iris-sast
diff --git a/‎Dockerfile‎
Lines changed: 1 addition & 0 deletions b/‎Dockerfile‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎README.md‎
Lines changed: 2 additions & 0 deletions b/‎README.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎data/Dockerfiles/DSpace_CVE-2025-53621_dspace-7.6.3/134/Dockerfile‎
Lines changed: 49 additions & 0 deletions b/‎data/Dockerfiles/DSpace_CVE-2025-53621_dspace-7.6.3/134/Dockerfile‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎data/Dockerfiles/DSpace_CVE-2025-53622_dspace-7.6.3/133/Dockerfile‎
Lines changed: 49 additions & 0 deletions b/‎data/Dockerfiles/DSpace_CVE-2025-53622_dspace-7.6.3/133/Dockerfile‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎data/Dockerfiles/DSpace__DSpace_CVE-2022-31192_5.10/88/Dockerfile‎
Lines changed: 46 additions & 0 deletions b/‎data/Dockerfiles/DSpace__DSpace_CVE-2022-31192_5.10/88/Dockerfile‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎data/Dockerfiles/DSpace__DSpace_CVE-2022-31194_5.10/37/Dockerfile‎
Lines changed: 46 additions & 0 deletions b/‎data/Dockerfiles/DSpace__DSpace_CVE-2022-31194_5.10/37/Dockerfile‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎data/Dockerfiles/DSpace__DSpace_CVE-2022-31195_5.10/35/Dockerfile‎
Lines changed: 46 additions & 0 deletions b/‎data/Dockerfiles/DSpace__DSpace_CVE-2022-31195_5.10/35/Dockerfile‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎data/Dockerfiles/ESAPI__esapi-java-legacy_CVE-2022-23457_2.2.3.1/23/Dockerfile‎
Lines changed: 46 additions & 0 deletions b/‎data/Dockerfiles/ESAPI__esapi-java-legacy_CVE-2022-23457_2.2.3.1/23/Dockerfile‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎data/Dockerfiles/ESAPI__esapi-java-legacy_CVE-2022-24891_2.2.3.1/82/Dockerfile‎
Lines changed: 46 additions & 0 deletions b/‎data/Dockerfiles/ESAPI__esapi-java-legacy_CVE-2022-24891_2.2.3.1/82/Dockerfile‎
Lines changed: 46 additions & 0 deletions
@@ -20,6 +20,7 @@ RUN apt-get update && apt-get install -y \
     apt-transport-https \
     ca-certificates \
     lsb-release \
+    docker.io \
     && rm -rf /var/lib/apt/lists/*
 
 # Add OpenJDK repository and install OpenJDK versions
 
@@ -10,6 +10,7 @@
 ⚠️ Code and data for the [ICLR 2025 Paper](https://arxiv.org/pdf/2405.17238) can be found in the v1 branch, license and citation below.
 
 ## 📰 News
+* **[Sep. 24, 2025]**: Added Docker integration for the main IRIS pipeline, released images for 189 CWE-Bench-Java CVEs on the [IRIS Docker Hub](https://hub.docker.com/r/irissast/cwe-bench-java-containers).
 * **[Aug. 30, 2025]**: Updated CWE-Bench-Java with 93 new CVEs and 38 CWEs.
 * **[Jul. 10, 2025]**: IRIS v2 released, added support for 7 new CWEs.
 
@@ -138,6 +139,7 @@ python src/iris.py --query cwe-022wLLM --run-id test --llm qwen2.5-coder-7b perw
 ```
 
 This will build the project, generate the CodeQL database, and analyze it for CWE-022 vulnerabilities using the specified LLM (qwen2.5-coder-7b). The output of these three steps will be stored under `data/build-info/`, `data/codeql-dbs/`, and `output/` respectively.
+Additionally, you can download an image from CWE-Bench-Java from our [Docker Hub](https://hub.docker.com/r/irissast/cwe-bench-java-containers), and use the ```--use-container" flag to run IRIS from a Docker container. You can use this flag with other Docker images as well.
 
 ## 💫 Contributions
 We welcome any contributions, pull requests, or issues!
 
@@ -0,0 +1,49 @@
+FROM eclipse-temurin:17-jdk AS builder
+LABEL org.opencontainers.image.source="https://github.com/DSpace/DSpace"
+LABEL org.opencontainers.image.description="Build environment for DSpace_CVE-2025-53621_dspace-7.6.3 (134)"
+LABEL org.opencontainers.image.title="DSpace_CVE-2025-53621_dspace-7.6.3:134"
+LABEL com.dataset.cve_id="CVE-2025-53621"
+LABEL com.dataset.cwe_id="CWE-611"
+LABEL com.dataset.cwe_name="CWE-611: Improper Restriction of XML External Entity Reference"
+LABEL com.dataset.advisory_id="GHSA-jjwr-5cfh-7xwh"
+LABEL com.dataset.project_slug="DSpace_CVE-2025-53621_dspace-7.6.3"
+LABEL com.dataset.status="success"
+WORKDIR /workspace
+RUN set -eux; \
+    if ! command -v git >/dev/null 2>&1; then \
+      apt-get update && apt-get install -y --no-install-recommends git ca-certificates && rm -rf /var/lib/apt/lists/*; \
+    fi
+
+# Install Maven 3.8.1
+RUN set -eux; \
+    apt-get update && apt-get install -y --no-install-recommends wget && \
+    wget -O /tmp/maven.tar.gz https://archive.apache.org/dist/maven/maven-3/3.8.1/binaries/apache-maven-3.8.1-bin.tar.gz && \
+    tar -xzf /tmp/maven.tar.gz -C /opt && \
+    ln -s /opt/apache-maven-* /opt/maven && \
+    rm /tmp/maven.tar.gz && \
+    apt-get remove -y wget && \
+    apt-get autoremove -y && \
+    rm -rf /var/lib/apt/lists/*
+ENV PATH=/opt/maven/bin:$PATH
+
+# Clone and checkout the desired revision
+ARG GIT_URL=https://github.com/DSpace/DSpace
+ARG GIT_URL
+ARG GIT_TAG=dspace-7.6.3
+ARG GIT_COMMIT=24357bdd9cf3bd05e4336d0c2d8a0cc7a2932417
+RUN set -eux; \
+    git clone "$GIT_URL" repo; \
+    cd repo; \
+    if [ -n "$GIT_COMMIT" ]; then git checkout "$GIT_COMMIT"; elif [ -n "$GIT_TAG" ]; then git checkout "$GIT_TAG"; fi
+
+# Prepare Maven local repository to avoid corrupted artifacts
+RUN set -eux; rm -rf /root/.m2/repository || true
+# Use Maven with debug logging and increased memory
+RUN set -eux; cd /workspace/repo; \
+    export MAVEN_OPTS='-Xmx2g -XX:+UseG1GC'; \
+    mvn -B -e -X -U -DskipTests package || \
+    (echo 'First build failed, retrying with clean...' && mvn clean && mvn -B -e -X -U -DskipTests package)
+
+# Use the builder stage as final image (contains sources and built artifacts)
+FROM scratch AS artifact
+COPY --from=builder /workspace/repo /repo
@@ -0,0 +1,49 @@
+FROM eclipse-temurin:17-jdk AS builder
+LABEL org.opencontainers.image.source="https://github.com/DSpace/DSpace"
+LABEL org.opencontainers.image.description="Build environment for DSpace_CVE-2025-53622_dspace-7.6.3 (133)"
+LABEL org.opencontainers.image.title="DSpace_CVE-2025-53622_dspace-7.6.3:133"
+LABEL com.dataset.cve_id="CVE-2025-53622"
+LABEL com.dataset.cwe_id="CWE-22"
+LABEL com.dataset.cwe_name="CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
+LABEL com.dataset.advisory_id="GHSA-vhvx-8xgc-99wf"
+LABEL com.dataset.project_slug="DSpace_CVE-2025-53622_dspace-7.6.3"
+LABEL com.dataset.status="success"
+WORKDIR /workspace
+RUN set -eux; \
+    if ! command -v git >/dev/null 2>&1; then \
+      apt-get update && apt-get install -y --no-install-recommends git ca-certificates && rm -rf /var/lib/apt/lists/*; \
+    fi
+
+# Install Maven 3.8.7
+RUN set -eux; \
+    apt-get update && apt-get install -y --no-install-recommends wget && \
+    wget -O /tmp/maven.tar.gz https://archive.apache.org/dist/maven/maven-3/3.8.7/binaries/apache-maven-3.8.7-bin.tar.gz && \
+    tar -xzf /tmp/maven.tar.gz -C /opt && \
+    ln -s /opt/apache-maven-* /opt/maven && \
+    rm /tmp/maven.tar.gz && \
+    apt-get remove -y wget && \
+    apt-get autoremove -y && \
+    rm -rf /var/lib/apt/lists/*
+ENV PATH=/opt/maven/bin:$PATH
+
+# Clone and checkout the desired revision
+ARG GIT_URL=https://github.com/DSpace/DSpace
+ARG GIT_URL
+ARG GIT_TAG=dspace-7.6.3
+ARG GIT_COMMIT=4da8ed69f44786dc33a3dd9a62ee719a51a4830e
+RUN set -eux; \
+    git clone "$GIT_URL" repo; \
+    cd repo; \
+    if [ -n "$GIT_COMMIT" ]; then git checkout "$GIT_COMMIT"; elif [ -n "$GIT_TAG" ]; then git checkout "$GIT_TAG"; fi
+
+# Prepare Maven local repository to avoid corrupted artifacts
+RUN set -eux; rm -rf /root/.m2/repository || true
+# Use Maven with debug logging and increased memory
+RUN set -eux; cd /workspace/repo; \
+    export MAVEN_OPTS='-Xmx2g -XX:+UseG1GC'; \
+    mvn -B -e -X -U -DskipTests package || \
+    (echo 'First build failed, retrying with clean...' && mvn clean && mvn -B -e -X -U -DskipTests package)
+
+# Use the builder stage as final image (contains sources and built artifacts)
+FROM scratch AS artifact
+COPY --from=builder /workspace/repo /repo
@@ -0,0 +1,46 @@
+FROM eclipse-temurin:8-jdk AS builder
+LABEL org.opencontainers.image.source="https://github.com/DSpace/DSpace"
+LABEL org.opencontainers.image.description="Build environment for DSpace__DSpace_CVE-2022-31192_5.10 (88)"
+LABEL org.opencontainers.image.title="DSpace__DSpace_CVE-2022-31192_5.10:88"
+LABEL com.dataset.cve_id="CVE-2022-31192"
+LABEL com.dataset.cwe_id="CWE-079"
+LABEL com.dataset.cwe_name="Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+LABEL com.dataset.advisory_id="GHSA-4wm8-c2vv-xrpq"
+LABEL com.dataset.project_slug="DSpace__DSpace_CVE-2022-31192_5.10"
+LABEL com.dataset.status="success"
+WORKDIR /workspace
+RUN set -eux; \
+    if ! command -v git >/dev/null 2>&1; then \
+      apt-get update && apt-get install -y --no-install-recommends git ca-certificates && rm -rf /var/lib/apt/lists/*; \
+    fi
+
+# Install Maven 3.5.0
+RUN set -eux; \
+    apt-get update && apt-get install -y --no-install-recommends wget && \
+    wget -O /tmp/maven.tar.gz https://archive.apache.org/dist/maven/maven-3/3.5.0/binaries/apache-maven-3.5.0-bin.tar.gz && \
+    tar -xzf /tmp/maven.tar.gz -C /opt && \
+    ln -s /opt/apache-maven-* /opt/maven && \
+    rm /tmp/maven.tar.gz && \
+    apt-get remove -y wget && \
+    apt-get autoremove -y && \
+    rm -rf /var/lib/apt/lists/*
+ENV PATH=/opt/maven/bin:$PATH
+
+# Clone and checkout the desired revision
+ARG GIT_URL=https://github.com/DSpace/DSpace
+ARG GIT_URL
+ARG GIT_TAG=5.10
+ARG GIT_COMMIT=eca7968be7d6b9f8f5f302c9fc09f8186ed4809e
+RUN set -eux; \
+    git clone "$GIT_URL" repo; \
+    cd repo; \
+    if [ -n "$GIT_COMMIT" ]; then git checkout "$GIT_COMMIT"; elif [ -n "$GIT_TAG" ]; then git checkout "$GIT_TAG"; fi
+
+# Prepare Maven local repository to avoid corrupted artifacts
+RUN set -eux; rm -rf /root/.m2/repository || true
+# Use Maven
+RUN set -eux; cd /workspace/repo; mvn -B -e -U -DskipTests package
+
+# Use the builder stage as final image (contains sources and built artifacts)
+FROM scratch AS artifact
+COPY --from=builder /workspace/repo /repo
@@ -0,0 +1,46 @@
+FROM eclipse-temurin:8-jdk AS builder
+LABEL org.opencontainers.image.source="https://github.com/DSpace/DSpace"
+LABEL org.opencontainers.image.description="Build environment for DSpace__DSpace_CVE-2022-31194_5.10 (37)"
+LABEL org.opencontainers.image.title="DSpace__DSpace_CVE-2022-31194_5.10:37"
+LABEL com.dataset.cve_id="CVE-2022-31194"
+LABEL com.dataset.cwe_id="CWE-022"
+LABEL com.dataset.cwe_name="Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
+LABEL com.dataset.advisory_id="GHSA-qp5m-c3m9-8q2p"
+LABEL com.dataset.project_slug="DSpace__DSpace_CVE-2022-31194_5.10"
+LABEL com.dataset.status="success"
+WORKDIR /workspace
+RUN set -eux; \
+    if ! command -v git >/dev/null 2>&1; then \
+      apt-get update && apt-get install -y --no-install-recommends git ca-certificates && rm -rf /var/lib/apt/lists/*; \
+    fi
+
+# Install Maven 3.5.0
+RUN set -eux; \
+    apt-get update && apt-get install -y --no-install-recommends wget && \
+    wget -O /tmp/maven.tar.gz https://archive.apache.org/dist/maven/maven-3/3.5.0/binaries/apache-maven-3.5.0-bin.tar.gz && \
+    tar -xzf /tmp/maven.tar.gz -C /opt && \
+    ln -s /opt/apache-maven-* /opt/maven && \
+    rm /tmp/maven.tar.gz && \
+    apt-get remove -y wget && \
+    apt-get autoremove -y && \
+    rm -rf /var/lib/apt/lists/*
+ENV PATH=/opt/maven/bin:$PATH
+
+# Clone and checkout the desired revision
+ARG GIT_URL=https://github.com/DSpace/DSpace
+ARG GIT_URL
+ARG GIT_TAG=5.10
+ARG GIT_COMMIT=eca7968be7d6b9f8f5f302c9fc09f8186ed4809e
+RUN set -eux; \
+    git clone "$GIT_URL" repo; \
+    cd repo; \
+    if [ -n "$GIT_COMMIT" ]; then git checkout "$GIT_COMMIT"; elif [ -n "$GIT_TAG" ]; then git checkout "$GIT_TAG"; fi
+
+# Prepare Maven local repository to avoid corrupted artifacts
+RUN set -eux; rm -rf /root/.m2/repository || true
+# Use Maven
+RUN set -eux; cd /workspace/repo; mvn -B -e -U -DskipTests package
+
+# Use the builder stage as final image (contains sources and built artifacts)
+FROM scratch AS artifact
+COPY --from=builder /workspace/repo /repo
@@ -0,0 +1,46 @@
+FROM eclipse-temurin:8-jdk AS builder
+LABEL org.opencontainers.image.source="https://github.com/DSpace/DSpace"
+LABEL org.opencontainers.image.description="Build environment for DSpace__DSpace_CVE-2022-31195_5.10 (35)"
+LABEL org.opencontainers.image.title="DSpace__DSpace_CVE-2022-31195_5.10:35"
+LABEL com.dataset.cve_id="CVE-2022-31195"
+LABEL com.dataset.cwe_id="CWE-022"
+LABEL com.dataset.cwe_name="Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
+LABEL com.dataset.advisory_id="GHSA-8rmh-55h4-93h5"
+LABEL com.dataset.project_slug="DSpace__DSpace_CVE-2022-31195_5.10"
+LABEL com.dataset.status="success"
+WORKDIR /workspace
+RUN set -eux; \
+    if ! command -v git >/dev/null 2>&1; then \
+      apt-get update && apt-get install -y --no-install-recommends git ca-certificates && rm -rf /var/lib/apt/lists/*; \
+    fi
+
+# Install Maven 3.5.0
+RUN set -eux; \
+    apt-get update && apt-get install -y --no-install-recommends wget && \
+    wget -O /tmp/maven.tar.gz https://archive.apache.org/dist/maven/maven-3/3.5.0/binaries/apache-maven-3.5.0-bin.tar.gz && \
+    tar -xzf /tmp/maven.tar.gz -C /opt && \
+    ln -s /opt/apache-maven-* /opt/maven && \
+    rm /tmp/maven.tar.gz && \
+    apt-get remove -y wget && \
+    apt-get autoremove -y && \
+    rm -rf /var/lib/apt/lists/*
+ENV PATH=/opt/maven/bin:$PATH
+
+# Clone and checkout the desired revision
+ARG GIT_URL=https://github.com/DSpace/DSpace
+ARG GIT_URL
+ARG GIT_TAG=5.10
+ARG GIT_COMMIT=eca7968be7d6b9f8f5f302c9fc09f8186ed4809e
+RUN set -eux; \
+    git clone "$GIT_URL" repo; \
+    cd repo; \
+    if [ -n "$GIT_COMMIT" ]; then git checkout "$GIT_COMMIT"; elif [ -n "$GIT_TAG" ]; then git checkout "$GIT_TAG"; fi
+
+# Prepare Maven local repository to avoid corrupted artifacts
+RUN set -eux; rm -rf /root/.m2/repository || true
+# Use Maven
+RUN set -eux; cd /workspace/repo; mvn -B -e -U -DskipTests package
+
+# Use the builder stage as final image (contains sources and built artifacts)
+FROM scratch AS artifact
+COPY --from=builder /workspace/repo /repo
@@ -0,0 +1,46 @@
+FROM eclipse-temurin:8-jdk AS builder
+LABEL org.opencontainers.image.source="https://github.com/ESAPI/esapi-java-legacy"
+LABEL org.opencontainers.image.description="Build environment for ESAPI__esapi-java-legacy_CVE-2022-23457_2.2.3.1 (23)"
+LABEL org.opencontainers.image.title="ESAPI__esapi-java-legacy_CVE-2022-23457_2.2.3.1:23"
+LABEL com.dataset.cve_id="CVE-2022-23457"
+LABEL com.dataset.cwe_id="CWE-022"
+LABEL com.dataset.cwe_name="Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
+LABEL com.dataset.advisory_id="GHSA-8m5h-hrqm-pxm2"
+LABEL com.dataset.project_slug="ESAPI__esapi-java-legacy_CVE-2022-23457_2.2.3.1"
+LABEL com.dataset.status="success"
+WORKDIR /workspace
+RUN set -eux; \
+    if ! command -v git >/dev/null 2>&1; then \
+      apt-get update && apt-get install -y --no-install-recommends git ca-certificates && rm -rf /var/lib/apt/lists/*; \
+    fi
+
+# Install Maven 3.5.0
+RUN set -eux; \
+    apt-get update && apt-get install -y --no-install-recommends wget && \
+    wget -O /tmp/maven.tar.gz https://archive.apache.org/dist/maven/maven-3/3.5.0/binaries/apache-maven-3.5.0-bin.tar.gz && \
+    tar -xzf /tmp/maven.tar.gz -C /opt && \
+    ln -s /opt/apache-maven-* /opt/maven && \
+    rm /tmp/maven.tar.gz && \
+    apt-get remove -y wget && \
+    apt-get autoremove -y && \
+    rm -rf /var/lib/apt/lists/*
+ENV PATH=/opt/maven/bin:$PATH
+
+# Clone and checkout the desired revision
+ARG GIT_URL=https://github.com/ESAPI/esapi-java-legacy
+ARG GIT_URL
+ARG GIT_TAG=2.2.3.1
+ARG GIT_COMMIT=2e8694c6beb3bdbb2645b882eba72ce41bc63242
+RUN set -eux; \
+    git clone "$GIT_URL" repo; \
+    cd repo; \
+    if [ -n "$GIT_COMMIT" ]; then git checkout "$GIT_COMMIT"; elif [ -n "$GIT_TAG" ]; then git checkout "$GIT_TAG"; fi
+
+# Prepare Maven local repository to avoid corrupted artifacts
+RUN set -eux; rm -rf /root/.m2/repository || true
+# Use Maven
+RUN set -eux; cd /workspace/repo; mvn -B -e -U -DskipTests package
+
+# Use the builder stage as final image (contains sources and built artifacts)
+FROM scratch AS artifact
+COPY --from=builder /workspace/repo /repo
@@ -0,0 +1,46 @@
+FROM eclipse-temurin:8-jdk AS builder
+LABEL org.opencontainers.image.source="https://github.com/ESAPI/esapi-java-legacy"
+LABEL org.opencontainers.image.description="Build environment for ESAPI__esapi-java-legacy_CVE-2022-24891_2.2.3.1 (82)"
+LABEL org.opencontainers.image.title="ESAPI__esapi-java-legacy_CVE-2022-24891_2.2.3.1:82"
+LABEL com.dataset.cve_id="CVE-2022-24891"
+LABEL com.dataset.cwe_id="CWE-079"
+LABEL com.dataset.cwe_name="Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+LABEL com.dataset.advisory_id="GHSA-q77q-vx4q-xx6q"
+LABEL com.dataset.project_slug="ESAPI__esapi-java-legacy_CVE-2022-24891_2.2.3.1"
+LABEL com.dataset.status="success"
+WORKDIR /workspace
+RUN set -eux; \
+    if ! command -v git >/dev/null 2>&1; then \
+      apt-get update && apt-get install -y --no-install-recommends git ca-certificates && rm -rf /var/lib/apt/lists/*; \
+    fi
+
+# Install Maven 3.5.0
+RUN set -eux; \
+    apt-get update && apt-get install -y --no-install-recommends wget && \
+    wget -O /tmp/maven.tar.gz https://archive.apache.org/dist/maven/maven-3/3.5.0/binaries/apache-maven-3.5.0-bin.tar.gz && \
+    tar -xzf /tmp/maven.tar.gz -C /opt && \
+    ln -s /opt/apache-maven-* /opt/maven && \
+    rm /tmp/maven.tar.gz && \
+    apt-get remove -y wget && \
+    apt-get autoremove -y && \
+    rm -rf /var/lib/apt/lists/*
+ENV PATH=/opt/maven/bin:$PATH
+
+# Clone and checkout the desired revision
+ARG GIT_URL=https://github.com/ESAPI/esapi-java-legacy
+ARG GIT_URL
+ARG GIT_TAG=2.2.3.1
+ARG GIT_COMMIT=2e8694c6beb3bdbb2645b882eba72ce41bc63242
+RUN set -eux; \
+    git clone "$GIT_URL" repo; \
+    cd repo; \
+    if [ -n "$GIT_COMMIT" ]; then git checkout "$GIT_COMMIT"; elif [ -n "$GIT_TAG" ]; then git checkout "$GIT_TAG"; fi
+
+# Prepare Maven local repository to avoid corrupted artifacts
+RUN set -eux; rm -rf /root/.m2/repository || true
+# Use Maven
+RUN set -eux; cd /workspace/repo; mvn -B -e -U -DskipTests package
+
+# Use the builder stage as final image (contains sources and built artifacts)
+FROM scratch AS artifact
+COPY --from=builder /workspace/repo /repo