Squashed commit of the following:

commit 54659fb
Merge: cf0c9e2 1159eac
Author: K. Shankari <[email protected]>
Date:   Thu Dec 21 20:17:15 2023 -0800

    Merge pull request e-mission#951 from MukuFlash03/fix-vuln

    Bulk deletion of site-package/tests

commit 1159eac
Author: Mahadik, Mukul Chandrakant <[email protected]>
Date:   Thu Dec 21 20:43:39 2023 -0700

    Bulk deletion of site-package/tests

    Added a one line pipe command to remove all occurrences of site-packages/tests occurring in miniconda main directory.

commit cf0c9e2
Merge: d2f38bc 3be2757
Author: K. Shankari <[email protected]>
Date:   Thu Dec 21 17:47:27 2023 -0800

    Merge pull request e-mission#950 from MukuFlash03/fix-vuln

    Remove obsolete package versions

commit 3be2757
Author: Mahadik, Mukul Chandrakant <[email protected]>
Date:   Thu Dec 21 18:05:23 2023 -0700

    Remove obsolete package versions

    Cleaned up older versions for two packages:
    urllib3 - deleted stale version folders
    python - deleted tests folder

commit d2f38bc
Merge: 978a719 c1b0889
Author: K. Shankari <[email protected]>
Date:   Wed Dec 20 14:31:09 2023 -0800

    Merge pull request e-mission#949 from MukuFlash03/fix-vuln

    Fixing latest Docker image vulnerabilities

commit c1b0889
Author: Mahadik, Mukul Chandrakant <[email protected]>
Date:   Mon Dec 18 11:04:25 2023 -0700

    Upgraded Ubuntu base image

    Latest Ubuntu base image was just released officially by Docker which contains updated version of libc6 and libc-bin.

commit 07747d0
Author: Mahadik, Mukul Chandrakant <[email protected]>
Date:   Fri Dec 15 18:38:12 2023 -0700

    Fixing latest Docker image vulnerabilities

    AWS Inspector found the following vulnerable packages:

    CRITICAL
    perl

    HIGH
    nghttp2, libnghttp2-14
    cryptography, libssl3
    cryptography
    libc6, libc-bin

    Upgraded perl, libssl3, nghttp2 packages by upgrading base Ubuntu image to latest of the same LTS version - jammy (22.04).

    Cryptography package was fixed by mentioning required version to be installed using conda.

    Libc6, Libc-bin can be fixed by using apt-get upgrade but this upgrades all packages which is not recommended as a blanket upgrade fix.

.docker/setup_config.sh

@@ -13,21 +13,24 @@ source setup/setup.sh
 ## 10/02 - Mukul
 ## - Above comments talk about manually updating cryptography to version 40
 ## - I have upgraded to 41.0.4 as per latest vulnerability fixes.
-conda install -c conda-forge cryptography=41.0.4 wheel=0.40.0
+conda install -c conda-forge cryptography=41.0.7 wheel=0.40.0
 
 ## Remove the old, unused packages to avoid tripping up the checker
 rm -rf /root/miniconda-23.1.0/pkgs/cryptography-38.0.4-py39h9ce1e76_0
 rm -rf /root/miniconda-23.1.0/pkgs/wheel-0.37.1-pyhd3eb1b0_0
 rm -rf /root/miniconda-23.5.2/pkgs/cryptography-39.0.1-py39h9ce1e76_2
 rm -rf /root/miniconda-23.5.2/pkgs/certifi-2023.5.7-py39h06a4308_0
-rm -rf /root/miniconda-23.5.2/pkgs/conda-23.5.2-py39h06a4308_0/lib/python3.9/site-packages/tests/
+rm -rf /root/miniconda-23.5.2/pkgs/conda-23.5.2-py39h06a4308_0/lib/python3.9/site-packages/tests
 rm -rf /root/miniconda-23.5.2/pkgs/urllib3-1.26.16-py39h06a4308_0
 rm -rf /root/miniconda-23.5.2/pkgs/urllib3-1.26.17-pyhd8ed1ab_0
 rm -rf /root/miniconda-23.5.2/envs/emission/lib/python3.9/site-packages/urllib3-1.26.17.dist-info
+rm -rf /root/miniconda-23.5.2/lib/python3.9/site-packages/urllib3-1.26.16.dist-info
+rm -rf /root/miniconda-23.5.2/lib/python3.9/site-packages/tests
 
 # Clean up the conda install
 conda clean -t
 find /root/miniconda-*/pkgs -wholename \*info/test\* -type d | xargs rm -rf
+find ~/miniconda-23.5.2 -name \*tests\* -path '*/site-packages/*' | grep ".*/site-packages/tests" | xargs rm -rf
 
 if [ -d "webapp/www/" ]; then
     cp /index.html webapp/www/index.html

Dockerfile

@@ -1,5 +1,5 @@
 # python 3
-FROM ubuntu:jammy-20231004
+FROM ubuntu:jammy-20231211.1
 
 MAINTAINER K. Shankari ([email protected])