mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-01-18 16:22:33 +01:00
shellcheck
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
This commit is contained in:
parent
bf42355279
commit
ddad135d13
5 changed files with 11 additions and 11 deletions
|
@ -101,7 +101,7 @@ main () {
|
||||||
benchcont="$c"
|
benchcont="$c"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
# get the image id of the docker_bench_security_image, memorize it:
|
# get the image id of the docker_bench_security_image, memorize it:
|
||||||
benchimagecont="nil"
|
benchimagecont="nil"
|
||||||
for c in $(docker images | sed '1d' | awk '{print $3}'); do
|
for c in $(docker images | sed '1d' | awk '{print $3}'); do
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
if ! [ -z "$nocolor" ] && [ "$nocolor" = "nocolor" ]; then
|
if [ -n "$nocolor" ] && [ "$nocolor" = "nocolor" ]; then
|
||||||
bldred=''
|
bldred=''
|
||||||
bldgrn=''
|
bldgrn=''
|
||||||
bldblu=''
|
bldblu=''
|
||||||
|
|
|
@ -110,7 +110,7 @@ check_1_2_3() {
|
||||||
starttestjson "$id_1_2_3" "$desc_1_2_3"
|
starttestjson "$id_1_2_3" "$desc_1_2_3"
|
||||||
|
|
||||||
totalChecks=$((totalChecks + 1))
|
totalChecks=$((totalChecks + 1))
|
||||||
file="/usr/bin/dockerd"
|
file="/usr/bin/dockerd"
|
||||||
if command -v auditctl >/dev/null 2>&1; then
|
if command -v auditctl >/dev/null 2>&1; then
|
||||||
if auditctl -l | grep "$file" >/dev/null 2>&1; then
|
if auditctl -l | grep "$file" >/dev/null 2>&1; then
|
||||||
pass "$check_1_2_3"
|
pass "$check_1_2_3"
|
||||||
|
|
|
@ -255,7 +255,7 @@ check_3_9() {
|
||||||
starttestjson "$id_3_9" "$desc_3_9"
|
starttestjson "$id_3_9" "$desc_3_9"
|
||||||
|
|
||||||
totalChecks=$((totalChecks + 1))
|
totalChecks=$((totalChecks + 1))
|
||||||
if ! [ -z $(get_docker_configuration_file_args 'tlscacert') ]; then
|
if [ -n "$(get_docker_configuration_file_args 'tlscacert')" ]; then
|
||||||
tlscacert=$(get_docker_configuration_file_args 'tlscacert')
|
tlscacert=$(get_docker_configuration_file_args 'tlscacert')
|
||||||
else
|
else
|
||||||
tlscacert=$(get_docker_effective_command_line_args '--tlscacert' | sed -n 's/.*tlscacert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
|
tlscacert=$(get_docker_effective_command_line_args '--tlscacert' | sed -n 's/.*tlscacert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
|
||||||
|
@ -287,7 +287,7 @@ check_3_10() {
|
||||||
starttestjson "$id_3_10" "$desc_3_10"
|
starttestjson "$id_3_10" "$desc_3_10"
|
||||||
|
|
||||||
totalChecks=$((totalChecks + 1))
|
totalChecks=$((totalChecks + 1))
|
||||||
if ! [ -z $(get_docker_configuration_file_args 'tlscacert') ]; then
|
if [ -n "$(get_docker_configuration_file_args 'tlscacert')" ]; then
|
||||||
tlscacert=$(get_docker_configuration_file_args 'tlscacert')
|
tlscacert=$(get_docker_configuration_file_args 'tlscacert')
|
||||||
else
|
else
|
||||||
tlscacert=$(get_docker_effective_command_line_args '--tlscacert' | sed -n 's/.*tlscacert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
|
tlscacert=$(get_docker_effective_command_line_args '--tlscacert' | sed -n 's/.*tlscacert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
|
||||||
|
@ -319,7 +319,7 @@ check_3_11() {
|
||||||
starttestjson "$id_3_11" "$desc_3_11"
|
starttestjson "$id_3_11" "$desc_3_11"
|
||||||
|
|
||||||
totalChecks=$((totalChecks + 1))
|
totalChecks=$((totalChecks + 1))
|
||||||
if ! [ -z $(get_docker_configuration_file_args 'tlscert') ]; then
|
if [ -n "$(get_docker_configuration_file_args 'tlscert')" ]; then
|
||||||
tlscert=$(get_docker_configuration_file_args 'tlscert')
|
tlscert=$(get_docker_configuration_file_args 'tlscert')
|
||||||
else
|
else
|
||||||
tlscert=$(get_docker_effective_command_line_args '--tlscert' | sed -n 's/.*tlscert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
|
tlscert=$(get_docker_effective_command_line_args '--tlscert' | sed -n 's/.*tlscert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
|
||||||
|
@ -351,7 +351,7 @@ check_3_12() {
|
||||||
starttestjson "$id_3_12" "$desc_3_12"
|
starttestjson "$id_3_12" "$desc_3_12"
|
||||||
|
|
||||||
totalChecks=$((totalChecks + 1))
|
totalChecks=$((totalChecks + 1))
|
||||||
if ! [ -z $(get_docker_configuration_file_args 'tlscert') ]; then
|
if [ -n "$(get_docker_configuration_file_args 'tlscert')" ]; then
|
||||||
tlscert=$(get_docker_configuration_file_args 'tlscert')
|
tlscert=$(get_docker_configuration_file_args 'tlscert')
|
||||||
else
|
else
|
||||||
tlscert=$(get_docker_effective_command_line_args '--tlscert' | sed -n 's/.*tlscert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
|
tlscert=$(get_docker_effective_command_line_args '--tlscert' | sed -n 's/.*tlscert=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
|
||||||
|
@ -383,7 +383,7 @@ check_3_13() {
|
||||||
starttestjson "$id_3_13" "$desc_3_13"
|
starttestjson "$id_3_13" "$desc_3_13"
|
||||||
|
|
||||||
totalChecks=$((totalChecks + 1))
|
totalChecks=$((totalChecks + 1))
|
||||||
if ! [ -z $(get_docker_configuration_file_args 'tlskey') ]; then
|
if [ -n "$(get_docker_configuration_file_args 'tlskey')" ]; then
|
||||||
tlskey=$(get_docker_configuration_file_args 'tlskey')
|
tlskey=$(get_docker_configuration_file_args 'tlskey')
|
||||||
else
|
else
|
||||||
tlskey=$(get_docker_effective_command_line_args '--tlskey' | sed -n 's/.*tlskey=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
|
tlskey=$(get_docker_effective_command_line_args '--tlskey' | sed -n 's/.*tlskey=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
|
||||||
|
@ -415,7 +415,7 @@ check_3_14() {
|
||||||
starttestjson "$id_3_14" "$desc_3_14"
|
starttestjson "$id_3_14" "$desc_3_14"
|
||||||
|
|
||||||
totalChecks=$((totalChecks + 1))
|
totalChecks=$((totalChecks + 1))
|
||||||
if ! [ -z $(get_docker_configuration_file_args 'tlskey') ]; then
|
if [ -n "$(get_docker_configuration_file_args 'tlskey')" ]; then
|
||||||
tlskey=$(get_docker_configuration_file_args 'tlskey')
|
tlskey=$(get_docker_configuration_file_args 'tlskey')
|
||||||
else
|
else
|
||||||
tlskey=$(get_docker_effective_command_line_args '--tlskey' | sed -n 's/.*tlskey=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
|
tlskey=$(get_docker_effective_command_line_args '--tlskey' | sed -n 's/.*tlskey=\([^s]\)/\1/p' | sed 's/--/ --/g' | cut -d " " -f 1)
|
||||||
|
|
|
@ -332,7 +332,7 @@ check_5_7() {
|
||||||
|
|
||||||
# iterate through port range (line delimited)
|
# iterate through port range (line delimited)
|
||||||
for port in $ports; do
|
for port in $ports; do
|
||||||
if [ ! -z "$port" ] && [ "$port" -lt 1024 ]; then
|
if [ -n "$port" ] && [ "$port" -lt 1024 ]; then
|
||||||
# If it's the first container, fail the test
|
# If it's the first container, fail the test
|
||||||
if [ $fail -eq 0 ]; then
|
if [ $fail -eq 0 ]; then
|
||||||
warn "$check_5_7"
|
warn "$check_5_7"
|
||||||
|
@ -1171,7 +1171,7 @@ check_5_29() {
|
||||||
pattern=$(echo "$exclude" | sed 's/,/|/g')
|
pattern=$(echo "$exclude" | sed 's/,/|/g')
|
||||||
cName=$(docker inspect --format '{{.Name}}' "$c" 2>/dev/null | sed 's/\///g' | grep -Ev "$pattern" )
|
cName=$(docker inspect --format '{{.Name}}' "$c" 2>/dev/null | sed 's/\///g' | grep -Ev "$pattern" )
|
||||||
fi
|
fi
|
||||||
if ! [ -z "$cName" ]; then
|
if [ -n "$cName" ]; then
|
||||||
info " * Container in docker0 network: $cName"
|
info " * Container in docker0 network: $cName"
|
||||||
docker_network_containers="$docker_network_containers $c:$cName"
|
docker_network_containers="$docker_network_containers $c:$cName"
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in a new issue