class ContainerNumberProcess
Public Instance Methods
check(dockercheck)
click to toggle source
# File lib/dockscan/modules/audit/container-number-process.rb, line 7 def check(dockercheck) limit=1 sp=Dockscan::Scan::Plugin.new si=Dockscan::Scan::Issue.new si.title="Container have higher number of processess" si.description="Container have more than allowable number of processes.\nThis is not recommended for production as it does not provide intended isolation." si.solution="It is recommended to have single process inside container. If you have more than one process, it is recommended to split them in separate containers." si.severity=4 # Low si.risk = { "cvss" => 3.2 } sp.vuln=si sp.output="" if scandata.key?("GetContainersRunning") and not scandata["GetContainersRunning"].obj.empty? sp.state="run" scandata["GetContainersRunning"].obj.each do |container| ps=container.top if ps.count > limit then sp.state="vulnerable" sp.output << idcontainer(container) << " has more than #{limit} process(es): #{ps.count}\n" ps.each do |process| sp.output << process["CMD"] << "\n" end sp.output << "\n" end end end return sp end
info()
click to toggle source
# File lib/dockscan/modules/audit/container-number-process.rb, line 3 def info return 'This plugin checks number of container processes' end