7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
# File 'lib/dockscan/modules/audit/container-number-process.rb', line 7
def check(dockercheck)
limit=1
sp=Dockscan::Scan::Plugin.new
si=Dockscan::Scan::Issue.new
si.title="Container have higher number of processess"
si.description="Container have more than allowable number of processes.\nThis is not recommended for production as it does not provide intended isolation."
si.solution="It is recommended to have single process inside container. If you have more than one process, it is recommended to split them in separate containers."
si.severity=4 si.risk = { "cvss" => 3.2 }
sp.vuln=si
sp.output=""
if scandata.key?("GetContainersRunning") and not scandata["GetContainersRunning"].obj.empty?
sp.state="run"
scandata["GetContainersRunning"].obj.each do |container|
ps=container.top
if ps.count > limit then
sp.state="vulnerable"
sp.output << idcontainer(container) << " has more than #{limit} process(es): #{ps.count}\n"
ps.each do |process|
sp.output << process["CMD"] << "\n"
end
sp.output << "\n"
end
end
end
return sp
end
|