unfetter
unfetter copied to clipboard
unfetter-discover
Enable NPM Config at build time
In the dockerfile, allow NPM configs to be run.
Allow an argument variable be passed to the dockerfile that will be an array of strings. Each item in the array should used to do an NPM config.
for item in array_of_configs do npm config $item done
apply to
- [ ] Unfetter discover api
This will be needed in unfetter-ui and most of the unfetter-store subprojects:
- unfetter-ctf-ingest
- unfetter-discover-api
- unfetter-discover-processor
- unfetter-threat-ingest
- unfetter-socket-server
Basically, wherever there is a Dockerfile with an npm i[nstall] command.
As for the concern re shell injection, I concur, but I know no other way, and the configurations we are talking about point to URLs, so I can't imagine how you can protect this.
One last comment: The command should be npm config set <key> <value> [-g|--global]
I think that's going to affect the scripting; I know with Ansible you can use hashes in YAML files to have multiple values in a loop:
npm_configs:
item1:
key: key1
value: value1
global: false
item2:
key: key2
value: value2
global: true
then
tasks:
- name: Write npm configuration
shell: npm config set {{ item.key }} {{ item.value }} {{ '-g' if item.global else '' }}
with_dict: npm_configs
I guess this technique could be used to write the Dockerfile for each dev build.
An alternative is to a .npmrc file ( https://docs.npmjs.com/files/npmrc ) and copy it into the image, which may be easier to manage vs build args. We could have ansible generate these files