From 31626baef1909913fe5899813570f9e78cb63a4f Mon Sep 17 00:00:00 2001
From: "Mahadik, Mukul Chandrakant" <MukulChandrakant.Mahadik@nrel.gov>
Date: Thu, 11 Jan 2024 16:39:40 -0700
Subject: [PATCH] Squashed commit of the following:

commit 54659fb07423c27f6a0ff433b4d0f347986ede48
Merge: cf0c9e24 1159eacf
Author: K. Shankari <shankari@eecs.berkeley.edu>
Date:   Thu Dec 21 20:17:15 2023 -0800

    Merge pull request #951 from MukuFlash03/fix-vuln

    Bulk deletion of site-package/tests

commit 1159eacf2ff77fb2031c2e4fba26ebbc56422d59
Author: Mahadik, Mukul Chandrakant <MukulChandrakant.Mahadik@nrel.gov>
Date:   Thu Dec 21 20:43:39 2023 -0700

    Bulk deletion of site-package/tests

    Added a one line pipe command to remove all occurrences of site-packages/tests occurring in miniconda main directory.

commit cf0c9e246b3dfa079fbe07d3da9d16906400329f
Merge: d2f38bc1 3be27579
Author: K. Shankari <shankari@eecs.berkeley.edu>
Date:   Thu Dec 21 17:47:27 2023 -0800

    Merge pull request #950 from MukuFlash03/fix-vuln

    Remove obsolete package versions

commit 3be27579e664a25f58538f0ebaf702f772eb98e6
Author: Mahadik, Mukul Chandrakant <MukulChandrakant.Mahadik@nrel.gov>
Date:   Thu Dec 21 18:05:23 2023 -0700

    Remove obsolete package versions

    Cleaned up older versions for two packages:
    urllib3 - deleted stale version folders
    python - deleted tests folder

commit d2f38bc18d5c415888451e7ad98d40325a74c999
Merge: 978a7199 c1b0889b
Author: K. Shankari <shankari@eecs.berkeley.edu>
Date:   Wed Dec 20 14:31:09 2023 -0800

    Merge pull request #949 from MukuFlash03/fix-vuln

    Fixing latest Docker image vulnerabilities

commit c1b0889b50a3e2da8cc799f914010575c3f13326
Author: Mahadik, Mukul Chandrakant <MukulChandrakant.Mahadik@nrel.gov>
Date:   Mon Dec 18 11:04:25 2023 -0700

    Upgraded Ubuntu base image

    Latest Ubuntu base image was just released officially by Docker which contains updated version of libc6 and libc-bin.

commit 07747d0669c986c537310995d0552b5c117f6ebb
Author: Mahadik, Mukul Chandrakant <MukulChandrakant.Mahadik@nrel.gov>
Date:   Fri Dec 15 18:38:12 2023 -0700

    Fixing latest Docker image vulnerabilities

    AWS Inspector found the following vulnerable packages:

    CRITICAL
    perl

    HIGH
    nghttp2, libnghttp2-14
    cryptography, libssl3
    cryptography
    libc6, libc-bin

    Upgraded perl, libssl3, nghttp2 packages by upgrading base Ubuntu image to latest of the same LTS version - jammy (22.04).

    Cryptography package was fixed by mentioning required version to be installed using conda.

    Libc6, Libc-bin can be fixed by using apt-get upgrade but this upgrades all packages which is not recommended as a blanket upgrade fix.
---
 .docker/setup_config.sh | 7 +++++--
 Dockerfile              | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/.docker/setup_config.sh b/.docker/setup_config.sh
index 63f034406..05456eea1 100644
--- a/.docker/setup_config.sh
+++ b/.docker/setup_config.sh
@@ -13,21 +13,24 @@ source setup/setup.sh
 ## 10/02 - Mukul
 ## - Above comments talk about manually updating cryptography to version 40
 ## - I have upgraded to 41.0.4 as per latest vulnerability fixes.
-conda install -c conda-forge cryptography=41.0.4 wheel=0.40.0
+conda install -c conda-forge cryptography=41.0.7 wheel=0.40.0
 
 ## Remove the old, unused packages to avoid tripping up the checker
 rm -rf /root/miniconda-23.1.0/pkgs/cryptography-38.0.4-py39h9ce1e76_0
 rm -rf /root/miniconda-23.1.0/pkgs/wheel-0.37.1-pyhd3eb1b0_0
 rm -rf /root/miniconda-23.5.2/pkgs/cryptography-39.0.1-py39h9ce1e76_2
 rm -rf /root/miniconda-23.5.2/pkgs/certifi-2023.5.7-py39h06a4308_0
-rm -rf /root/miniconda-23.5.2/pkgs/conda-23.5.2-py39h06a4308_0/lib/python3.9/site-packages/tests/
+rm -rf /root/miniconda-23.5.2/pkgs/conda-23.5.2-py39h06a4308_0/lib/python3.9/site-packages/tests
 rm -rf /root/miniconda-23.5.2/pkgs/urllib3-1.26.16-py39h06a4308_0
 rm -rf /root/miniconda-23.5.2/pkgs/urllib3-1.26.17-pyhd8ed1ab_0
 rm -rf /root/miniconda-23.5.2/envs/emission/lib/python3.9/site-packages/urllib3-1.26.17.dist-info
+rm -rf /root/miniconda-23.5.2/lib/python3.9/site-packages/urllib3-1.26.16.dist-info
+rm -rf /root/miniconda-23.5.2/lib/python3.9/site-packages/tests
 
 # Clean up the conda install
 conda clean -t
 find /root/miniconda-*/pkgs -wholename \*info/test\* -type d | xargs rm -rf
+find ~/miniconda-23.5.2 -name \*tests\* -path '*/site-packages/*' | grep ".*/site-packages/tests" | xargs rm -rf
 
 if [ -d "webapp/www/" ]; then
     cp /index.html webapp/www/index.html
diff --git a/Dockerfile b/Dockerfile
index 9ede21298..7fa923ea0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # python 3
-FROM ubuntu:jammy-20231004
+FROM ubuntu:jammy-20231211.1
 
 MAINTAINER K. Shankari (shankari@eecs.berkeley.edu)