From 8a0852e17f99041d73b34801c88889a3bd455f48 Mon Sep 17 00:00:00 2001
From: rezroo <rroodsari@mirantis.com>
Date: Sun, 4 Aug 2019 01:17:04 +0000
Subject: [PATCH] exclude benchmark image when excluding benchmark container

---
 docker-bench-security.sh    | 5 +++++
 tests/4_container_images.sh | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/docker-bench-security.sh b/docker-bench-security.sh
index 2e7d0e6..71ff261 100755
--- a/docker-bench-security.sh
+++ b/docker-bench-security.sh
@@ -97,10 +97,15 @@ beginjson "$version" "$(date +%s)"
 main () {
   # If there is a container with label docker_bench_security, memorize it:
   benchcont="nil"
+  # Also exclude the bench container image from analysis, because it's a privileged
   for c in $(docker ps | sed '1d' | awk '{print $NF}'); do
     if docker inspect --format '{{ .Config.Labels }}' "$c" | \
      grep -e 'docker.bench.security' >/dev/null 2>&1; then
       benchcont="$c"
+      benchcontimg="nil"
+      temp=$(docker inspect --format '{{.Config.Image}}' $benchcont)
+      benchcontimg=$(docker image ls -q $temp)
+      info "Excluding container $benchcont and image $temp : $benchcontimg"
     fi
   done
 
diff --git a/tests/4_container_images.sh b/tests/4_container_images.sh
index 0df2676..1562843 100644
--- a/tests/4_container_images.sh
+++ b/tests/4_container_images.sh
@@ -12,7 +12,7 @@ if [ -n "$imgList" ]; then
       images="$images $sha256 "
     done 
 else
-  images=$(docker images -q)  
+  images=$(docker images -q | grep -v $benchcontimg)
 fi
 
 check_4() {