From 5c991fef23c8a98b62cd09a89576c7260b5ca979 Mon Sep 17 00:00:00 2001
From: cytar <cytar@infradvisor.fr>
Date: Thu, 23 Feb 2023 14:54:39 +0100
Subject: [PATCH 1/3] =?UTF-8?q?fix=20the=20following=20image=20vulnerabili?=
 =?UTF-8?q?ties:=20=E2=9C=97=20Medium=20severity=20vulnerability=20found?=
 =?UTF-8?q?=20in=20e2fsprogs/libcom=5Ferr=20=20=20Description:=20Out-of-bo?=
 =?UTF-8?q?unds=20Write=20=20=20Info:=20https://snyk.io/vuln/SNYK-ALPINE37?=
 =?UTF-8?q?-E2FSPROGS-493456=20=20=20Introduced=20through:=20e2fsprogs/lib?=
 =?UTF-8?q?com=5Ferr@1.43.7-r0,=20krb5-conf/krb5-conf@1.0-r1=20=20=20From:?=
 =?UTF-8?q?=20e2fsprogs/libcom=5Ferr@1.43.7-r0=20=20=20From:=20krb5-conf/k?=
 =?UTF-8?q?rb5-conf@1.0-r1=20>=20krb5/krb5-libs@1.15.4-r0=20>=20e2fsprogs/?=
 =?UTF-8?q?libcom=5Ferr@1.43.7-r0=20=20=20Image=20layer:=20Introduced=20by?=
 =?UTF-8?q?=20your=20base=20image=20(python:3.6.8-alpine3.7)=20=20=20Fixed?=
 =?UTF-8?q?=20in:=201.43.7-r1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

✗ High severity vulnerability found in expat/expat
  Description: XML External Entity (XXE) Injection
  Info: https://snyk.io/vuln/SNYK-ALPINE37-EXPAT-453374
  Introduced through: expat/expat@2.2.5-r0, .python-rundeps@0, python2/python2@2.7.15-r2, python3/python3@3.6.9-r1
  From: expat/expat@2.2.5-r0
  From: .python-rundeps@0 > expat/expat@2.2.5-r0
  From: python2/python2@2.7.15-r2 > expat/expat@2.2.5-r0
  and 1 more...
  Image layer: Introduced by your base image (python:3.6.8-alpine3.7)
  Fixed in: 2.2.7-r0

✗ High severity vulnerability found in expat/expat
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-ALPINE37-EXPAT-489399
  Introduced through: expat/expat@2.2.5-r0, .python-rundeps@0, python2/python2@2.7.15-r2, python3/python3@3.6.9-r1
  From: expat/expat@2.2.5-r0
  From: .python-rundeps@0 > expat/expat@2.2.5-r0
  From: python2/python2@2.7.15-r2 > expat/expat@2.2.5-r0
  and 1 more...
  Image layer: Introduced by your base image (python:3.6.8-alpine3.7)
  Fixed in: 2.2.7-r1

✗ Critical severity vulnerability found in sqlite/sqlite-libs
  Description: Out-of-bounds Read
  Info: https://snyk.io/vuln/SNYK-ALPINE37-SQLITE-458200
  Introduced through: sqlite/sqlite-libs@3.25.3-r0, .python-rundeps@0, python2/python2@2.7.15-r2, python3/python3@3.6.9-r1
  From: sqlite/sqlite-libs@3.25.3-r0
  From: .python-rundeps@0 > sqlite/sqlite-libs@3.25.3-r0
  From: python2/python2@2.7.15-r2 > sqlite/sqlite-libs@3.25.3-r0
  and 1 more...
  Image layer: Introduced by your base image (python:3.6.8-alpine3.7)
  Fixed in: 3.25.3-r1
---
 Dockerfile | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9341cf49..971c826e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,7 +7,8 @@ RUN apk update && \
     apk add supervisor && \
     apk add --update py2-pip && \
     apk add --no-cache bash && \
-    apk add --no-cache --virtual .build-deps bzip2-dev gcc libc-dev libffi-dev openssl-dev python3-dev make
+    apk add --no-cache --virtual .build-deps bzip2-dev gcc libc-dev libffi-dev openssl-dev python3-dev make && \
+    apk upgrade "expat==2.2.8-r0"
 
 # Copy project sources
 COPY . /src
@@ -16,7 +17,8 @@ COPY . /src
 WORKDIR /src
 
 # Install app dependencies and create supervisord dirs
-RUN pip3 install -U -r requirements.txt && \
+RUN pip3 install --upgrade pip==21.3.1 && \
+    pip3 install -U -r requirements.txt && \
     pip3 install gunicorn==19.7.1 && \
     mkdir -p /etc/supervisor/conf.d /var/log/supervisor /var/run/supervisor
 

From c789c3971fa37e4b167e22eedc5dbd7a9e24d564 Mon Sep 17 00:00:00 2001
From: nassereddinebelghith <nassereddine.belghith@gmail.com>
Date: Wed, 31 Jan 2024 10:46:32 +0100
Subject: [PATCH 2/3] update elastic 8.x index call method

---
 elastichq/service/HQService.py | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/elastichq/service/HQService.py b/elastichq/service/HQService.py
index a87638cc..1a9ca552 100644
--- a/elastichq/service/HQService.py
+++ b/elastichq/service/HQService.py
@@ -48,10 +48,7 @@ def get_settings(self, cluster_name):
             settings_doc = connection.get_source(index=current_app.config.get('HQ_CLUSTER_SETTINGS')[
                 'index_name'],
                                                  id=current_app.config.get('HQ_CLUSTER_SETTINGS')[
-                                                     'doc_id'],
-                                                 doc_type=current_app.config.get('HQ_CLUSTER_SETTINGS')[
-                                                     'doc_type'])
-
+                                                     'doc_id'])
             return settings_doc
         except NotFoundError as nfe:
             if current_app.config.get('HQ_CLUSTER_SETTINGS')['store_metrics']:
@@ -65,7 +62,6 @@ def save_settings(self, cluster_name, body=None):
                 body = current_app.config.get('HQ_CLUSTER_SETTINGS')
             connection = ConnectionService().get_connection(cluster_name)
             connection.index(index=current_app.config.get('HQ_CLUSTER_SETTINGS')['index_name'],
-                             doc_type=current_app.config.get('HQ_CLUSTER_SETTINGS')['doc_type'],
                              id=current_app.config.get('HQ_CLUSTER_SETTINGS')['doc_id'],
                              body=body, refresh=True)
         except NotFoundError as nfe:
@@ -80,7 +76,6 @@ def update_settings(self, cluster_name, body=None):
             'doc_id': current_app.config.get('HQ_CLUSTER_SETTINGS')['doc_id'],
             'index_name': current_app.config.get('HQ_CLUSTER_SETTINGS')['index_name'],
             'version': 1,
-            'doc_type': current_app.config.get('HQ_CLUSTER_SETTINGS')['doc_type'],
             'store_metrics': body.get('store_metrics', current_settings.get('store_metrics')),
             'websocket_interval': body.get('websocket_interval',
                                            current_settings.get('websocket_interval')),
@@ -94,7 +89,6 @@ def update_settings(self, cluster_name, body=None):
 
         connection = ConnectionService().get_connection(cluster_name)
         connection.update(index=current_app.config.get('HQ_CLUSTER_SETTINGS')['index_name'],
-                          doc_type=current_app.config.get('HQ_CLUSTER_SETTINGS')['doc_type'],
                           id=current_app.config.get('HQ_CLUSTER_SETTINGS')['doc_id'],
                           body={"doc": new_settings}, refresh=True)
 

From fcad6b64a388ba85d868f62958f15b387dc9a591 Mon Sep 17 00:00:00 2001
From: nassereddinebelghith <nassereddine.belghith@gmail.com>
Date: Wed, 31 Jan 2024 11:06:53 +0100
Subject: [PATCH 3/3] update dockerfile

---
 Dockerfile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 971c826e..ed435ea0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,8 +7,7 @@ RUN apk update && \
     apk add supervisor && \
     apk add --update py2-pip && \
     apk add --no-cache bash && \
-    apk add --no-cache --virtual .build-deps bzip2-dev gcc libc-dev libffi-dev openssl-dev python3-dev make && \
-    apk upgrade "expat==2.2.8-r0"
+    apk add --no-cache --virtual .build-deps bzip2-dev gcc libc-dev libffi-dev openssl-dev python3-dev make
 
 # Copy project sources
 COPY . /src