Class: ContainerFilesystemDiff

Inherits:
Dockscan::Modules::AuditModule show all
Defined in:
lib/dockscan/modules/audit/container-filesystem-diff.rb

Instance Attribute Summary

Attributes inherited from Dockscan::Modules::AuditModule

#scandata

Instance Method Summary collapse

Methods inherited from Dockscan::Modules::AuditModule

#idcontainer

Methods inherited from Dockscan::Modules::GenericModule

inherited, modules

Instance Method Details

#check(dockercheck) ⇒ Object 



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/dockscan/modules/audit/container-filesystem-diff.rb', line 7

def check(dockercheck)

  limit=5
  sp=Dockscan::Scan::Plugin.new
  si=Dockscan::Scan::Issue.new
  si.title="Container have higher number of changed files"
  si.description="Container have high number of changed files which is not recommended practice.\nThis is not recommended for production as data can be lost. It can also mean successful break in attempt."
  si.solution="It is recommended to have minimal number of changed files inside container and do not store data inside container. It is recommended to use volumes."
  si.severity=4 # Low
  si.risk = { "cvss" => 3.2 } 
  sp.vuln=si 
  sp.output=""
  if scandata.key?("GetContainers") and not scandata["GetContainers"].obj.empty?
    sp.state="run"
    scandata["GetContainers"].obj.each do |container|
      begin
        ps=container.changes
        if ps.count > limit then
          sp.state="vulnerable"
          allch = ''
          ps.each do |change|
            allch << change["Path"] << "\n"
          end
          sp.output << idcontainer(container) << " has more than #{limit} file changes: #{ps.count}\n"
          sp.output << allch
          sp.output << "\n"
        end
      rescue
      end
    end
  end
  return sp
end

#infoObject 



3
4
5
 
# File 'lib/dockscan/modules/audit/container-filesystem-diff.rb', line 3

def info
  return 'This plugin checks for filesystem differences'
end