mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-01-19 08:42:33 +01:00
2d29af704e
The use of `pgrep -x`was proposed by @rnelson0. `pgrep -x -o` should limit the result to the oldest exactly matching execution of a binary called `docker`. Signed-off-by: Joachim Lusiardi <joachim@lusiardi.de>
48 lines
1.4 KiB
Bash
48 lines
1.4 KiB
Bash
#!/bin/sh
|
|
|
|
# Returns the absolute path of a given string
|
|
abspath () { case "$1" in /*)printf "%s\n" "$1";; *)printf "%s\n" "$PWD/$1";; esac; }
|
|
|
|
# Compares versions of software of the format X.Y.Z
|
|
do_version_check() {
|
|
[ "$1" = "$2" ] && return 10
|
|
|
|
ver1front=$(printf "%s" "$1" | cut -d "." -f -1)
|
|
ver1back=$(printf "%s" "$1" | cut -d "." -f 2-)
|
|
ver2front=$(printf "%s" "$2" | cut -d "." -f -1)
|
|
ver2back=$(printf "%s" "$2" | cut -d "." -f 2-)
|
|
|
|
if [ "$ver1front" != "$1" ] || [ "$ver2front" != "$2" ]; then
|
|
[ "$ver1front" -gt "$ver2front" ] && return 11
|
|
[ "$ver1front" -lt "$ver2front" ] && return 9
|
|
|
|
[ "$ver1front" = "$1" ] || [ -z "$ver1back" ] && ver1back=0
|
|
[ "$ver2front" = "$2" ] || [ -z "$ver2back" ] && ver2back=0
|
|
do_version_check "$ver1back" "$ver2back"
|
|
return $?
|
|
else
|
|
[ "$1" -gt "$2" ] && return 11 || return 9
|
|
fi
|
|
}
|
|
|
|
# Compares two strings and returns 0 if the second is a substring of the first
|
|
contains() {
|
|
string="$1"
|
|
substring="$2"
|
|
if [ "${string#*$substring}" != "$string" ]
|
|
then
|
|
return 0 # $substring is in $string
|
|
else
|
|
return 1 # $substring is not in $string
|
|
fi
|
|
}
|
|
|
|
# Extracts all commandline args from all running processes named like the first parameter
|
|
get_command_line_args() {
|
|
PROC="$1"
|
|
|
|
for PID in `pgrep -x -o $PROC`
|
|
do
|
|
cat /proc/$PID/cmdline | tr "\0" " "
|
|
done
|
|
}
|