7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
# File 'lib/dockscan/modules/audit/container-filesystem-diff.rb', line 7
def check(dockercheck)
limit=5
sp=Dockscan::Scan::Plugin.new
si=Dockscan::Scan::Issue.new
si.title="Container have higher number of changed files"
si.description="Container have high number of changed files which is not recommended practice.\nThis is not recommended for production as data can be lost. It can also mean successful break in attempt."
si.solution="It is recommended to have minimal number of changed files inside container and do not store data inside container. It is recommended to use volumes."
si.severity=4 si.risk = { "cvss" => 3.2 }
sp.vuln=si
sp.output=""
if scandata.key?("GetContainers") and not scandata["GetContainers"].obj.empty?
sp.state="run"
scandata["GetContainers"].obj.each do |container|
begin
ps=container.changes
if ps.count > limit then
sp.state="vulnerable"
allch = ''
ps.each do |change|
allch << change["Path"] << "\n"
end
sp.output << idcontainer(container) << " has more than #{limit} file changes: #{ps.count}\n"
sp.output << allch
sp.output << "\n"
end
rescue
end
end
end
return sp
end
|