From a48e1916162ab605616aa7a786ab687d50987fd0 Mon Sep 17 00:00:00 2001
From: Ian Brown <ian@zestysoft.com>
Date: Fri, 12 Apr 2024 21:31:48 -0700
Subject: [PATCH 1/4] Update Dockerfile to work with v5, update
 requirements.txt to cover cve vulnerabilities, and move the entrypoint code
 into a shell to allow for human plugin support

Signed-off-by: Ian Brown <ian@zestysoft.com>
---
 Dockerfile       | 20 ++++++++++++++------
 entrypoint.sh    | 10 ++++++++++
 requirements.txt |  5 +++--
 3 files changed, 27 insertions(+), 8 deletions(-)
 create mode 100755 entrypoint.sh

diff --git a/Dockerfile b/Dockerfile
index 5777a6e44..9fc901b1e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@ ADD . .
 RUN if [ -z "$(ls plugins/stockpile)" ]; then echo "stockpile plugin not downloaded - please ensure you recursively cloned the caldera git repository and try again."; exit 1; fi
 
 RUN apt-get update && \
-    apt-get -y install python3 python3-pip python3-venv git curl golang-go
+    apt-get -y install python3 python3-pip python3-venv git curl golang-go upx
 
 
 #WIN_BUILD is used to enable windows build in sandcat plugin
@@ -70,9 +70,17 @@ WORKDIR /usr/src/app/plugins/emu
 
 # If emu is enabled, complete necessary installation steps
 RUN if [ $(grep -c "\- emu" ../../conf/local.yml)  ]; then \
-    apt-get -y install zlib1g unzip;                \
-    pip3 install -r requirements.txt;               \
-    ./download_payloads.sh;                         \
+    apt-get -y install zlib1g unzip;                       \
+    pip3 install --no-cache-dir -r requirements.txt;       \
+    ./download_payloads.sh;                                \
+fi
+
+WORKDIR /usr/src/app/plugins/human
+
+  # If emu is enabled, complete necessary installation steps
+RUN if [ $(grep -c "\- human" ../../conf/local.yml)  ]; then \
+    apt-get -y install xvfb python3-tk python3-dev;          \
+    pip3 install --no-cache-dir -r requirements.txt;         \
 fi
 
 WORKDIR /usr/src/app
@@ -84,7 +92,7 @@ RUN apt-get update && \
     (cd plugins/magma && npm install) && \
     (cd plugins/magma && npm run build) && \
     # Remove Node.js, npm, and other unnecessary packages
-    apt-get remove -y nodejs npm && \
+    # apt-get remove -y nodejs npm && \
     apt-get autoremove -y && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
@@ -113,4 +121,4 @@ EXPOSE 8022
 # Default FTP port for FTP C2 channel
 EXPOSE 2222
 
-ENTRYPOINT ["python3", "server.py"]
+ENTRYPOINT ["/usr/src/app/entrypoint.sh"]
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 000000000..46d9e2ca8
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# Start Xvfb on display 99
+Xvfb :99 -screen 0 1024x768x16 &
+
+# Export DISPLAY variable
+export DISPLAY=:99
+
+touch /root/.Xauthority
+
+exec python3 server.py --build
diff --git a/requirements.txt b/requirements.txt
index a1890aa10..77a9466e4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,7 +5,7 @@ aiohttp-security==0.4.0
 aiohttp-apispec==3.0.0b2
 jinja2==3.1.3
 pyyaml==6.0.1
-cryptography==42.0.2
+cryptography==42.0.5
 websockets==11.0.3
 Sphinx==7.1.2
 sphinx_rtd_theme==1.3.0
@@ -20,6 +20,7 @@ rich==13.7.0
 svglib==1.5.1  # debrief
 Markdown==3.4.4  # training
 dnspython==2.4.2
-asyncssh==2.14.1
+asyncssh==2.14.2
 aioftp~=0.20.0
 packaging==23.2
+pydevd-pycharm~=241.14494.241

From 771d7a0d3fe54dbb22aeaa8570f35d1db9cfb092 Mon Sep 17 00:00:00 2001
From: Ian Brown <ian@zestysoft.com>
Date: Fri, 12 Apr 2024 21:38:02 -0700
Subject: [PATCH 2/4] Cleanup

Signed-off-by: Ian Brown <ian@zestysoft.com>
---
 requirements.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 77a9466e4..1d5c14fb9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -23,4 +23,3 @@ dnspython==2.4.2
 asyncssh==2.14.2
 aioftp~=0.20.0
 packaging==23.2
-pydevd-pycharm~=241.14494.241

From 230092f96312305a57baf166825a64ba10d5172a Mon Sep 17 00:00:00 2001
From: Ian Brown <ian@zestysoft.com>
Date: Fri, 12 Apr 2024 21:40:24 -0700
Subject: [PATCH 3/4] Cleanup

Signed-off-by: Ian Brown <ian@zestysoft.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 9fc901b1e..62ee6d5e6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -77,7 +77,7 @@ fi
 
 WORKDIR /usr/src/app/plugins/human
 
-  # If emu is enabled, complete necessary installation steps
+  # If human is enabled, complete necessary installation steps
 RUN if [ $(grep -c "\- human" ../../conf/local.yml)  ]; then \
     apt-get -y install xvfb python3-tk python3-dev;          \
     pip3 install --no-cache-dir -r requirements.txt;         \

From 5a767ff2d6aa27e07246d93255add36c32eca1b5 Mon Sep 17 00:00:00 2001
From: Ian Brown <ian@zestysoft.com>
Date: Fri, 12 Apr 2024 21:42:44 -0700
Subject: [PATCH 4/4] Cleanup

Signed-off-by: Ian Brown <ian@zestysoft.com>
---
 Dockerfile | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 62ee6d5e6..b84807d9a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -91,8 +91,7 @@ RUN apt-get update && \
     # Directly use npm to install dependencies and build the application
     (cd plugins/magma && npm install) && \
     (cd plugins/magma && npm run build) && \
-    # Remove Node.js, npm, and other unnecessary packages
-    # apt-get remove -y nodejs npm && \
+    # Remove other unnecessary packages and general cleanup
     apt-get autoremove -y && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*