From 0231a7f5dead80f7ab6109ade2cc58a7ef95d1ba Mon Sep 17 00:00:00 2001
From: Jessica Frazelle <princess@docker.com>
Date: Mon, 8 Jun 2015 19:15:41 -0700
Subject: [PATCH] Make the main script an executable for if I want to run it on
 my host

Fix image sprawl to work

Fix port range

Signed-off-by: Jessica Frazelle <princess@docker.com>
---
 docker-bench-security.sh              |  0
 tests/5_container_runtime.sh          | 23 +++++++++++++----------
 tests/6_docker_security_operations.sh |  6 +++---
 3 files changed, 16 insertions(+), 13 deletions(-)
 mode change 100644 => 100755 docker-bench-security.sh

diff --git a/docker-bench-security.sh b/docker-bench-security.sh
old mode 100644
new mode 100755
diff --git a/tests/5_container_runtime.sh b/tests/5_container_runtime.sh
index 11e14df..7133b9e 100644
--- a/tests/5_container_runtime.sh
+++ b/tests/5_container_runtime.sh
@@ -201,18 +201,21 @@ else
 
   fail=0
   for c in $containers; do
-    port=$(docker port "$c" | awk '{print $1}' | cut -d '/' -f1)
+    ports=$(docker port "$c" | awk '{print $1}' | cut -d '/' -f1)
 
-    if [ ! -z "$port" ] && [ "$port" -lt 1025 ]; then
-      # If it's the first container, fail the test
-      if [ $fail -eq 0 ]; then
-        warn "$check_5_8"
-        warn "     * Privileged Port in use: $port in $c"
-        fail=1
-      else
-        warn "     * Privileged Port in use: $port in $c"
+    # iterate through port range (line delimited)
+    for port in $ports; do
+    if [ ! -z "$port" ] && [ "0$port" -lt 1025 ]; then
+        # If it's the first container, fail the test
+        if [ $fail -eq 0 ]; then
+          warn "$check_5_8"
+          warn "     * Privileged Port in use: $port in $c"
+          fail=1
+        else
+          warn "     * Privileged Port in use: $port in $c"
+        fi
       fi
-    fi
+    done
   done
   # We went through all the containers and found no privileged ports
   if [ $fail -eq 0 ]; then
diff --git a/tests/6_docker_security_operations.sh b/tests/6_docker_security_operations.sh
index f5b1f01..3165986 100644
--- a/tests/6_docker_security_operations.sh
+++ b/tests/6_docker_security_operations.sh
@@ -40,8 +40,8 @@ images=$(docker images -q | wc -l | awk '{print $1}')
 active_images=0
 
 for c in $(docker inspect -f "{{.Image}}" $(docker ps -qa)); do
-  if [[ $(docker images --no-trunc -a | grep $c) ]]; then
-    ((active_images++))
+  if docker images --no-trunc -a | grep $c > /dev/null ; then
+    active_images=$(( active_images += 1 ))
   fi
 done
 
@@ -53,7 +53,7 @@ else
   info "     * There are currently: $images images"
 fi
 
-if [[ "$active_images" -lt "$((images / 2))" ]]; then
+if [ "$active_images" -lt "$((images / 2))" ]; then
   warn "     * Only $active_images out of $images are in use"
 fi