Class: DockerRegistryMirror

Inherits:

Dockscan::Modules::AuditModule

• Object
• Dockscan::Modules::GenericModule
• Dockscan::Modules::AuditModule
• DockerRegistryMirror

Defined in:

lib/dockscan/modules/audit/docker-registry-mirror.rb

Instance Attribute Summary

Attributes inherited from Dockscan::Modules::AuditModule

#scandata

Instance Method Summary

• #check(dockercheck) ⇒ Object
• #info ⇒ Object

Methods inherited from Dockscan::Modules::AuditModule

#idcontainer

Methods inherited from Dockscan::Modules::GenericModule

inherited, modules

Instance Method Details

#check(dockercheck) ⇒ Object

# File 'lib/dockscan/modules/audit/docker-registry-mirror.rb', line 7

def check(dockercheck)
	sp=Dockscan::Scan::Plugin.new
	si=Dockscan::Scan::Issue.new
	si.title="Docker registries are not mirrored"
	si.description="Docker daemon reports it is running configuration without registry mirrors.\nIf you set up local mirror, your docker host does not have to go directly to internet if not needed."
	si.solution="It is recommended to setup mirror registry."
	si.severity=4 # Low
	si.risk = { "cvss" => 3.0 } 
	si.references = {"CIS" => "2.6 Setup a local registry mirror" }
	sp.vuln=si	
	if scandata.key?("GetDockerInfo") and scandata["GetDockerInfo"].obj.key?("RegistryConfig")
		sp.state="run"
		vulnerable=true
		outputindexs = ""
		scandata["GetDockerInfo"].obj["RegistryConfig"]["IndexConfigs"].each do |item, value|
			if value["Mirrors"] != nil
				vulnerable = false
			else
				outputindexs << value["Name"] << "\n"
			end
		end

		if vulnerable then
			sp.state="vulnerable"
			sp.output = "Docker daemon reports it does not have mirror registries.\n"
			if outputindexs != "" then
				sp.output << "Offending registry indexes:\n"
				sp.output << outputindexs << "\n"
			end
		end
	end
	return sp
end

#info ⇒ Object

# File 'lib/dockscan/modules/audit/docker-registry-mirror.rb', line 3

def info
	return 'This plugin checks if mirror registries are in use'
end