From 96026fb69e24efbe3ac012ae7e0f6dca0acef99c Mon Sep 17 00:00:00 2001 From: Leonid Pershin Date: Wed, 22 Oct 2025 04:05:04 +0300 Subject: [PATCH] fix sec --- ChatBot/Dockerfile | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/ChatBot/Dockerfile b/ChatBot/Dockerfile index a2f5c13..c86a943 100644 --- a/ChatBot/Dockerfile +++ b/ChatBot/Dockerfile @@ -22,14 +22,19 @@ RUN dotnet publish -c Release -o /app/publish /p:UseAppHost=false FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS final WORKDIR /app -# Install PostgreSQL client for healthcheck (optional) -RUN apt-get update && apt-get install -y postgresql-client && rm -rf /var/lib/apt/lists/* +# Install PostgreSQL client, create user, and prepare directories +RUN apt-get update && apt-get install -y --no-install-recommends postgresql-client && rm -rf /var/lib/apt/lists/* \ + && groupadd -r appuser && useradd -r -g appuser appuser \ + && mkdir -p /app/logs -# Copy published application +# Copy published application (safe: only contains compiled output from dotnet publish) COPY --from=publish /app/publish . -# Create directory for logs -RUN mkdir -p /app/logs && chmod 755 /app/logs +# Set ownership after copying files +RUN chown -R appuser:appuser /app + +# Switch to non-root user +USER appuser # Expose ports (if needed for health checks or metrics) EXPOSE 8080