Pids Limit Not Set

• Query id: 221e0658-cb2a-44e3-b08a-db96a341d6fa
• Query name: Pids Limit Not Set
• Platform: DockerCompose
• Severity: Medium
• Category: Resource Management
• CWE: 770
• URL: Github

Description

'pids_limit' should be set and different than -1
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

version: '2.2'

volumes:
  front_build:

services:
  auth:
    build:
      context: .
      dockerfile: docker_config/Dockerfile
    restart: on-failure
    cpus: 0.25
    mem_limit: 500M

Positive test num. 2 - yaml file

version: '2.2'

volumes:
  front_build:

services:
  auth:
    build:
      context: .
      dockerfile: docker_config/Dockerfile
    restart: on-failure
    pids_limit: -1
    cpus: 0.25
    mem_limit: 500M

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

version: '2.2'

volumes:
  front_build:

services:
  auth:
    build:
      context: .
      dockerfile: docker_config/Dockerfile
    restart: on-failure
    pids_limit: 10
    cpus: 0.25
    mem_limit: 500M