Class: ContainerNumberProcess

Inherits:
Dockscan::Modules::AuditModule show all
Defined in:
lib/dockscan/modules/audit/container-number-process.rb

Instance Attribute Summary

Attributes inherited from Dockscan::Modules::AuditModule

#scandata

Instance Method Summary collapse

Methods inherited from Dockscan::Modules::AuditModule

#idcontainer

Methods inherited from Dockscan::Modules::GenericModule

inherited, modules

Instance Method Details

#check(dockercheck) ⇒ Object 



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/dockscan/modules/audit/container-number-process.rb', line 7

def check(dockercheck)

  limit=1
  sp=Dockscan::Scan::Plugin.new
  si=Dockscan::Scan::Issue.new
  si.title="Container have higher number of processess"
  si.description="Container have more than allowable number of processes.\nThis is not recommended for production as it does not provide intended isolation."
  si.solution="It is recommended to have single process inside container. If you have more than one process, it is recommended to split them in separate containers."
  si.severity=4 # Low
  si.risk = { "cvss" => 3.2 } 
  sp.vuln=si 
  sp.output=""
  if scandata.key?("GetContainersRunning") and not scandata["GetContainersRunning"].obj.empty?
    sp.state="run"
    scandata["GetContainersRunning"].obj.each do |container|
      ps=container.top
      if ps.count > limit then
        sp.state="vulnerable"
        sp.output << idcontainer(container) << " has more than #{limit} process(es): #{ps.count}\n"
        ps.each do |process|
          sp.output << process["CMD"] << "\n"
        end
        sp.output << "\n"
      end
    end
  end
  return sp
end

#infoObject 



3
4
5
 
# File 'lib/dockscan/modules/audit/container-number-process.rb', line 3

def info
  return 'This plugin checks number of container processes'
end