class DockerLimits
Public Instance Methods
check(dockercheck)
click to toggle source
# File lib/dockscan/modules/audit/docker-limits.rb, line 7 def check(dockercheck) sp=Dockscan::Scan::Plugin.new si=Dockscan::Scan::Issue.new si.title="Docker running without defined limits" si.description="Docker daemon reports it is running daemon without defined limits.\nThis is not recommended as offending containers could use up all resources." si.solution="It is recommended to define docker limits." si.severity=5 # Medium si.risk = { "cvss" => 4.4 } si.references = {"CIS" => "2.10 Set default ulimit as appropriate" } sp.output="" sp.vuln=si if scandata.key?("GetDockerInfo") and scandata["GetDockerInfo"].obj.key?("MemoryLimit") sp.state="run" if scandata["GetDockerInfo"].obj["MemoryLimit"] == false then sp.output << "Docker daemon reports it is running without memory limit.\n" sp.state="vulnerable" end end if scandata.key?("GetDockerInfo") and scandata["GetDockerInfo"].obj.key?("SwapLimit") if scandata["GetDockerInfo"].obj["SwapLimit"] == false then sp.output << "Docker daemon reports it is running without swap limit.\n" sp.state="vulnerable" end end return sp end
info()
click to toggle source
# File lib/dockscan/modules/audit/docker-limits.rb, line 3 def info return 'This plugin checks if docker is running with defined limits' end