Fix: Made changes in the docker file such that the secret is injected…

… in container properly
OWASP · Dec 30, 2024 · 8bebb50 · 8bebb50
1 parent ecea3e6
commit 8bebb50
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 6 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -23,8 +23,8 @@ RUN mkdir -p /app
 
 # Use a separate RUN command for --mount
 RUN --mount=type=secret,id=mysecret \
-    cat /run/secrets/mysecret > /app/secret.txt
-
+    export SECRET_VALUE=$(cat /run/secrets/mysecret) && \
+    echo $SECRET_VALUE >> /app/secret.txt
 
 RUN adduser -u 2000 -D wrongsecrets
 USER wrongsecrets

diff --git a/Dockerfile_webdesktop b/Dockerfile_webdesktop
@@ -31,9 +31,11 @@ RUN \
 # Add secret handling for Kubernetes-specific Docker builds
 # Create the /app directory to store the secret
 RUN mkdir -p /app
-# The secret will be written to a file for the challenge
+
+# Use a separate RUN command for --mount
 RUN --mount=type=secret,id=mysecret \
-    cat /run/secrets/mysecret > /var/tmp/wrongsecrets/secret.txt
+    export SECRET_VALUE=$(cat /run/secrets/mysecret) && \
+    echo $SECRET_VALUE >> /app/secret.txt
 
 WORKDIR /config/Desktop
 

diff --git a/Dockerfile_webdesktopk8s b/Dockerfile_webdesktopk8s
@@ -36,9 +36,11 @@ RUN \
 # Add a secret using --mount and write it to a specific file path for the challenge
 # Create the /app directory to store the secret
 RUN mkdir -p /app
-# This demonstrates how secrets can be mishandled during Docker builds
+
+# Use a separate RUN command for --mount
 RUN --mount=type=secret,id=mysecret \
-    cat /run/secrets/mysecret > /var/tmp/wrongsecrets/secret.txt
+    export SECRET_VALUE=$(cat /run/secrets/mysecret) && \
+    echo $SECRET_VALUE >> /app/secret.txt
 
 WORKDIR /config/Desktop