Class: DockerIPV4Forwarding

Inherits:
Dockscan::Modules::AuditModule show all
Defined in:
lib/dockscan/modules/audit/docker-networking-forwarding.rb

Instance Attribute Summary

Attributes inherited from Dockscan::Modules::AuditModule

#scandata

Instance Method Summary collapse

Methods inherited from Dockscan::Modules::AuditModule

#idcontainer

Methods inherited from Dockscan::Modules::GenericModule

inherited, modules

Instance Method Details

#check(dockercheck) ⇒ Object 



7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'lib/dockscan/modules/audit/docker-networking-forwarding.rb', line 7

def check(dockercheck)
	sp=Dockscan::Scan::Plugin.new
	si=Dockscan::Scan::Issue.new
	si.title="Docker running with IPv4 forwarding enabled"
	si.description="Docker daemon reports it is running daemon with IPv4 forwarding enabled.\nThis is not recommended for production as it forwards network packets without rules."
	si.solution="It is recommended to disable IPv4 forwarding by default."
	si.severity=5 # Medium
	si.risk = { "cvss" => 5.0 } 
	si.reflinks = {"ip_forward to expose containers to the public internet" => "https://github.com/docker/docker/issues/11508"}
	sp.vuln=si	
	if scandata.key?("GetDockerInfo") and scandata["GetDockerInfo"].obj.key?("IPv4Forwarding")
		sp.state="run"
		if scandata["GetDockerInfo"].obj["IPv4Forwarding"] == true then
			sp.output = "Docker daemon reports it is running with automatic IPv4 forwarding."
			sp.state="vulnerable"
		end
	end
	return sp
end

#infoObject 



3
4
5
 
# File 'lib/dockscan/modules/audit/docker-networking-forwarding.rb', line 3

def info
	return 'This plugin checks if docker is running with ipv4 forwarding enabled'
end