From d07478e1bdecf3ea4f2d64c947e1aecad2c2cf40 Mon Sep 17 00:00:00 2001
From: Caleb Gilmour <caleb.gilmour@datadoghq.com>
Date: Thu, 17 Aug 2023 04:18:52 +1200
Subject: [PATCH] Fix findings from running semgrep (#269)

* Fix findings from running semgrep

```
semgrep --config "p/owasp-top-ten" --config "p/cwe-top-25" --config "p/r2c-security-audit" --text
```

* don't assume that api.github.com JSON is pretty formatted

---------

Co-authored-by: David Goffredo <david.goffredo@datadoghq.com>
---
 examples/cpp-tracing/compiled-in/Dockerfile      |  5 +++--
 examples/cpp-tracing/dynamic-loading/Dockerfile  | 16 ++++++----------
 .../dynamic-loading/docker-compose.yml           |  2 --
 .../cpp-tracing/unix-domain-socket/Dockerfile    |  2 +-
 .../bin/install-latest-dd-opentracing-cpp        |  2 +-
 examples/nginx-tracing/Dockerfile                |  4 ++--
 6 files changed, 13 insertions(+), 18 deletions(-)

diff --git a/examples/cpp-tracing/compiled-in/Dockerfile b/examples/cpp-tracing/compiled-in/Dockerfile
index b1239674..9d86987a 100644
--- a/examples/cpp-tracing/compiled-in/Dockerfile
+++ b/examples/cpp-tracing/compiled-in/Dockerfile
@@ -1,11 +1,11 @@
 FROM ubuntu:20.04
 
 RUN apt-get update && \
-  DEBIAN_FRONTEND=noninteractive apt-get -y install build-essential cmake wget coreutils
+  DEBIAN_FRONTEND=noninteractive apt-get -y install build-essential cmake wget coreutils jq
 
 # Download and install dd-opentracing-cpp library.
 RUN get_latest_release() { \
-  wget -qO- "https://api.github.com/repos/$1/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'; \
+  wget -qO- "https://api.github.com/repos/$1/releases/latest" | jq --raw-output .tag_name; \
   } && \
   VERSION="$(get_latest_release DataDog/dd-opentracing-cpp)" && \
   wget https://github.com/DataDog/dd-opentracing-cpp/archive/${VERSION}.tar.gz -O dd-opentracing-cpp.tar.gz && \
@@ -24,4 +24,5 @@ RUN g++ -std=c++14 -o tracer_example tracer_example.cpp -I/dd-opentracing-cpp/de
 # Add /usr/local/lib to LD_LIBRARY_PATH
 RUN ldconfig
 
+USER nobody
 CMD sleep 5 && ./tracer_example && sleep 25
diff --git a/examples/cpp-tracing/dynamic-loading/Dockerfile b/examples/cpp-tracing/dynamic-loading/Dockerfile
index 47273ee6..11a16825 100644
--- a/examples/cpp-tracing/dynamic-loading/Dockerfile
+++ b/examples/cpp-tracing/dynamic-loading/Dockerfile
@@ -1,23 +1,18 @@
 FROM ubuntu:20.04
 
 RUN apt-get update && \
-  DEBIAN_FRONTEND=noninteractive apt-get -y install build-essential cmake wget coreutils
+  DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install build-essential cmake ca-certificates wget coreutils jq
 
 # Download and install OpenTracing-cpp
-RUN get_latest_release() { \
-  wget -qO- "https://api.github.com/repos/$1/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'; \
-  } && \
-  DD_OPENTRACING_CPP_VERSION="$(get_latest_release DataDog/dd-opentracing-cpp)" && \
-  OPENTRACING_VERSION="$(get_latest_release opentracing/opentracing-cpp)" && \
-  wget https://github.com/opentracing/opentracing-cpp/archive/${OPENTRACING_VERSION}.tar.gz -O opentracing-cpp.tar.gz && \
+RUN wget https://github.com/opentracing/opentracing-cpp/archive/v1.6.0.tar.gz -O opentracing-cpp.tar.gz && \
   mkdir -p opentracing-cpp/.build && \
   tar zxvf opentracing-cpp.tar.gz -C ./opentracing-cpp/ --strip-components=1 && \
   cd opentracing-cpp/.build && \
   cmake .. && \
   make -j "$(nproc)" && \
-  make install && \
-  # Install dd-opentracing-cpp shared plugin.
-  wget https://github.com/DataDog/dd-opentracing-cpp/releases/download/${DD_OPENTRACING_CPP_VERSION}/linux-amd64-libdd_opentracing_plugin.so.gz && \
+  make install
+# Install dd-opentracing-cpp plugin
+RUN wget https://github.com/DataDog/dd-opentracing-cpp/releases/download/v1.3.7/linux-amd64-libdd_opentracing_plugin.so.gz && \
   gunzip linux-amd64-libdd_opentracing_plugin.so.gz -c > /usr/local/lib/libdd_opentracing_plugin.so
 
 
@@ -27,4 +22,5 @@ RUN g++ -std=c++14 -o tracer_example tracer_example.cpp -lopentracing
 # Add /usr/local/lib to LD_LIBRARY_PATH
 RUN ldconfig
 
+USER nobody
 CMD sleep 5 && ./tracer_example && sleep 25
diff --git a/examples/cpp-tracing/dynamic-loading/docker-compose.yml b/examples/cpp-tracing/dynamic-loading/docker-compose.yml
index 49d1b947..6e2eab67 100644
--- a/examples/cpp-tracing/dynamic-loading/docker-compose.yml
+++ b/examples/cpp-tracing/dynamic-loading/docker-compose.yml
@@ -17,5 +17,3 @@ services:
       - 'DD_LOG_LEVEL=error'
       - DD_API_KEY
     image: 'datadog/agent'
-    ports:
-        - "127.0.0.1:8126:8126"
diff --git a/examples/cpp-tracing/unix-domain-socket/Dockerfile b/examples/cpp-tracing/unix-domain-socket/Dockerfile
index 6a9b0ccc..927ca13a 100644
--- a/examples/cpp-tracing/unix-domain-socket/Dockerfile
+++ b/examples/cpp-tracing/unix-domain-socket/Dockerfile
@@ -1,6 +1,6 @@
 from ubuntu:20.04
 
-run apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install build-essential cmake wget coreutils
+run apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install build-essential cmake wget coreutils jq
 
 # Download and install the latest release of the Datadog C++ tracer library.
 copy bin/install-latest-dd-opentracing-cpp .
diff --git a/examples/cpp-tracing/unix-domain-socket/bin/install-latest-dd-opentracing-cpp b/examples/cpp-tracing/unix-domain-socket/bin/install-latest-dd-opentracing-cpp
index 84575ba3..7e735242 100755
--- a/examples/cpp-tracing/unix-domain-socket/bin/install-latest-dd-opentracing-cpp
+++ b/examples/cpp-tracing/unix-domain-socket/bin/install-latest-dd-opentracing-cpp
@@ -3,7 +3,7 @@
 set -e
 
 get_latest_release() {
-  wget -qO- "https://api.github.com/repos/$1/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'
+  wget -qO- "https://api.github.com/repos/$1/releases/latest" | jq --raw-output .tag_name
 }
 
 VERSION="$(get_latest_release DataDog/dd-opentracing-cpp)"
diff --git a/examples/nginx-tracing/Dockerfile b/examples/nginx-tracing/Dockerfile
index 1e44e629..3edd7b66 100644
--- a/examples/nginx-tracing/Dockerfile
+++ b/examples/nginx-tracing/Dockerfile
@@ -2,11 +2,11 @@
 FROM nginx:1.17.3
 
 RUN apt-get update && \
-  apt-get install -y wget tar
+  apt-get install -y wget tar jq
 
 # Install nginx-opentracing
 RUN get_latest_release() { \
-  wget -qO- "https://api.github.com/repos/$1/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/'; \
+  wget -qO- "https://api.github.com/repos/$1/releases/latest" | jq --raw-output .tag_name; \
   } && \
   NGINX_VERSION=`nginx -v 2>&1 > /dev/null | sed -E "s/^.*nginx\/(.*)/\\1/"`&& \
   OPENTRACING_NGINX_VERSION="$(get_latest_release opentracing-contrib/nginx-opentracing)" && \