7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
# File 'lib/dockscan/modules/audit/docker-limits.rb', line 7
def check(dockercheck)
sp=Dockscan::Scan::Plugin.new
si=Dockscan::Scan::Issue.new
si.title="Docker running without defined limits"
si.description="Docker daemon reports it is running daemon without defined limits.\nThis is not recommended as offending containers could use up all resources."
si.solution="It is recommended to define docker limits."
si.severity=5 si.risk = { "cvss" => 4.4 }
si.references = {"CIS" => "2.10 Set default ulimit as appropriate" }
sp.output=""
sp.vuln=si
if scandata.key?("GetDockerInfo") and scandata["GetDockerInfo"].obj.key?("MemoryLimit")
sp.state="run"
if scandata["GetDockerInfo"].obj["MemoryLimit"] == false then
sp.output << "Docker daemon reports it is running without memory limit.\n"
sp.state="vulnerable"
end
end
if scandata.key?("GetDockerInfo") and scandata["GetDockerInfo"].obj.key?("SwapLimit")
if scandata["GetDockerInfo"].obj["SwapLimit"] == false then
sp.output << "Docker daemon reports it is running without swap limit.\n"
sp.state="vulnerable"
end
end
return sp
end
|