From 43c1469f8a7fa1df37e00504309c760dacae0da3 Mon Sep 17 00:00:00 2001 From: Srikant Patil Date: Thu, 26 Feb 2026 18:39:15 +0530 Subject: [PATCH 1/5] Fixes - API key printing in log and Vulnerabilities --- build/simple/Dockerfile | 2 +- simple/util/dc_client.py | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/build/simple/Dockerfile b/build/simple/Dockerfile index 3205b7f9..36cb9b91 100644 --- a/build/simple/Dockerfile +++ b/build/simple/Dockerfile @@ -13,7 +13,7 @@ # limitations under the License. -FROM python:3.11.4-slim as base +FROM python:3.11.14-slim as base ARG ENV ARG PIP_DISABLE_PIP_VERSION_CHECK=1 diff --git a/simple/util/dc_client.py b/simple/util/dc_client.py index 231faac6..0bb3542f 100644 --- a/simple/util/dc_client.py +++ b/simple/util/dc_client.py @@ -70,9 +70,24 @@ def get_api_root(): return os.environ.get(_API_ROOT_ENV, _DEFAULT_API_ROOT) +def mask_key(key: str, show: int = 5, max_visible_percent: float = 0.3) -> str: + if not key: + return "" + + length = len(key) + max_visible = int(length * max_visible_percent) + visible_each_side = min(show, max_visible // 2) + + if visible_each_side < 1 or length <= visible_each_side * 2: + return "*" * length + + middle = "*" * (length - visible_each_side * 2) + return f"{key[:visible_each_side]}{middle}{key[-visible_each_side:]}" + + if _DEBUG: logging.info("DC API Root: %s", get_api_root()) - logging.info("DC API Key: %s", get_api_key()) + logging.info("DC API Key: %s", mask_key(get_api_key())) os.makedirs(_DEBUG_FOLDER, exist_ok=True) From ee0fdfef170f5a6c0670f965b8c7d31ea26e11a5 Mon Sep 17 00:00:00 2001 From: shree1988 <37659750+shree1988@users.noreply.github.com> Date: Mon, 2 Mar 2026 16:01:09 +0530 Subject: [PATCH 2/5] Added description to resolve comment --- simple/util/dc_client.py | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/simple/util/dc_client.py b/simple/util/dc_client.py index 0bb3542f..918ab50f 100644 --- a/simple/util/dc_client.py +++ b/simple/util/dc_client.py @@ -71,6 +71,17 @@ def get_api_root(): def mask_key(key: str, show: int = 5, max_visible_percent: float = 0.3) -> str: + """Masks a key for logging purposes, showing only parts of it. + + Args: + key: The string key to mask. + show: The number of characters to show from each end of the key. + max_visible_percent: The maximum percentage of the key's length that can be + visible from both ends combined. + + Returns: + A masked string of the key. + """ if not key: return "" From 5efbd295bf4d986cef1df3ea8fb2e2a77c19d3b5 Mon Sep 17 00:00:00 2001 From: shree1988 <37659750+shree1988@users.noreply.github.com> Date: Mon, 16 Mar 2026 10:17:37 +0530 Subject: [PATCH 3/5] Image vulnerability fixes CVE-2024-36039(Pymsql), CVE-2025-4565 & CVE-2026-0994(protobuf) Critical and High Vulnerabilities fixes --- simple/requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/simple/requirements.txt b/simple/requirements.txt index a06f59fe..866ded34 100644 --- a/simple/requirements.txt +++ b/simple/requirements.txt @@ -15,9 +15,9 @@ numpy==1.25.2 pandas==2.1.0 parameterized==0.9.0 platformdirs==3.10.0 -protobuf==4.25.3 +protobuf==6.33.5 PyLD==2.0.4 -PyMySQL==1.1.0 +PyMySQL==1.1.1 python-dateutil==2.8.2 pytest==7.4.2 PyYAML==6.0.1 From 7d73aefd51982da67d73eb4d9d27f7ca65e8c315 Mon Sep 17 00:00:00 2001 From: shree1988 <37659750+shree1988@users.noreply.github.com> Date: Mon, 16 Mar 2026 10:25:43 +0530 Subject: [PATCH 4/5] Image vulnerabilities fixes CVE-2026-24049(Wheel), CVE-2026-23949(Jaraco-context), CVE-2026-21441, CVE-2025-66418, CVE-2025-66471 vunerabilites fixes --- build/simple/Dockerfile | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/build/simple/Dockerfile b/build/simple/Dockerfile index 36cb9b91..9c06d523 100644 --- a/build/simple/Dockerfile +++ b/build/simple/Dockerfile @@ -26,4 +26,11 @@ COPY simple/ . COPY build/simple/run.sh . RUN pip3 install -r /workspace/requirements.txt -CMD ./run.sh \ No newline at end of file +RUN apt-get update \ + && pip install --upgrade pip \ + && pip install --upgrade "wheel==0.46.2" \ + && pip install --upgrade setuptools \ + && pip install --upgrade "urllib3==2.6.3" \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* +CMD ./run.sh From 84d0f32b41e2fcf58fd449b10ed745c9dc29f276 Mon Sep 17 00:00:00 2001 From: shree1988 <37659750+shree1988@users.noreply.github.com> Date: Tue, 17 Mar 2026 17:24:49 +0530 Subject: [PATCH 5/5] Refactor Dockerfile to streamline package installations --- build/simple/Dockerfile | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/build/simple/Dockerfile b/build/simple/Dockerfile index 9c06d523..da3a25df 100644 --- a/build/simple/Dockerfile +++ b/build/simple/Dockerfile @@ -26,11 +26,12 @@ COPY simple/ . COPY build/simple/run.sh . RUN pip3 install -r /workspace/requirements.txt -RUN apt-get update \ - && pip install --upgrade pip \ - && pip install --upgrade "wheel==0.46.2" \ - && pip install --upgrade setuptools \ - && pip install --upgrade "urllib3==2.6.3" \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* + +RUN pip3 install --upgrade \ + pip \ + setuptools \ + "wheel==0.46.2" \ + "urllib3==2.6.3" \ + && apt-get clean && rm -rf /var/lib/apt/lists/* + CMD ./run.sh