我尝试在 docker 中运行 DeepFace,当我运行容器时出现与 OpenCV 相关的错误。
根据在线建议,我下载了 FFmpeg 包,它解决了 OpenCV 错误,并且容器内的一切运行正常。
我运行了 docker 扫描来检查安全问题,结果发现通过 FFmpeg 包引入了 4 个严重的问题
谁能帮助我避免这些安全问题?
以下是docker文件的内容:
RUN apt-get update
RUN apt-get install ffmpeg -y
RUN pip install flask flask_cors deepface numpy pillow flask_wtf
WORKDIR /app
COPY . /app
EXPOSE 84
CMD ["python","app.py"]
下面是使用 snyk 的 docker 扫描的结果,注意:我仅提供高严重性和严重程度的问题。
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-DEBIAN11-GDKPIXBUF-2960116
Introduced through: ffmpeg@7:4.3.4-0+deb11u1, gdk-pixbuf/[email protected]+dfsg-1, librsvg/[email protected]+dfsg-1
From: ffmpeg@7:4.3.4-0+deb11u1 > ffmpeg/libavcodec58@7:4.3.4-0+deb11u1 > librsvg/[email protected]+dfsg-1 > gdk-pixbuf/[email protected]+dfsg-1 > gdk-pixbuf/[email protected]+dfsg-1
From: gdk-pixbuf/[email protected]+dfsg-1 > gdk-pixbuf/[email protected]+dfsg-1
From: librsvg/[email protected]+dfsg-1 > gdk-pixbuf/[email protected]+dfsg-1
and 2 more...
Image layer: 'apt-get install ffmpeg -y'
✗ High severity vulnerability found in aom/libaom0
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-DEBIAN11-AOM-1085722
Introduced through: ffmpeg@7:4.3.4-0+deb11u1
From: ffmpeg@7:4.3.4-0+deb11u1 > ffmpeg/libavcodec58@7:4.3.4-0+deb11u1 > aom/[email protected]
Image layer: 'apt-get install ffmpeg -y'
✗ Critical severity vulnerability found in zlib/zlib1g
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-DEBIAN11-ZLIB-2976151
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > zlib/zlib1g@1:1.2.11.dfsg-2+deb11u1
Image layer: Introduced by your base image (python:3.9.13-slim)
✗ Critical severity vulnerability found in aom/libaom0
Description: Release of Invalid Pointer or Reference
Info: https://snyk.io/vuln/SNYK-DEBIAN11-AOM-1290331
Introduced through: ffmpeg@7:4.3.4-0+deb11u1
From: ffmpeg@7:4.3.4-0+deb11u1 > ffmpeg/libavcodec58@7:4.3.4-0+deb11u1 > aom/[email protected]
Image layer: 'apt-get install ffmpeg -y'
✗ Critical severity vulnerability found in aom/libaom0
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN11-AOM-1298721
Introduced through: ffmpeg@7:4.3.4-0+deb11u1
From: ffmpeg@7:4.3.4-0+deb11u1 > ffmpeg/libavcodec58@7:4.3.4-0+deb11u1 > aom/[email protected]
Image layer: 'apt-get install ffmpeg -y'
✗ Critical severity vulnerability found in aom/libaom0
Description: Buffer Overflow
Info: https://snyk.io/vuln/SNYK-DEBIAN11-AOM-1300249
Introduced through: ffmpeg@7:4.3.4-0+deb11u1
From: ffmpeg@7:4.3.4-0+deb11u1 > ffmpeg/libavcodec58@7:4.3.4-0+deb11u1 > aom/[email protected]
Image layer: 'apt-get install ffmpeg -y'
Organization: 16082204
Package manager: deb
Target file: Dockerfile
Project name: docker-image|face-verification-v2
Docker image: face-verification-v2
Platform: linux/amd64
Base image: python:3.9.13-slim
Licenses: enabled
Tested 314 dependencies for known issues, found 120 issues.
According to our scan, you are currently using the most secure version of the selected base image```