Refactor docker compose

docker-compose.insecureinc.yml

@@ -0,0 +1,18 @@
+version: "3.7"
+
+services:
+  insecureinc:
+    image: securecodingdojo/insecure.inc
+    build:
+      context: ./insecureinc
+      dockerfile: Dockerfile.insecureinc
+    restart: "always" #change to always if you want the image to auto start
+    ports:
+      - "8080:8080"
+    networks:
+      - insecure
+    environment:
+       - CHALLENGE_MASTER_SALT
+
+networks:
+  insecure:

docker-compose.trainingportal.yml

@@ -0,0 +1,27 @@
+version: "3.7"
+
+services:
+  trainingportal:
+    image: securecodingdojo/trainingportal
+    restart: "always" #change to always if you want the image to auto start
+    build:
+      context: ./trainingportal
+      dockerfile: Dockerfile.trainingportal
+    ports:
+      - "8081:8081"
+    volumes:
+       - "${DATA_DIR}:/dojofiles:consistent"
+    networks:
+       - portal
+    environment:
+       - CHALLENGE_MASTER_SALT
+       - ENC_KEY
+       - ENC_KEY_IV
+       - DATA_DIR=/dojofiles
+
+
+volumes:
+  dojofiles:
+
+networks:
+  portal:

docker-compose.yml

@@ -3,7 +3,10 @@ version: "3.7"
 services:
   insecureinc:
     image: securecodingdojo/insecure.inc
-    restart: "no" #change to always if you want the image to auto start
+    build:
+      context: ./insecureinc
+      dockerfile: Dockerfile.insecureinc
+    restart: "always" #change to always if you want the image to auto start
     ports:
       - "8080:8080"
     networks:
@@ -13,7 +16,10 @@ services:
 
   trainingportal:
     image: securecodingdojo/trainingportal
-    restart: "no" #change to always if you want the image to auto start
+    restart: "always" #change to always if you want the image to auto start
+    build:
+      context: ./trainingportal
+      dockerfile: Dockerfile.trainingportal
     ports:
       - "8081:8081"
     volumes:
@@ -29,8 +35,8 @@ services:
   host1:
     image: securecodingdojo/hackerden-host1
     build:
-      context: hackerden
-      dockerfile: hackerden/Dockerfile.host1
+      context: ./hackerden
+      dockerfile: Dockerfile.host1
     restart: "always" 
     expose:
       - "22"
@@ -42,8 +48,8 @@ services:
   host2:
     image: securecodingdojo/hackerden-host2
     build:
-      context: hackerden
-      dockerfile: hackerden/Dockerfile.host2
+      context: ./hackerden
+      dockerfile: Dockerfile.host2
     restart: "always"
     expose:
       - "8080"
@@ -55,8 +61,8 @@ services:
   front:
     image: securecodingdojo/hackerden-front
     build:
-      context: hackerden
-      dockerfile: hackerden/Dockerfile.front
+      context: ./hackerden
+      dockerfile: Dockerfile.front
     restart: "always" 
     ports:
       - "3000:3000"

hackerden/Dockerfile.front

@@ -9,5 +9,7 @@ WORKDIR /home/node/app
 RUN npm install
 RUN npm install pm2@latest -g
 
+USER node
+
 EXPOSE 3000
 ENTRYPOINT ["pm2","start","/home/node/app/server.js","--no-daemon"]

build/insecureinc/Dockerfile → insecureinc/Dockerfile.insecureinc

@@ -1,7 +1,7 @@
 # Please use buildImage.sh script to build this image.
 # This stage is compiling the code and packaging war file in target folder
 FROM maven:3.8.1-openjdk-8 as build_image
-ADD insecureinc /insecureinc
+ADD . /insecureinc
 RUN cd /insecureinc && mvn clean install
 
 FROM tomcat:8.5-jre8

build/trainingportal/Dockerfile → trainingportal/Dockerfile.trainingportal

@@ -5,16 +5,25 @@ RUN apk --no-cache add --update python3 && ln -sf python3 /usr/bin/python
 RUN apk --no-cache add msttcorefonts-installer fontconfig && \
     update-ms-fonts && \
     fc-cache -f
+RUN apk --no-cache add --update git
 RUN apk upgrade
 
-COPY *.DOCKER.zip /tmp
-RUN unzip -o /tmp/*.zip -d /home/node/app/
-RUN rm -f /tmp/*.zip
-COPY config.json /home/node/app/config.json
+
+ADD public /home/node/app/public
+ADD static /home/node/app/static 
+ADD sql /home/node/app/sql 
+
+COPY *.js /home/node/app
+COPY *.sql /home/node/app
+COPY package.json /home/node/app
+COPY config.json.docker /home/node/app/config.json
+
 WORKDIR /home/node/app
 
 RUN npm install
 RUN npm install pm2@latest -g
 
+USER node
+
 EXPOSE 8081
 ENTRYPOINT ["pm2","start","/home/node/app/server.js","--no-daemon"]

build/trainingportal/config.json → trainingportal/config.json.docker

@@ -5,9 +5,18 @@
         "securityCodeReviewMaster":"https://owasp.org/SecureCodingDojo/codereview101/?fromPortal"
     },
 
-    "disabledModules":["secondDegreeBlackBelt","redTeam","blueTeam"],
+    "playLinks" : {
+        "owasp2017misconfig" : "/static/proxy.log"
+    },
+
+    "challengeParams" : {
+        "owasp2017misconfig" : {
+            "url":"http://localhost:3000"
+        }
+    },
+
+    "disabledModules":["redTeam","blueTeam"],
 
-    "playLinks" : {},
 
     "localUsersPath" : "localUsers.json"
 }

trainingportal/static/lessons/modules.json

@@ -29,7 +29,7 @@
     "secondDegreeBlackBelt":{
         "name":"Second Degree Black Belt",
         "summary":"Cloud software exploitation techniques",
-        "description":"Have some fun with this Capture the Flag module which is based on OWASP Top 10 (v2017). Your goal is to take down the cloud applications used in a worldwide malware campaign.",
+        "description":"Have some fun with this Capture the Flag module which is based on OWASP Top 10. Your goal is to take down the cloud applications used in a worldwide malware campaign.",
         "badgeInfo":{
             "line1":"Secure Coding",
             "line2":"2nd Degree",