Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docker image doesn't build due to lax version fixing #31

Open
noraj opened this issue Jan 21, 2023 · 4 comments
Open

Docker image doesn't build due to lax version fixing #31

noraj opened this issue Jan 21, 2023 · 4 comments

Comments

@noraj
Copy link
Contributor

noraj commented Jan 21, 2023
edited
Loading

The app doesn't build from the docker file.

vulnerable-node-vulnerable_node-1  | > [email protected] start /app
vulnerable-node-vulnerable_node-1  | > node ./bin/www
vulnerable-node-vulnerable_node-1  |
vulnerable-node-vulnerable_node-1  | Sat, 21 Jan 2023 12:16:02 GMT body-parser deprecated bodyParser: use individual json/urlencoded middlewares at app.js:38:9
vulnerable-node-vulnerable_node-1  | Sat, 21 Jan 2023 12:16:02 GMT body-parser deprecated undefined extended: provide extended option at node_modules/body-parser/index.js:105:29
vulnerable-node-vulnerable_node-1  | Sat, 21 Jan 2023 12:16:02 GMT express-session deprecated undefined resave option; provide resave option at app.js:43:9
vulnerable-node-vulnerable_node-1  | Sat, 21 Jan 2023 12:16:02 GMT express-session deprecated undefined saveUninitialized option; provide saveUninitialized option at app.js:43:9
vulnerable-node-vulnerable_node-1  | [2023-01-21 12:16:02.112] [INFO] vnode - Building database
vulnerable-node-vulnerable_node-1  | /app/node_modules/pg/lib/connection.js:426
vulnerable-node-vulnerable_node-1  |   throw new Error("Unknown authenticationOk message type" + util.inspect(msg));
vulnerable-node-vulnerable_node-1  |   ^
vulnerable-node-vulnerable_node-1  |
vulnerable-node-vulnerable_node-1  | Error: Unknown authenticationOk message type{ name: 'authenticationOk', length: 23 }
vulnerable-node-vulnerable_node-1  |     at Connection.parseR (/app/node_modules/pg/lib/connection.js:426:9)
vulnerable-node-vulnerable_node-1  |     at Connection.parseMessage (/app/node_modules/pg/lib/connection.js:345:17)
vulnerable-node-vulnerable_node-1  |     at Socket.<anonymous> (/app/node_modules/pg/lib/connection.js:105:22)
vulnerable-node-vulnerable_node-1  |     at emitOne (events.js:77:13)
vulnerable-node-vulnerable_node-1  |     at Socket.emit (events.js:169:7)
vulnerable-node-vulnerable_node-1  |     at readableAddChunk (_stream_readable.js:146:16)
vulnerable-node-vulnerable_node-1  |     at Socket.Readable.push (_stream_readable.js:110:10)
vulnerable-node-vulnerable_node-1  |     at TCP.onread (net.js:523:20)
vulnerable-node-postgres_db-1      | 2023-01-21 12:16:02.145 UTC [117] LOG:  could not receive data from client: Connection reset by peer
vulnerable-node-postgres_db-1      | 2023-01-21 12:16:02.145 UTC [116] LOG:  could not receive data from client: Connection reset by peer
vulnerable-node-vulnerable_node-1  |
vulnerable-node-vulnerable_node-1  | npm ERR! Linux 6.1.7-arch1-1
vulnerable-node-vulnerable_node-1  | npm ERR! argv "/usr/bin/nodejs" "/usr/bin/npm" "start"
vulnerable-node-vulnerable_node-1  | npm ERR! node v4.2.6
vulnerable-node-vulnerable_node-1  | npm ERR! npm  v3.5.2
vulnerable-node-vulnerable_node-1  | npm ERR! code ELIFECYCLE
vulnerable-node-vulnerable_node-1  | npm ERR! [email protected] start: `node ./bin/www`
vulnerable-node-vulnerable_node-1  | npm ERR! Exit status 1
vulnerable-node-vulnerable_node-1  | npm ERR!
vulnerable-node-vulnerable_node-1  | npm ERR! Failed at the [email protected] start script 'node ./bin/www'.
vulnerable-node-vulnerable_node-1  | npm ERR! Make sure you have the latest version of node.js and npm installed.
vulnerable-node-vulnerable_node-1  | npm ERR! If you do, this is most likely a problem with the vulnerable-node-source package,
vulnerable-node-vulnerable_node-1  | npm ERR! not with npm itself.
vulnerable-node-vulnerable_node-1  | npm ERR! Tell the author that this fails on your system:
vulnerable-node-vulnerable_node-1  | npm ERR!     node ./bin/www
vulnerable-node-vulnerable_node-1  | npm ERR! You can get information on how to open an issue for this project with:
vulnerable-node-vulnerable_node-1  | npm ERR!     npm bugs vulnerable-node-source
vulnerable-node-vulnerable_node-1  | npm ERR! Or if that isn't available, you can get their info via:
vulnerable-node-vulnerable_node-1  | npm ERR!     npm owner ls vulnerable-node-source
vulnerable-node-vulnerable_node-1  | npm ERR! There is likely additional logging output above.
vulnerable-node-vulnerable_node-1  |
vulnerable-node-vulnerable_node-1  | npm ERR! Please include the following file with any support request:
vulnerable-node-vulnerable_node-1  | npm ERR!     /app/npm-debug.log
vulnerable-node-vulnerable_node-1 exited with code 1

I guess it's because the dockerfile doesn't fix any version and that the app is not compatible with the current nodejs / npm provided by the image.

#FROM library/node:6
FROM ubuntu:xenial

MAINTAINER "Daniel Garcia aka (cr0hn)" <[email protected]>

ENV STAGE "DOCKER"

RUN apt-get update && apt-get -y upgrade && \
    apt-get install -y nodejs npm netcat

# Fix node links
RUN ln -s /usr/bin/nodejs /usr/bin/node

# Build app folders
RUN mkdir /app
WORKDIR /app

# Install depends
COPY package.json /app/
RUN npm install

# Bundle code
COPY . /app

RUN chmod +x /app/start.sh

EXPOSE 3000

CMD [ "/app/start.sh" ]
#CMD [ "npm", "start" ]
@noraj
Copy link
Contributor Author

noraj commented Jan 21, 2023
edited
Loading

I tried with

FROM node:14.21.2-buster-slim

MAINTAINER "Daniel Garcia aka (cr0hn)" <[email protected]>

ENV STAGE "DOCKER"

RUN apt-get update && apt-get install -y netcat

# Build app folders
RUN mkdir /app
WORKDIR /app

# Install depends
COPY package.json /app/
RUN npm install

# Bundle code
COPY . /app

RUN chmod +x /app/start.sh

EXPOSE 3000

CMD [ "/app/start.sh" ]

and

FROM node:19.4.0-bullseye-slim

MAINTAINER "Daniel Garcia aka (cr0hn)" <[email protected]>

ENV STAGE "DOCKER"

RUN apt-get update && apt-get install -y netcat

# Build app folders
RUN mkdir /app
WORKDIR /app

# Install depends
COPY package.json /app/
RUN npm install

# Bundle code
COPY . /app

RUN chmod +x /app/start.sh

EXPOSE 3000

CMD [ "/app/start.sh" ]

but in both cases the app build but I have an issue when trying to log in:

vulnerable-node-vulnerable_node-1  | [2023-01-21 12:57:45.382] [INFO] vnode - Building database
vulnerable-node-vulnerable_node-1  | (node:18) [DEP0066] DeprecationWarning: OutgoingMessage.prototype._headers is deprecated
vulnerable-node-vulnerable_node-1  | (Use `node --trace-deprecation ...` to show where the warning was created)
vulnerable-node-vulnerable_node-1  | [2023-01-21 12:58:09.264] [ERROR] vnode - Tried to login attempt from user = admin

@noraj
Copy link
Contributor Author

noraj commented Mar 6, 2023

@cr0hn If you know the version you used when you tested it, could you provide a dockerfile with debian and node fixed versions?

@cr0hn
Copy link
Owner

cr0hn commented Mar 13, 2023

I'm sorry, but I don't remember. A lot of time from this. Sorry.

@fellipgomes
Copy link

@noraj same problem here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cr0hn @noraj @fellipgomes