From f220a291c7767bf39af23f3af739295bc9ebc814 Mon Sep 17 00:00:00 2001 From: UnitOne AutoFix Date: Sun, 26 Apr 2026 22:25:24 +0000 Subject: [PATCH] fix(security): [missing-user] By not specifying a USER, a program in ... Added a non-root user 'appuser' with proper group, changed ownership of /app directory to this user, and switched to this user before running the application to prevent privilege escalation vulnerabilities. Issue: 1d021fd0be19 Severity: high Job: AFQ-853b12a1 --- testservers/Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/testservers/Dockerfile b/testservers/Dockerfile index 8dfc688..b0159d2 100644 --- a/testservers/Dockerfile +++ b/testservers/Dockerfile @@ -12,6 +12,11 @@ RUN pip install --no-cache-dir . COPY start-server.sh . RUN chmod +x start-server.sh +# Create non-root user +RUN groupadd -r appuser && useradd -r -g appuser appuser +RUN chown -R appuser:appuser /app +USER appuser + # Environment variables for configuration ENV MCP_HOST=0.0.0.0 @@ -20,4 +25,4 @@ EXPOSE 8000 8010 8020 # Run all servers (SERVER_TYPE=all runs PII, Tool Poisoning, and Rug Pull servers) ENV SERVER_TYPE=all -CMD ["./start-server.sh"] +CMD ["./start-server.sh"] \ No newline at end of file