7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
# File 'lib/dockscan/modules/audit/docker-registry-mirror.rb', line 7
def check(dockercheck)
sp=Dockscan::Scan::Plugin.new
si=Dockscan::Scan::Issue.new
si.title="Docker registries are not mirrored"
si.description="Docker daemon reports it is running configuration without registry mirrors.\nIf you set up local mirror, your docker host does not have to go directly to internet if not needed."
si.solution="It is recommended to setup mirror registry."
si.severity=4 si.risk = { "cvss" => 3.0 }
si.references = {"CIS" => "2.6 Setup a local registry mirror" }
sp.vuln=si
if scandata.key?("GetDockerInfo") and scandata["GetDockerInfo"].obj.key?("RegistryConfig")
sp.state="run"
vulnerable=true
outputindexs = ""
scandata["GetDockerInfo"].obj["RegistryConfig"]["IndexConfigs"].each do |item, value|
if value["Mirrors"] != nil
vulnerable = false
else
outputindexs << value["Name"] << "\n"
end
end
if vulnerable then
sp.state="vulnerable"
sp.output = "Docker daemon reports it does not have mirror registries.\n"
if outputindexs != "" then
sp.output << "Offending registry indexes:\n"
sp.output << outputindexs << "\n"
end
end
end
return sp
end
|