Security Improvement

Author: Javier-RSP

Dockerfile-Kubernetes

@@ -1,7 +1,9 @@
-FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build-env
+FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build-env
 
-RUN sed -i "s|MinProtocol = TLSv1.2|MinProtocol = TLSv1|g" /etc/ssl/openssl.cnf && \
-    sed -i 's|CipherString = DEFAULT@SECLEVEL=2|CipherString = DEFAULT@SECLEVEL=1|g' /etc/ssl/openssl.cnf
+RUN sed -i 's/\[openssl_init\]/# [openssl_init]/' /etc/ssl/openssl.cnf &&\
+    printf "\n\n[openssl_init]\nssl_conf = ssl_sect" >> /etc/ssl/openssl.cnf &&\
+    printf "\n\n[ssl_sect]\nsystem_default = ssl_default_sect" >> /etc/ssl/openssl.cnf &&\
+    printf "\n\n[ssl_default_sect]\nMinProtocol = TLSv1\nCipherString = DEFAULT@SECLEVEL=0\n" >> /etc/ssl/openssl.cnf
 
 RUN apt-get update && apt-get install -y --no-install-recommends curl
 
@@ -15,17 +17,20 @@ COPY . ./
 
 RUN dotnet publish Gnoss.BackgroundTask.CacheRefresh/Gnoss.BackgroundTask.CacheRefresh.csproj -c Release -o out
 
-FROM mcr.microsoft.com/dotnet/aspnet:6.0
+FROM mcr.microsoft.com/dotnet/aspnet:8.0
 
-RUN sed -i "s|MinProtocol = TLSv1.2|MinProtocol = TLSv1|g" /etc/ssl/openssl.cnf && \
-    sed -i 's|CipherString = DEFAULT@SECLEVEL=2|CipherString = DEFAULT@SECLEVEL=1|g' /etc/ssl/openssl.cnf
+RUN sed -i 's/\[openssl_init\]/# [openssl_init]/' /etc/ssl/openssl.cnf &&\
+    printf "\n\n[openssl_init]\nssl_conf = ssl_sect" >> /etc/ssl/openssl.cnf &&\
+    printf "\n\n[ssl_sect]\nsystem_default = ssl_default_sect" >> /etc/ssl/openssl.cnf &&\
+    printf "\n\n[ssl_default_sect]\nMinProtocol = TLSv1\nCipherString = DEFAULT@SECLEVEL=0\n" >> /etc/ssl/openssl.cnf
 
 RUN apt-get update && apt-get install -y --no-install-recommends curl
 
 WORKDIR /app
-RUN useradd -r gnoss
-RUN chown -R gnoss:gnoss /app
-RUN chmod -R 777 /app
+RUN groupadd -g 1000 gnoss && useradd -u 1000 -g 1000 gnoss &&\
+	mkdir -p logs trazas &&\
+	chown -R gnoss:gnoss logs trazas && chmod -R 777 logs trazas
+	
 USER gnoss
 
 COPY --from=build-env /app/out .

Gnoss.BackgroundTask.CacheRefresh/CacheRefreshWorker.cs

@@ -1,3 +1,4 @@
+using Es.Riam.Gnoss.CL.ServiciosGenerales;
 using Es.Riam.Gnoss.Servicios;
 using Es.Riam.Gnoss.Util.Configuracion;
 using Es.Riam.Gnoss.Win.RefrescoCache;
@@ -16,19 +17,20 @@ public class CacheRefreshWorker : Worker
     {
         private readonly ILogger<CacheRefreshWorker> _logger;
         private readonly ConfigService _configService;
-
-        public CacheRefreshWorker(ILogger<CacheRefreshWorker> logger, ConfigService configService, IServiceScopeFactory scopeFactory) : base(logger, scopeFactory)
+        private ILoggerFactory mLoggerFactory;
+        public CacheRefreshWorker(ILogger<CacheRefreshWorker> logger, ConfigService configService, IServiceScopeFactory scopeFactory, ILoggerFactory loggerFactory) : base(logger, scopeFactory)
         {
             _logger = logger;
             _configService = configService;
+            mLoggerFactory = loggerFactory;
         }
 
         protected override List<ControladorServicioGnoss> ObtenerControladores()
         {
             List<ControladorServicioGnoss> controladores = new List<ControladorServicioGnoss>();
             int numMaxPeticionesWebSimultaneas = _configService.ObtenerNumMaxPeticionesWebSimultaneas();
 
-            controladores.Add(new ControladorRefrescoCache(numMaxPeticionesWebSimultaneas, ScopedFactory, _configService));
+            controladores.Add(new ControladorRefrescoCache(numMaxPeticionesWebSimultaneas, ScopedFactory, _configService, mLoggerFactory.CreateLogger<ControladorRefrescoCache>(), mLoggerFactory));
             return controladores;
         }
     }