GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-18 16:22:33 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #328 from konstruktoid/issue286

Browse source 
add include option #286
This commit is contained in:
Thomas Sjögren 2018-10-25 08:47:04 +02:00 committed by GitHub
commit 6789403599
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
docker-bench-security.sh
View file

@ -44,6 +44,7 @@ usage () {
-l FILE optional Log output in FILE
-c CHECK optional Comma delimited list of specific check(s)
-e CHECK optional Comma delimited list of specific check(s) to exclude
-i INCLUDE optional Comma delimited list of patterns within a container name to check
-x EXCLUDE optional Comma delimited list of patterns within a container name to exclude from check
EOF
}
@ -51,13 +52,14 @@ EOF
# Get the flags
# If you add an option here, please
# remember to update usage() above.
while getopts hl:c:e:x: args
while getopts hl:c:e:i:x: args
do
case $args in
h) usage; exit 0 ;;
l) logger="$OPTARG" ;;
c) check="$OPTARG" ;;
e) checkexclude="$OPTARG" ;;
i) include="$OPTARG" ;;
x) exclude="$OPTARG" ;;
*) usage; exit 1 ;;
esac
@ -87,13 +89,6 @@ beginjson "$version" "$(date +%s)"
# Load all the tests from tests/ and run them
main () {
# List all running containers
if [ -z "$exclude" ]; then
containers=$(docker ps | sed '1d' | awk '{print $NF}')
else
pattern=$(echo "$exclude" | sed 's/,/|/g')
containers=$(docker ps | sed '1d' | awk '{print $NF}' | grep -Ev "$pattern" )
fi
# If there is a container with label docker_bench_security, memorize it:
benchcont="nil"
for c in $containers; do
@ -102,12 +97,15 @@ main () {
benchcont="$c"
fi
done
# List all running containers except docker-bench (use names to improve readability in logs)
if [ -z "$exclude" ]; then
containers=$(docker ps | sed '1d' | awk '{print $NF}' | grep -v "$benchcont")
else
if [ -n "$include" ]; then
pattern=$(echo "$include" | sed 's/,/|/g')
containers=$(docker ps | sed '1d' | awk '{print $NF}' | grep -v "$benchcont" | grep -E "$pattern")
elif [ -n "$exclude" ]; then
pattern=$(echo "$exclude" | sed 's/,/|/g')
containers=$(docker ps | sed '1d' | awk '{print $NF}' | grep -Ev "$pattern" | grep -v "$benchcont")
containers=$(docker ps | sed '1d' | awk '{print $NF}' | grep -v "$benchcont" | grep -Ev "$pattern")
else
containers=$(docker ps | sed '1d' | awk '{print $NF}' | grep -v "$benchcont")
fi
if [ -z "$containers" ]; then