class DockerStorageDriverAufs

Public Instance Methods

check(dockercheck) click to toggle source
# File lib/dockscan/modules/audit/docker-storage-driver-aufs.rb, line 7
def check(dockercheck)
        sp=Dockscan::Scan::Plugin.new
        si=Dockscan::Scan::Issue.new
        si.title="Running aufs as storage driver"
        si.description="Docker daemon reports it is running aufs as storage driver.\nThis is not recommended for production as it might have problems and security issues."
        si.solution="It is recommended to use devicemapper instead of aufs storage driver. Actually, you should use the storage driver that is best supported by your vendor."
        si.severity=4 # Low
        si.risk = { "cvss" => 3.2 } 
        si.reflinks = {"Switching Docker from aufs to devicemapper" => "http://muehe.org/posts/switching-docker-from-aufs-to-devicemapper/"}
        si.references = {"CIS" => "2.7 Do not use the aufs storage driver" }
        sp.vuln=si    
        if scandata.key?("GetDockerInfo") and scandata["GetDockerInfo"].obj.key?("Driver")
                sp.state="run"
                if scandata["GetDockerInfo"].obj["Driver"] == true then
                        sp.output = "Docker daemon reports it is running aufs as storage driver."
                        sp.state="vulnerable"
                end
        end
        return sp
end
info() click to toggle source
# File lib/dockscan/modules/audit/docker-storage-driver-aufs.rb, line 3
def info
        return 'This plugin checks if storage driver is aufs'
end