mcp-security-hub/web-security/sqlmap-mcp/Dockerfile at master · FuzzingLabs/mcp-security-hub · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# SQLMap MCP Server
# Production-ready Docker image with security hardening

FROM python:3.12-alpine AS production

# Labels
LABEL org.opencontainers.image.source="https://github.com/FuzzingLabs/offensive-security-mcps"
LABEL org.opencontainers.image.description="SQLMap MCP Server - SQL injection detection and exploitation"
LABEL org.opencontainers.image.licenses="MIT"
LABEL org.opencontainers.image.vendor="Fuzzing Labs"

# Security: Create non-root user
RUN addgroup -g 1000 mcpuser && \
    adduser -D -u 1000 -G mcpuser mcpuser

# Install runtime dependencies
RUN apk add --no-cache \
    ca-certificates \
    tini \
    git \
    && rm -rf /var/cache/apk/*

WORKDIR /app

# Clone sqlmap
RUN git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git /opt/sqlmap && \
    chown -R mcpuser:mcpuser /opt/sqlmap

# Verify sqlmap installation
RUN python /opt/sqlmap/sqlmap.py --version

# Copy requirements first for layer caching
COPY --chown=mcpuser:mcpuser requirements.txt ./

# Install Python dependencies
RUN pip install --no-cache-dir -r requirements.txt

# Copy application files
COPY --chown=mcpuser:mcpuser . .

# Create output directory
RUN mkdir -p /app/output && chown -R mcpuser:mcpuser /app

# Switch to non-root user
USER mcpuser

# Environment variables
ENV SQLMAP_PATH=/opt/sqlmap/sqlmap.py
ENV SQLMAP_OUTPUT_DIR=/app/output
ENV MCP_SERVER_HOST=0.0.0.0
ENV MCP_SERVER_PORT=3000
ENV PYTHONUNBUFFERED=1

# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD ps aux | grep -v grep | grep "python.*server.py" > /dev/null || exit 1

# Expose MCP server port
EXPOSE 3000

# Use tini for proper signal handling
ENTRYPOINT ["/sbin/tini", "--"]

# Start MCP server
CMD ["python", "server.py"]