FROM registry.yandex.net/ubuntu:bionic

MAINTAINER Eldar Zaitov <ezaitov@yandex-team.ru>

ENV DEBIAN_FRONTEND noninteractive
ENV DIST xenial

RUN apt-get update && \
    apt-get install -y software-properties-common supervisor && \
    apt-get -y install build-essential libssl-dev supervisor python-lxml python3-pip python3-dev \
    python-setuptools cron perl hostname phantomjs mc netcat && \
    mkdir -p /var/log/supervisor && mkdir -p /usr/lib/yandex/molly && mkdir -p /var/local/molly && mkdir -p /var/log/yandex && \
    mkdir -p /usr/lib/yandex/burp && mkdir -p /usr/lib/yandex/csp-fetcher && \
    mkdir -p /usr/lib/yandex/repeater && \
    apt-get install -y yandex-jdk8 yandex-openjdk13 && \
    apt-get clean

RUN wget https://crls.yandex.net/YandexInternalRootCA.crt -O /usr/local/share/ca-certificates/YandexInternalRootCA.crt && update-ca-certificates

ADD ./src/scripts/fixperms.sh /usr/bin/fix-perms.sh
RUN chown -R root:root /usr/bin/fix-perms.sh && \
    chmod +x /usr/bin/fix-perms.sh

RUN useradd -s /bin/bash -m burp 
COPY ./license/ /home/burp/
RUN chown -R burp:burp /home/burp

COPY ./etc/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
RUN chown -R root:root /etc/supervisor/

RUN sed -ri 's/^session\s+required\s+pam_loginuid.so$/#session required pam_loginuid.so/' /etc/pam.d/cron && \
    sed -ri 's/^session\s+required\s+pam_loginuid.so$/#session required pam_loginuid.so/' /etc/pam.d/login

COPY ./src/requirements.txt /usr/lib/yandex/molly/requirements.txt

RUN pip3 install --upgrade pip
RUN pip3 install -i https://pypi.yandex-team.ru/simple/ -r /usr/lib/yandex/molly/requirements.txt --no-cache-dir -U

COPY ./src/ /usr/lib/yandex/molly/
COPY ./crontab /usr/lib/yandex/molly/
COPY ./burp/ /usr/lib/yandex/burp/
COPY ./burp2/ /usr/lib/yandex/burp2/
COPY ./repeater/ /usr/lib/yandex/repeater/

RUN update-alternatives --set java /usr/local/jdk1.8.0_221/bin/java

RUN chown -R root:root /usr/lib/yandex/

RUN set -xe && \
    fix-perms.sh /usr/lib/yandex/molly && \
    fix-perms.sh /usr/lib/yandex/burp && \
    fix-perms.sh /usr/lib/yandex/burp2 && \
    fix-perms.sh /usr/lib/yandex/csp-fetcher && \
    chmod 755 /usr/lib/yandex/burp/gobuster && \
    chmod 755 /usr/lib/yandex/burp/molly_repeater && \
    chmod 644 /usr/lib/yandex/burp/fuzz.txt && \
    chmod -R 777 /var/log/yandex/ && \
    chmod -R 777 /var/local/molly/

RUN crontab /usr/lib/yandex/molly/crontab

CMD ["/usr/bin/supervisord", "--nodaemon", "-c", "/etc/supervisor/supervisord.conf"]
