From 4131dfb8b285964fea5f3ce72cd2cc0dce1844cb Mon Sep 17 00:00:00 2001 From: Pavel Marik <43641306+pavelmarik@users.noreply.github.com> Date: Fri, 5 May 2023 13:29:58 +0200 Subject: [PATCH] US47299 Upgrade .NET to 6.0 to fix vulnerabilities (#1721) --- Dockerfile | 12 ++---------- bzt/modules/javascript.py | 2 +- bzt/modules/jmeter.py | 6 +++--- examples/all-executors.yml | 14 -------------- 4 files changed, 6 insertions(+), 28 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3753f53985..8848a7ae20 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,6 @@ ENV PIP_INSTALL="python3 -m pip install" ADD https://deb.nodesource.com/setup_14.x /tmp ADD https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb /tmp ADD https://packages.microsoft.com/config/ubuntu/21.04/packages-microsoft-prod.deb /tmp -ADD http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2_amd64.deb /tmp COPY dist/bzt*whl /tmp WORKDIR /tmp @@ -26,7 +25,7 @@ RUN $PIP_INSTALL --user --upgrade pip pillow oauthlib pyjwt httplib2 numpy RUN $APT_UPDATE && $APT_INSTALL \ unzip software-properties-common apt-transport-https \ - openjdk-11-jdk xvfb siege apache2-utils ruby ruby-dev make nodejs locales tsung + openjdk-11-jdk xvfb siege apache2-utils ruby ruby-dev make nodejs locales tsung dotnet-sdk-6.0 # firefox repo - do not use snap RUN printf '%s\n' 'Package: firefox*' 'Pin: release o=Ubuntu*' 'Pin-Priority: -1' > /etc/apt/preferences.d/firefox-no-snap @@ -37,7 +36,7 @@ RUN $APT_UPDATE && $APT_INSTALL firefox RUN locale-gen "en_US.UTF-8" && update-locale LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8 # Force cgi version to fix CVE-2021-41816 -> updated to 0.2.1 -RUN gem install rspec rake selenium-webdriver cgi:0.2.1 && gem update bundler date && gem cleanup \ +RUN gem install rspec rake selenium-webdriver cgi:0.3.5 && gem update bundler date && gem cleanup \ && rm /usr/lib/ruby/gems/3.0.0/specifications/default/cgi-0.2.0.gemspec \ && rm /usr/lib/ruby/gems/3.0.0/specifications/default/bundler-2.2.22.gemspec \ && rm /usr/lib/ruby/gems/3.0.0/specifications/default/date-3.1.0.gemspec @@ -47,13 +46,6 @@ RUN gem install rspec rake selenium-webdriver cgi:0.2.1 && gem update bundler da RUN $APT_INSTALL ./google-chrome-stable_current_amd64.deb \ && mv /opt/google/chrome/google-chrome /opt/google/chrome/_google-chrome -# Get .NET Core -RUN dpkg -i libssl1.1_1.1.1f-1ubuntu2_amd64.deb -RUN $APT_INSTALL ./packages-microsoft-prod.deb \ - # Update is required because packages-microsoft-prod.deb installation add repositories for dotnet - && $APT_UPDATE \ - && $APT_INSTALL dotnet-sdk-3.1 - # Install K6 RUN $APT_INSTALL gpg-agent \ && gpg -k \ diff --git a/bzt/modules/javascript.py b/bzt/modules/javascript.py index a81b207b23..f78e7b4939 100644 --- a/bzt/modules/javascript.py +++ b/bzt/modules/javascript.py @@ -330,7 +330,7 @@ def install(self): class Mocha(NPMPackage): - PACKAGE_NAME = "mocha@9.2.2" + PACKAGE_NAME = "mocha@10.1.0" class JSSeleniumWebdriver(NPMPackage): diff --git a/bzt/modules/jmeter.py b/bzt/modules/jmeter.py index f14662aec8..993b237fb7 100644 --- a/bzt/modules/jmeter.py +++ b/bzt/modules/jmeter.py @@ -1582,9 +1582,9 @@ def _get_jar_fixes(self, lib_dir): affected_components = { # Needs to be <1.4.18 for old Jmeters https://stackoverflow.com/questions/30812293/com-thoughtworks-xstream-security-forbiddenclassexception "xstream": "com/thoughtworks/xstream/xstream/1.4.20/xstream-1.4.20.jar", - "jackson-annotations": "com/fasterxml/jackson/core/jackson-annotations/2.14.1/jackson-annotations-2.14.1.jar", - "jackson-core": "com/fasterxml/jackson/core/jackson-core/2.14.1/jackson-core-2.14.1.jar", - "jackson-databind": "com/fasterxml/jackson/core/jackson-databind/2.14.1/jackson-databind-2.14.1.jar", + "jackson-annotations": "com/fasterxml/jackson/core/jackson-annotations/2.15.0/jackson-annotations-2.15.0.jar", + "jackson-core": "com/fasterxml/jackson/core/jackson-core/2.15.0/jackson-core-2.15.0.jar", + "jackson-databind": "com/fasterxml/jackson/core/jackson-databind/2.15.0/jackson-databind-2.15.0.jar", "json-smart": "net/minidev/json-smart/2.4.8/json-smart-2.4.8.jar", "jsoup": "org/jsoup/jsoup/1.15.3/jsoup-1.15.3.jar", "snakeyaml": "org/yaml/snakeyaml/2.0/snakeyaml-2.0.jar", diff --git a/examples/all-executors.yml b/examples/all-executors.yml index bf97c9d574..9e00522cff 100644 --- a/examples/all-executors.yml +++ b/examples/all-executors.yml @@ -106,20 +106,6 @@ execution: scenario: script: functional/test_nose.py -- executor: nunit # IsFive_ExistingVariable_ReturnFive - 10 samples - concurrency: 1 - hold-for: 10s - iterations: 10 - scenario: - script: selenium/dotnet/NUnitTests.dll - -- executor: xunit # IsFive_ExistingVariable_ReturnFive - 10 more samples - concurrency: 1 - hold-for: 10s - iterations: 10 - scenario: - script: selenium/dotnet/XUnitTests.dll - - executor: pytest # test_Pytest x2 concurrency: 1 hold-for: 10s