From e886dc38e5f26a53d78cb228e8b09b8e01b3f4eb Mon Sep 17 00:00:00 2001
From: kira-offgrid <kira@offgridsec.com>
Date: Fri, 16 May 2025 05:00:14 +0000
Subject: [PATCH] fix: dockerfile.security.missing-user.missing-user-Dockerfile

---
 Dockerfile     |  9 +++++++++
 Dockerfile.bak | 44 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 Dockerfile.bak

diff --git a/Dockerfile b/Dockerfile
index a72642d..991a25e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -41,4 +41,13 @@ CMD ["streamlit", "run", "./webui/Main.py","--browser.serverAddress=127.0.0.1","
 ## For Linux or MacOS:
 # docker run -v $(pwd)/config.toml:/MoneyPrinterTurbo/config.toml -v $(pwd)/storage:/MoneyPrinterTurbo/storage -p 8501:8501 moneyprinterturbo
 ## For Windows:
+# Create a non-root user and group
+RUN groupadd -r appuser && useradd -r -g appuser appuser
+
+# Ensure application files are accessible to the non-root user
+RUN mkdir -p /app && chown -R appuser:appuser /app
+
+# Switch to non-root user
+USER appuser
+
 # docker run -v %cd%/config.toml:/MoneyPrinterTurbo/config.toml -v %cd%/storage:/MoneyPrinterTurbo/storage -p 8501:8501 moneyprinterturbo
\ No newline at end of file
diff --git a/Dockerfile.bak b/Dockerfile.bak
new file mode 100644
index 0000000..a72642d
--- /dev/null
+++ b/Dockerfile.bak
@@ -0,0 +1,44 @@
+# Use an official Python runtime as a parent image
+FROM python:3.11-slim-bullseye
+
+# Set the working directory in the container
+WORKDIR /MoneyPrinterTurbo
+
+# 设置/MoneyPrinterTurbo目录权限为777
+RUN chmod 777 /MoneyPrinterTurbo
+
+ENV PYTHONPATH="/MoneyPrinterTurbo"
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    git \
+    imagemagick \
+    ffmpeg \
+    && rm -rf /var/lib/apt/lists/*
+
+# Fix security policy for ImageMagick
+RUN sed -i '/<policy domain="path" rights="none" pattern="@\*"/d' /etc/ImageMagick-6/policy.xml
+
+# Copy only the requirements.txt first to leverage Docker cache
+COPY requirements.txt ./
+
+# Install Python dependencies
+RUN pip install --no-cache-dir -r requirements.txt
+
+# Now copy the rest of the codebase into the image
+COPY . .
+
+# Expose the port the app runs on
+EXPOSE 8501
+
+# Command to run the application
+CMD ["streamlit", "run", "./webui/Main.py","--browser.serverAddress=127.0.0.1","--server.enableCORS=True","--browser.gatherUsageStats=False"]
+
+# 1. Build the Docker image using the following command
+# docker build -t moneyprinterturbo .
+
+# 2. Run the Docker container using the following command
+## For Linux or MacOS:
+# docker run -v $(pwd)/config.toml:/MoneyPrinterTurbo/config.toml -v $(pwd)/storage:/MoneyPrinterTurbo/storage -p 8501:8501 moneyprinterturbo
+## For Windows:
+# docker run -v %cd%/config.toml:/MoneyPrinterTurbo/config.toml -v %cd%/storage:/MoneyPrinterTurbo/storage -p 8501:8501 moneyprinterturbo
\ No newline at end of file