From 4e644d50eccb0f39e47f02df228d97ee6cf165e4 Mon Sep 17 00:00:00 2001
From: Marcus Young <myoung34@my.apsu.edu>
Date: Sun, 4 Apr 2021 07:05:33 -0500
Subject: [PATCH 1/2] Bump alpine to resolve CVE-2021-28831

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index ed695fd..a9edf97 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.12.0
+FROM alpine:3.13.4
 
 LABEL maintainer="3vilpenguin@gmail.com"
 

From 4b6f5ff4edd6e2439d6aba22feca5e7a4f4443a6 Mon Sep 17 00:00:00 2001
From: Marcus Young <myoung34@my.apsu.edu>
Date: Sun, 4 Apr 2021 07:16:58 -0500
Subject: [PATCH 2/2] Allowlist CVE-2020-28928 as its resolved in musl 1.2.2
 and being flagged

---
 .claire.yml                | 3 +++
 .dockerignore              | 1 +
 .github/workflows/sast.yml | 2 +-
 3 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 .claire.yml

diff --git a/.claire.yml b/.claire.yml
new file mode 100644
index 0000000..3232448
--- /dev/null
+++ b/.claire.yml
@@ -0,0 +1,3 @@
+generalwhitelist:
+  # musl 1.2.2 resolves -> A buffer overflow (CVE-2020-28928) in wcsnrtombs has been fixed with the function essentially rewritten
+  CVE-2020-28928: musl
diff --git a/.dockerignore b/.dockerignore
index dad9161..226640d 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -4,3 +4,4 @@ Dockerfile
 Makefile
 .git
 LICENSE
+.claire.yml
diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml
index f1c089b..8bc24af 100644
--- a/.github/workflows/sast.yml
+++ b/.github/workflows/sast.yml
@@ -34,7 +34,7 @@ jobs:
       - name: Build
         run: docker build -t myoung34/tilty:latest .
       - name: Test
-        run: ./clair-scanner --ip $(ip -f inet addr show eth0 | grep -Po 'inet \K[\d.]+') myoung34/tilty:latest
+        run: ./clair-scanner -w .claire.yml --ip $(ip -f inet addr show eth0 | grep -Po 'inet \K[\d.]+') myoung34/tilty:latest
   bandit:
     runs-on: ubuntu-latest
     strategy: