Pids Limit Not Set

  • Query id: 221e0658-cb2a-44e3-b08a-db96a341d6fa
  • Query name: Pids Limit Not Set
  • Platform: DockerCompose
  • Severity: Medium
  • Category: Resource Management
  • CWE: 770
  • URL: Github

Description

'pids_limit' should be set and different than -1
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
version: '2.2'

volumes:
  front_build:

services:
  auth:
    build:
      context: .
      dockerfile: docker_config/Dockerfile
    restart: on-failure
    cpus: 0.25
    mem_limit: 500M
Positive test num. 2 - yaml file
version: '2.2'

volumes:
  front_build:

services:
  auth:
    build:
      context: .
      dockerfile: docker_config/Dockerfile
    restart: on-failure
    pids_limit: -1
    cpus: 0.25
    mem_limit: 500M

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
version: '2.2'

volumes:
  front_build:

services:
  auth:
    build:
      context: .
      dockerfile: docker_config/Dockerfile
    restart: on-failure
    pids_limit: 10
    cpus: 0.25
    mem_limit: 500M