72 lines
2.0 KiB
Docker
72 lines
2.0 KiB
Docker
# POC Dockerfile for nanobot security testing
|
|
FROM python:3.11-slim
|
|
|
|
# Build argument for litellm version (allows testing vulnerable versions)
|
|
ARG LITELLM_VERSION=">=1.61.15"
|
|
|
|
# Install system dependencies
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
git \
|
|
curl \
|
|
procps \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Create non-root user for permission boundary testing
|
|
RUN useradd -m -s /bin/bash nanobot && \
|
|
mkdir -p /app /results && \
|
|
chown -R nanobot:nanobot /app /results
|
|
|
|
# Create sensitive test files for path traversal demonstration
|
|
RUN mkdir -p /sensitive && \
|
|
echo "SECRET_API_KEY=sk-supersecret12345" > /sensitive/api_keys.txt && \
|
|
echo "DATABASE_PASSWORD=admin123" >> /sensitive/api_keys.txt && \
|
|
chmod 644 /sensitive/api_keys.txt
|
|
|
|
# Create additional sensitive locations
|
|
RUN echo "poc-test-user:x:1001:1001:POC Test:/home/poc:/bin/bash" >> /etc/passwd.poc && \
|
|
cp /etc/passwd /etc/passwd.backup
|
|
|
|
WORKDIR /app
|
|
|
|
# Copy project files
|
|
COPY pyproject.toml ./
|
|
COPY nanobot/ ./nanobot/
|
|
COPY bridge/ ./bridge/
|
|
|
|
# Upgrade pip and install build tools
|
|
RUN pip install --no-cache-dir --upgrade pip setuptools wheel
|
|
|
|
# Install dependencies from pyproject.toml requirements
|
|
RUN pip install --no-cache-dir \
|
|
"typer>=0.9.0" \
|
|
"litellm${LITELLM_VERSION}" \
|
|
"pydantic>=2.0.0" \
|
|
"pydantic-settings>=2.0.0" \
|
|
"websockets>=12.0" \
|
|
"websocket-client>=1.6.0" \
|
|
"httpx>=0.25.0" \
|
|
"loguru>=0.7.0" \
|
|
"readability-lxml>=0.8.0" \
|
|
"rich>=13.0.0" \
|
|
"croniter>=2.0.0" \
|
|
"python-telegram-bot>=21.0" \
|
|
"trafilatura>=0.8.0"
|
|
|
|
# Install nanobot package
|
|
RUN pip install --no-cache-dir -e .
|
|
|
|
# Copy POC files
|
|
COPY poc/ ./poc/
|
|
|
|
# Install POC dependencies
|
|
RUN pip install --no-cache-dir pytest pytest-asyncio
|
|
|
|
# Create results directory with proper permissions
|
|
RUN mkdir -p /results && chown -R nanobot:nanobot /results
|
|
|
|
# Switch to non-root user (but can be overridden for root testing)
|
|
USER nanobot
|
|
|
|
# Default command
|
|
CMD ["python", "-m", "nanobot", "--help"]
|