Class: ContainerFilesystemDiff

Inherits:
Dockscan::Modules::AuditModule show all
Defined in:
lib/dockscan/modules/audit/container-filesystem-diff.rb

Instance Attribute Summary

Attributes inherited from Dockscan::Modules::AuditModule

#scandata

Instance Method Summary collapse

Methods inherited from Dockscan::Modules::AuditModule

#idcontainer

Methods inherited from Dockscan::Modules::GenericModule

inherited, modules

Instance Method Details

#check(dockercheck) ⇒ Object 



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'lib/dockscan/modules/audit/container-filesystem-diff.rb', line 7

def check(dockercheck)

	limit=5
	sp=Dockscan::Scan::Plugin.new
	si=Dockscan::Scan::Issue.new
	si.title="Container have higher number of changed files"
	si.description="Container have high number of changed files which is not recommended practice.\nThis is not recommended for production as data can be lost. It can also mean successful break in attempt."
	si.solution="It is recommended to have minimal number of changed files inside container and do not store data inside container. It is recommended to use volumes."
	si.severity=4 # Low
	si.risk = { "cvss" => 3.2 } 
	sp.vuln=si	
	sp.output=""
	if scandata.key?("GetContainers") and not scandata["GetContainers"].obj.empty?
		sp.state="run"
		scandata["GetContainers"].obj.each do |container|
			begin
				ps=container.changes
				if ps.count > limit then
					sp.state="vulnerable"
					allch = ''
					ps.each do |change|
						allch << change["Path"] << "\n"
					end
					sp.output << idcontainer(container) << " has more than #{limit} file changes: #{ps.count}\n"
					sp.output << allch
					sp.output << "\n"
				end
			rescue
			end
		end
	end
	return sp
end

#infoObject 



3
4
5
 
# File 'lib/dockscan/modules/audit/container-filesystem-diff.rb', line 3

def info
	return 'This plugin checks for filesystem differences'
end