From f2ef79dbb7c36579c8e1dd6ce48f9cd9fc2f2320 Mon Sep 17 00:00:00 2001
From: BlitzQuiche <kieran.shave@live.com>
Date: Thu, 18 Jul 2024 12:50:00 +0100
Subject: [PATCH] Add fixes for CVE-2024-5535 and CVE-2024-24790

CVE-2024-5535
- alpine openssl cirical vulnerability fixes by requring openssl version > 3.1.6-r0
CVE-2024-24790
- various 'Is' methods not working as expected, fixed by bumping builder image to golang:1.22.5 to include backported fix.
---
 agent/Dockerfile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/agent/Dockerfile b/agent/Dockerfile
index d3ac443..e88c27c 100644
--- a/agent/Dockerfile
+++ b/agent/Dockerfile
@@ -1,7 +1,7 @@
 ############################
 # STEP 1 build the image for creating the executable
 ############################
-FROM docker.io/library/golang:1.22-alpine3.19 as builder
+FROM docker.io/library/golang:1.22.5-alpine3.19 as builder
 
 # Install git + SSL ca certificates + make
 RUN apk update && apk upgrade && apk add --no-cache git ca-certificates make unzip g++ && update-ca-certificates && apk --no-cache add openssl wget && rm -rf /var/cache/apk/*
@@ -53,6 +53,9 @@ COPY --from=builder /app/synthetic-heart/agent /app/synthetic-heart/agent
 # Create a /tmp/ diretctory (required for go plugin for Unix Domain Socket)
 COPY --from=builder /app/synthetic-heart/.emptyfile /tmp/.emptyfile
 
+# Fix for CVE-2024-5535
+RUN apk add "openssl>3.1.6-r0"
+
 WORKDIR /app/synthetic-heart
 
 # Run the binary.