GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2024-11-01 00:21:45 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #541 from halfluke/fix537

Browse source 
fix537
This commit is contained in:
Thomas Sjögren 2023-10-23 09:45:55 +00:00 committed by GitHub
commit 4edccd7859
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
functions/helper_lib.sh
View file

@ -125,7 +125,7 @@ get_docker_configuration_file_args() {
if "$HAVE_JQ"; then
jq --monochrome-output --raw-output ".[\"${OPTION}\"]" "$CONFIG_FILE"
else
cat "$CONFIG_FILE" | tr { '\n' | tr , '\n' | tr } '\n' | grep "$OPTION" | sed 's/.*://g' | tr -d '" ',
cat "$CONFIG_FILE" | tr , '\n' | grep "$OPTION" | sed 's/.*://g' | tr -d '" ',
fi
}

17
tests/2_docker_daemon_configuration.sh
View file

@ -34,7 +34,7 @@ check_2_2() {
logcheckresult "PASS"
return
fi
if get_docker_configuration_file_args 'icc' | grep "false" >/dev/null 2>&1; then
if [[ $(get_docker_configuration_file_args 'icc' | grep "false") ]] && [[ $(get_docker_configuration_file_args 'icc' | grep "false") != "null" ]] ; then
pass -s "$check"
logcheckresult "PASS"
return
@ -93,7 +93,7 @@ check_2_4() {
logcheckresult "WARN"
return
fi
if get_docker_configuration_file_args 'iptables' | grep "false" >/dev/null 2>&1; then
if [[ $(get_docker_configuration_file_args 'iptables' | grep "false") ]] && [[ $(get_docker_configuration_file_args 'iptables' | grep "false") != "null" ]] ; then
warn -s "$check"
logcheckresult "WARN"
return
@ -115,12 +115,7 @@ check_2_5() {
logcheckresult "WARN"
return
fi
if ! [ -z "$(get_docker_configuration_file_args 'insecure-registries')" ]; then
if get_docker_configuration_file_args 'insecure-registries' | grep '\[]' >/dev/null 2>&1; then
pass -s "$check"
logcheckresult "PASS"
return
fi
if [[ $(get_docker_configuration_file_args 'insecure-registries' | grep -v '\[]') ]] && [[ $(get_docker_configuration_file_args 'insecure-registries' | grep -v '\[]') != "null" ]] ; then
warn -s "$check"
logcheckresult "WARN"
return
@ -187,7 +182,7 @@ check_2_8() {
local check="$id - $desc"
starttestjson "$id" "$desc"
if get_docker_configuration_file_args 'default-ulimit' | grep -v '{}' >/dev/null 2>&1; then
if [[ $(get_docker_configuration_file_args 'default-ulimits' | grep -v '{}') ]] && [[ $(get_docker_configuration_file_args 'default-ulimits' | grep -v '{}') != "null" ]] ; then
pass -c "$check"
logcheckresult "PASS"
return
@ -210,7 +205,7 @@ check_2_9() {
local check="$id - $desc"
starttestjson "$id" "$desc"
if get_docker_configuration_file_args 'userns-remap' | grep -v '""'; then
if [[ $(get_docker_configuration_file_args 'userns-remap' | grep -v '""') ]] && [[ $(get_docker_configuration_file_args 'userns-remap' | grep -v '""') != "null" ]] ; then
pass -s "$check"
logcheckresult "PASS"
return
@ -278,7 +273,7 @@ check_2_12() {
local check="$id - $desc"
starttestjson "$id" "$desc"
if get_docker_configuration_file_args 'authorization-plugins' | grep -v '\[]'; then
if [[ $(get_docker_configuration_file_args 'authorization-plugins' | grep -v '\[]') ]] && [[ $(get_docker_configuration_file_args 'authorization-plugins' | grep -v '\[]') != "null" ]] ; then
pass -s "$check"
logcheckresult "PASS"
return