Skip to content

Commit

Permalink
[MIniconda] - Cryptography - Patch security vulnerability - GHSA-3ww4…
Browse files Browse the repository at this point in the history
…-gg4f-jr7f (#965)

* [MIniconda] - Cryptography - Patch security vulnerability - GHSA-3ww4-gg4f-jr7f

* changes according to comments

* install pyopenssl v24.0.0

* Added tests to show that pip works correctly
  • Loading branch information
gauravsaini04 authored Feb 16, 2024
1 parent af4be44 commit 9bb5c4f
Show file tree
Hide file tree
Showing 3 changed files with 37 additions and 5 deletions.
8 changes: 6 additions & 2 deletions src/miniconda/.devcontainer/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,12 @@ FROM continuumio/miniconda3 as upstream
# <package_name> = <version>

RUN conda install \
# https://github.com/advisories/GHSA-jfhm-5ghh-2f97
cryptography==41.0.7
# https://github.com/advisories/GHSA-3ww4-gg4f-jr7f
cryptography==42.0.2

RUN python3 -m pip install --upgrade \
# installed for compatibility with cryptography v42.0.2
pyopenssl==24.0.0

# Reset and copy updated files with updated privs to keep image size down
FROM mcr.microsoft.com/devcontainers/base:1-bullseye
Expand Down
26 changes: 26 additions & 0 deletions src/miniconda/test-project/test-utils.sh
Original file line number Diff line number Diff line change
Expand Up @@ -180,3 +180,29 @@ checkCondaPackageVersion()
current_version=$(conda list "${PACKAGE}" | grep -E "^${PACKAGE}\s" | awk '{print $2}')
check-version-ge "conda-${PACKAGE}-requirement" "${current_version}" "${REQUIRED_VERSION}"
}

# Function to check if a package is installed
checkPackageInstalled() {
if python -c "import $1" &>/dev/null; then
echo -e "\n✅ Passed! \n$1 is installed"
else
echo -e "$1 is NOT installed\n"
echoStderr "❌ check failed."
fi
}

# Function to install a package using pip
installPackage() {
python3 -m pip install "$1"
}

checkPipWorkingCorrectly() {
# List of packages to install via pip
packages=("numpy" "requests" "matplotlib")
# Install packages and check if installation was successful
for package in "${packages[@]}"; do
echo -e "\n🧪 Testing pip install $package\n"
installPackage "$package"
checkPackageInstalled "$package"
done
}
8 changes: 5 additions & 3 deletions src/miniconda/test-project/test.sh
Original file line number Diff line number Diff line change
Expand Up @@ -18,12 +18,12 @@ check "gitconfig-contains-name" sh -c "cat /etc/gitconfig | grep 'name = devcont

check "usr-local-etc-config-does-not-exist" test ! -f "/usr/local/etc/gitconfig"

checkPythonPackageVersion "cryptography" "41.0.7"
checkPythonPackageVersion "cryptography" "42.0.2"
checkPythonPackageVersion "setuptools" "65.5.1"
checkPythonPackageVersion "wheel" "0.38.1"

checkCondaPackageVersion "cryptography" "41.0.7"
checkCondaPackageVersion "pyopenssl" "23.2.0"
checkCondaPackageVersion "cryptography" "42.0.2"
checkCondaPackageVersion "pyopenssl" "24.0.0"
checkCondaPackageVersion "setuptools" "65.5.1"
checkCondaPackageVersion "wheel" "0.38.1"
checkCondaPackageVersion "requests" "2.31.0"
Expand All @@ -33,5 +33,7 @@ check "conda-update-conda" bash -c "conda update -y conda"
check "conda-install-tensorflow" bash -c "conda create --name test-env -c conda-forge --yes tensorflow"
check "conda-install-pytorch" bash -c "conda create --name test-env -c conda-forge --yes pytorch"

checkPipWorkingCorrectly

# Report result
reportResults

0 comments on commit 9bb5c4f

Please sign in to comment.