class ContainerFilesystemDiff
Public Instance Methods
check(dockercheck)
click to toggle source
# File lib/dockscan/modules/audit/container-filesystem-diff.rb, line 7 def check(dockercheck) limit=5 sp=Dockscan::Scan::Plugin.new si=Dockscan::Scan::Issue.new si.title="Container have higher number of changed files" si.description="Container have high number of changed files which is not recommended practice.\nThis is not recommended for production as data can be lost. It can also mean successful break in attempt." si.solution="It is recommended to have minimal number of changed files inside container and do not store data inside container. It is recommended to use volumes." si.severity=4 # Low si.risk = { "cvss" => 3.2 } sp.vuln=si sp.output="" if scandata.key?("GetContainers") and not scandata["GetContainers"].obj.empty? sp.state="run" scandata["GetContainers"].obj.each do |container| begin ps=container.changes if ps.count > limit then sp.state="vulnerable" allch = '' ps.each do |change| allch << change["Path"] << "\n" end sp.output << idcontainer(container) << " has more than #{limit} file changes: #{ps.count}\n" sp.output << allch sp.output << "\n" end rescue end end end return sp end
info()
click to toggle source
# File lib/dockscan/modules/audit/container-filesystem-diff.rb, line 3 def info return 'This plugin checks for filesystem differences' end