Class: DockerExperimentalBuild

Inherits:

Dockscan::Modules::AuditModule

• Object
• Dockscan::Modules::GenericModule
• Dockscan::Modules::AuditModule
• DockerExperimentalBuild

Defined in:

lib/dockscan/modules/audit/docker-experimental-build.rb

Instance Attribute Summary

Attributes inherited from Dockscan::Modules::AuditModule

#scandata

Instance Method Summary

• #check(dockercheck) ⇒ Object
• #info ⇒ Object

Methods inherited from Dockscan::Modules::AuditModule

#idcontainer

Methods inherited from Dockscan::Modules::GenericModule

inherited, modules

Instance Method Details

#check(dockercheck) ⇒ Object

# File 'lib/dockscan/modules/audit/docker-experimental-build.rb', line 7

def check(dockercheck)
  sp=Dockscan::Scan::Plugin.new
  si=Dockscan::Scan::Issue.new
  si.title="Running Experimental version of Docker."
  si.description="Docker daemon reports it is running ExperimentalBuild.\nThis is not recommended for production as it might have problems and security issues."
  si.solution="It is recommended to replace Docker version with stable and production ready one."
  si.severity=6 # High
  si.risk = { "cvss" => 7.0 } 
  si.reflinks = {"Docker's Experimental Binary" => "https://blog.docker.com/2015/06/experimental-binary/"}
  sp.vuln=si 
  if scandata.key?("GetDockerInfo") and scandata["GetDockerInfo"].obj.key?("ExperimentalBuild")
    sp.state="run"
    if scandata["GetDockerInfo"].obj["ExperimentalBuild"] == true then
      sp.output = "Docker daemon reports it is running ExperimentalBuild."
      sp.state="vulnerable"
    end
  end
  return sp
end

#info ⇒ Object

# File 'lib/dockscan/modules/audit/docker-experimental-build.rb', line 3

def info
  return 'This plugin checks if docker is running Experimental Build'
end