# POC Dockerfile for nanobot security testing FROM python:3.11-slim # Build argument for litellm version (allows testing vulnerable versions) ARG LITELLM_VERSION=">=1.61.15" # Install system dependencies RUN apt-get update && apt-get install -y --no-install-recommends \ git \ curl \ procps \ && rm -rf /var/lib/apt/lists/* # Create non-root user for permission boundary testing RUN useradd -m -s /bin/bash nanobot && \ mkdir -p /app /results && \ chown -R nanobot:nanobot /app /results # Create sensitive test files for path traversal demonstration RUN mkdir -p /sensitive && \ echo "SECRET_API_KEY=sk-supersecret12345" > /sensitive/api_keys.txt && \ echo "DATABASE_PASSWORD=admin123" >> /sensitive/api_keys.txt && \ chmod 644 /sensitive/api_keys.txt # Create additional sensitive locations RUN echo "poc-test-user:x:1001:1001:POC Test:/home/poc:/bin/bash" >> /etc/passwd.poc && \ cp /etc/passwd /etc/passwd.backup WORKDIR /app # Copy project files COPY pyproject.toml ./ COPY nanobot/ ./nanobot/ COPY bridge/ ./bridge/ # Upgrade pip and install build tools RUN pip install --no-cache-dir --upgrade pip setuptools wheel # Install dependencies from pyproject.toml requirements RUN pip install --no-cache-dir \ "typer>=0.9.0" \ "litellm${LITELLM_VERSION}" \ "pydantic>=2.0.0" \ "pydantic-settings>=2.0.0" \ "websockets>=12.0" \ "websocket-client>=1.6.0" \ "httpx>=0.25.0" \ "loguru>=0.7.0" \ "readability-lxml>=0.8.0" \ "rich>=13.0.0" \ "croniter>=2.0.0" \ "python-telegram-bot>=21.0" \ "trafilatura>=0.8.0" # Install nanobot package RUN pip install --no-cache-dir -e . # Copy POC files COPY poc/ ./poc/ # Install POC dependencies RUN pip install --no-cache-dir pytest pytest-asyncio # Create results directory with proper permissions RUN mkdir -p /results && chown -R nanobot:nanobot /results # Switch to non-root user (but can be overridden for root testing) USER nanobot # Default command CMD ["python", "-m", "nanobot", "--help"]