From 19947a84aff2c8ae814c9368b4539cc882d01fbd Mon Sep 17 00:00:00 2001
From: GarrettBeatty <gcbeatty@amazon.com>
Date: Fri, 2 May 2025 15:07:35 -0400
Subject: [PATCH] Fix semgrep findings

---
 .semgrepignore                                    | 15 +++++++++++++++
 LambdaRuntimeDockerfiles/sample/Sample/Dockerfile |  3 +++
 2 files changed, 18 insertions(+)
 create mode 100644 .semgrepignore

diff --git a/.semgrepignore b/.semgrepignore
new file mode 100644
index 000000000..5a02b9ea5
--- /dev/null
+++ b/.semgrepignore
@@ -0,0 +1,15 @@
+# Ignore test and example files containing dummy credentials
+**/test/**/*.json
+**/tests/**/*.json
+**/SampleRequests/**/*.json
+**/*.example.*
+**/*.test.*
+**/*.min.js
+**/env.configs.yml
+
+# Ignore third-party libraries
+**/node_modules/**
+**/vendor/**
+**/dist/**
+**/build/**
+**/bootstrap/**/*.js
diff --git a/LambdaRuntimeDockerfiles/sample/Sample/Dockerfile b/LambdaRuntimeDockerfiles/sample/Sample/Dockerfile
index 755f2f08e..653983f67 100644
--- a/LambdaRuntimeDockerfiles/sample/Sample/Dockerfile
+++ b/LambdaRuntimeDockerfiles/sample/Sample/Dockerfile
@@ -17,4 +17,7 @@ RUN dotnet publish "Sample.csproj" -c Release -o /app/publish
 FROM base AS final
 COPY --from=publish /app/publish ${LAMBDA_TASK_ROOT}
 # ref. https://docs.aws.amazon.com/lambda/latest/dg/csharp-handler.html#csharp-handler-signatures
+# Create a non-root user and switch to it
+RUN adduser --disabled-password --gecos "" appuser
+USER appuser
 CMD [ "Sample::Sample.Function::FunctionHandler" ]