Security and maintainability fixes (#269)

* Security and maintainability fixes Use Alpine 3.19 for fixtures container: this contains the libexpat patch and others. Move the properties file to the name used for cloud analysis (I'd previously used the one for CI analysis). Some minor maintainability fixes that were easy to fix. #patch * Pin Python to 3.13 #patch
ministryofjustice · Oct 15, 2024 · 916f84c · 916f84c
1 parent bb74a5a
commit 916f84c
Show file tree

Hide file tree

Showing 5 changed files with 4 additions and 8 deletions.
diff --git a/sonar-project.properties → .sonarcloud.properties b/sonar-project.properties → .sonarcloud.properties
diff --git a/fixtures/Dockerfile b/fixtures/Dockerfile
@@ -6,14 +6,12 @@ COPY fixtures/package.json package.json
 COPY fixtures/package-lock.json package-lock.json
 RUN npm ci --ignore-scripts
 
-FROM python:3-alpine3.17
+FROM python:3.13-alpine3.19
 
 WORKDIR /app
 
 COPY fixtures/requirements.txt requirements.txt
 RUN pip3 install -r requirements.txt
-#patch packages with issues
-RUN apk upgrade --no-cache libexpat
 
 COPY fixtures/app.py app.py
 COPY fixtures/lib lib

diff --git a/fixtures/lib/aws_auth.py b/fixtures/lib/aws_auth.py
@@ -13,13 +13,13 @@ def __init__(self, boto3_session=boto3.Session()):
             self.session = boto3_session
 
     def get_headers(self, service = "execute-api", **request_config):
-        sigV4A = crt.auth.CrtS3SigV4AsymAuth(
+        sig_v4a = crt.auth.CrtS3SigV4AsymAuth(
             self.session.get_credentials(),
             service,
             os.environ.get("AWS_REGION", "eu-west-1"),
         )
         aws_req = awsrequest.AWSRequest(**request_config)
-        sigV4A.add_auth(aws_req)
+        sig_v4a.add_auth(aws_req)
         prepped = aws_req.prepare()
 
         return prepped.headers
diff --git a/fixtures/static/js/uid-generator.mjs b/fixtures/static/js/uid-generator.mjs
@@ -27,8 +27,6 @@ export class UidGenerator {
 
       $parent.insertBefore($container, $module);
       $container.appendChild($module);
-
-      $parent = $container;
     }
 
     const $btn = document.createElement("button");

diff --git a/lambda/Dockerfile b/lambda/Dockerfile
@@ -11,7 +11,7 @@ COPY ./internal /app/internal
 ARG DIR
 COPY ./lambda/$DIR /app/lambda/$DIR
 
-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -installsuffix cgo -o /go/bin/main ./lambda/$DIR
+RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -a -installsuffix cgo -o /go/bin/main "./lambda/$DIR"
 
 FROM alpine:3