_resources في site-packages ARG FAIL_ON_PKG_RESOURCES=0 ENV FAIL_ON_PKG_RESOURCES=${FAIL_ON_PKG_RESOURCES} # Non-interactive apt ENV DEBIAN_FRONTEND=noninteractive WORKDIR /app # Copy requirements first to leverage Docker cache COPY requirements.txt . # Install useful system packages RUN apt-get update \ && apt-get install -y --no-install-recommends \ git \ build-essential \ libxml2-dev \ libxslt1-dev \ libssl-dev \ libffi-dev \ ca-certificates \ curl \ && rm -rf /var/lib/apt/lists/* # Upgrade pip/setuptools/wheel to latest (we aim to support setuptools >= 81 after code migration) RUN python -m pip install --upgrade pip setuptools wheel # Install runtime Python deps from requirements RUN pip install --no-cache-dir -r requirements.txt # Install auxiliary packages / backports & tooling we rely on # - packaging: requirement parsing & version handling # - importlib_metadata / importlib_resources: backports if running on older Python # - wafw00f: WAF detection tool used by the project RUN pip install --no-cache-dir \ packaging \ importlib_metadata \ importlib_resources \ wafw00f # Copy the rest of the project files COPY . . # Create evidence directory in tmpfs location and set permissions (used by utils.store_raw_evidence) ENV SUPERR_EVIDENCE_DIR=/dev/shm/superrecon_evidence RUN mkdir -p ${SUPERR_EVIDENCE_DIR} \ && chown -R pwuser:pwuser ${SUPERR_EVIDENCE_DIR} \ && chmod 750 ${SUPERR_EVIDENCE_DIR} || true # Optional build-time check: look for any remaining 'import pkg_resources' usages # If FAIL_ON_PKG_RESOURCES=1 the build will fail when any occurrences are found. # This check scans site-packages for python files mentioning pkg_resources. RUN python - <<'PY' || (test "$FAIL_ON_PKG_RESOURCES" = "0" && exit 0) import os, sys, site from pathlib import Path def scan_paths(paths): hits = [] for root in paths: rootp = Path(root) if not rootp.exists(): continue for p in rootp.rglob("*.py"): try: txt = p.read_text(encoding="utf-8", errors="ignore") except Exception: continue if "import pkg_resources" in txt or "pkg_resources." in txt: hits.append(str(p)) return hits paths = [] try: sp = site.getsitepackages() for p in sp: paths.append(p) except Exception: # fallback common locations paths += [ "/usr/local/lib/python3.10/site-packages", "/usr/lib/python3/dist-packages", "/usr/local/lib/python3.9/site-packages", ] hits = scan_paths(paths) if hits: print("==========================================") print("WARNING: Detected uses of pkg_resources in installed packages (first 200 shown):") for h in hits[:200]: print(" -", h) print("==========================================") # If FAIL_ON_PKG_RESOURCES is set, fail the build if os.environ.get("FAIL_ON_PKG_RESOURCES", "0") == "1": print("FAIL_ON_PKG_RESOURCES=1 -> Failing build due to pkg_resources usages.") sys.exit(1) else: print("No pkg_resources usages found in scanned site-packages paths.") PY # Ensure non-root runtime (pwuser exists in Playwright base image) USER pwuser # Expose application port (configurable via APP_PORT env) ENV APP_PORT=8000 EXPOSE ${APP_PORT} # Healthcheck HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 \ CMD curl -f http://127.0.0.1:${APP_PORT}/health || exit 1 # Default environment variables (can be overridden at runtime) ENV PYTHONUNBUFFERED=1 ENV MAX_CONCURRENT_SCANS=8 ENV SCAN_TIMEOUT=180 ENV RATE_LIMIT="15/minute" ENV LOG_LEVEL=INFO ENV UVICORN_WORKERS=1 # Default command: run Uvicorn (assumes app package path app.main:app) CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "1"]