class DockerRegistryMirror

Public Instance Methods

check(dockercheck) click to toggle source
# File lib/dockscan/modules/audit/docker-registry-mirror.rb, line 7
def check(dockercheck)
        sp=Dockscan::Scan::Plugin.new
        si=Dockscan::Scan::Issue.new
        si.title="Docker registries are not mirrored"
        si.description="Docker daemon reports it is running configuration without registry mirrors.\nIf you set up local mirror, your docker host does not have to go directly to internet if not needed."
        si.solution="It is recommended to setup mirror registry."
        si.severity=4 # Low
        si.risk = { "cvss" => 3.0 } 
        si.references = {"CIS" => "2.6 Setup a local registry mirror" }
        sp.vuln=si    
        if scandata.key?("GetDockerInfo") and scandata["GetDockerInfo"].obj.key?("RegistryConfig")
                sp.state="run"
                vulnerable=true
                outputindexs = ""
                scandata["GetDockerInfo"].obj["RegistryConfig"]["IndexConfigs"].each do |item, value|
                        if value["Mirrors"] != nil
                                vulnerable = false
                        else
                                outputindexs << value["Name"] << "\n"
                        end
                end

                if vulnerable then
                        sp.state="vulnerable"
                        sp.output = "Docker daemon reports it does not have mirror registries.\n"
                        if outputindexs != "" then
                                sp.output << "Offending registry indexes:\n"
                                sp.output << outputindexs << "\n"
                        end
                end
        end
        return sp
end
info() click to toggle source
# File lib/dockscan/modules/audit/docker-registry-mirror.rb, line 3
def info
        return 'This plugin checks if mirror registries are in use'
end