Skip to content

Define MIX_HOME within Dockerfile to prevent dynamic runtime definition

Lucas Charles requested to merge add-mix-home into master

By specifying MIX_HOME during the image build we ensure all dependencies are installed to the same location, preventing the location from changing dynamically when mix is first executed.

This does not change the runtime behavior of the analyzer itself, but it is affected when executing the container through the sast orchestrator.

Previously this led to the below error, so it appears some context switch from the docker-in-docker execution is at fault 🤔. Something interesting to watch out for.

Before

❯ docker run -it --volume "$PWD":/tmp/app --env CI_PROJECT_DIR=/tmp/app registry.gitlab.com/gitlab-org/security-products/analyzers/sobelow:latest /analyzer run
Found project in /tmp/app

❯ docker run -it --rm --env SAST_DEFAULT_ANALYZERS="sobelow"   --volume "$PWD":/code   --volume /var/run/docker.sock:/var/run/docker.sock   registry.gitlab.com/gitlab-org/security-products/sast:edge /app/bin/run code
2019/04/10 22:16:12 Copy project directory to containers
2019/04/10 22:16:12 [sobelow] Detect project using plugin
2019/04/10 22:16:12 [sobelow] Project is compatible
2019/04/10 22:16:12 [sobelow] Starting analyzer...
latest: Pulling from gitlab-org/security-products/analyzers/sobelow
Digest: sha256:150c4435f5240a2ed37bccdc9fa4cd85d4b359d4f28e332ccd5827e7d9e83453
Status: Image is up to date for registry.gitlab.com/gitlab-org/security-products/analyzers/sobelow:latest
Found project in /tmp/app
Could not find Hex, which is needed to build dependency :phoenix
** (Mix) Could not find an SCM for dependency :phoenix from ElixirPhoenix.MixProject
2019/04/10 22:16:20 exit status 1
Shall I install Hex? (if running non-interactively, use "mix local.hex --force") [Yn] 2019/04/10 22:16:21 Container exited with non zero status code

After

❯ docker run   --interactive --tty --rm --env SAST_DEFAULT_ANALYZERS="" --env SAST_ANALYZER_IMAGE_PREFIX="" --env SAST_ANALYZER_IMAGES="analyzer" --env SAST_PULL_ANALYZER_IMAGES="0"   --volume "$PWD":/code   --volume /var/run/docker.sock:/var/run/docker.sock   registry.gitlab.com/gitlab-org/security-products/sast:edge /app/bin/run code
2019/04/10 23:37:27 Copy project directory to containers
2019/04/10 23:37:27 [analyzer] No detection plugin named
2019/04/10 23:37:27 [analyzer] Starting analyzer...
Found project in /tmp/app
+----------------------------------------------------------------------------------------+
| Severity   | Tool       | Location                                                     |
+----------------------------------------------------------------------------------------+
| Unknown    | Sobelow    | lib/elixir_phoenix_web/controllers/page_controller.ex:9      |
|                                                                                        |
| Unsafe `binary_to_term`                                                                |
+----------------------------------------------------------------------------------------+
.....

cc @fcatteau

Edited by Lucas Charles

Merge request reports