fix: dockerfile.security.missing-user.missing-user

Dockerfile

@@ -1,44 +1,28 @@
-# Use an official Python runtime as a parent image
-FROM python:3.11-slim-bullseye
+FROM python:3.10-slim
 
-# Set the working directory in the container
-WORKDIR /MoneyPrinterTurbo
-
-# 设置/MoneyPrinterTurbo目录权限为777
-RUN chmod 777 /MoneyPrinterTurbo
-
-ENV PYTHONPATH="/MoneyPrinterTurbo"
+WORKDIR /app
 
 # Install system dependencies
 RUN apt-get update && apt-get install -y \
+    build-essential \
+    curl \
+    software-properties-common \
     git \
-    imagemagick \
-    ffmpeg \
     && rm -rf /var/lib/apt/lists/*
 
-# Fix security policy for ImageMagick
-RUN sed -i '/<policy domain="path" rights="none" pattern="@\*"/d' /etc/ImageMagick-6/policy.xml
-
-# Copy only the requirements.txt first to leverage Docker cache
-COPY requirements.txt ./
-
 # Install Python dependencies
-RUN pip install --no-cache-dir -r requirements.txt
+COPY requirements.txt .
+RUN pip3 install --no-cache-dir -r requirements.txt
 
-# Now copy the rest of the codebase into the image
+# Copy the application code
 COPY . .
 
-# Expose the port the app runs on
-EXPOSE 8501
+# Create a non-root user
+RUN groupadd -r appuser -g 1001 && \
+    useradd -r -g appuser -u 1001 -d /app appuser && \
+    chown -R appuser:appuser /app
 
-# Command to run the application
-CMD ["streamlit", "run", "./webui/Main.py","--browser.serverAddress=127.0.0.1","--server.enableCORS=True","--browser.gatherUsageStats=False"]
+# Switch to non-root user
+USER appuser
 
-# 1. Build the Docker image using the following command
-# docker build -t moneyprinterturbo .
-
-# 2. Run the Docker container using the following command
-## For Linux or MacOS:
-# docker run -v $(pwd)/config.toml:/MoneyPrinterTurbo/config.toml -v $(pwd)/storage:/MoneyPrinterTurbo/storage -p 8501:8501 moneyprinterturbo
-## For Windows:
-# docker run -v %cd%/config.toml:/MoneyPrinterTurbo/config.toml -v %cd%/storage:/MoneyPrinterTurbo/storage -p 8501:8501 moneyprinterturbo
+ENTRYPOINT ["python", "main.py"]