Sometimes, developers attempt to hide important source code inside a compiled Docker image. However, this procedure does not prevent code access or modification such as runtime-compiled JS. Files within a Docker image can be both accessed and patched, finally generating a new image, which then can be used e.g. in Docker Compose.
Retrieving a File
# inspect docker image
docker inspect target/target:latest
# create a temporary container labeled 'extract'
docker create --name extract target/target:latest
# copy the desired file
# file locations can be found using docker history or by inspecting the Image Layers on e.g. Dockerhub
docker cp extract:/app/server/dist/wanted.js wanted.jsPatching a File
Once the file in question has been modified, a new (modified) image can be built using the original as a base.
# create Dockerfile
nano Dockerfile
---
FROM target/target:latest
COPY wanted-modified.js /app/server/dist/wanted.js
---
# build the modified image
docker build -t target-modified:v1 .
# (optional) update docker-compose.yml
nano docker-compose.yml
---
services:
test:
image: target-modified:v1
---
docker compose up