Restart Policy On Failure Not Set To 5
- Query id: 2fc99041-ddad-49d5-853f-e35e70a48391
- Query name: Restart Policy On Failure Not Set To 5
- Platform: DockerCompose
- Severity: Medium
- Category: Build Process
- CWE: 693
- URL: Github
Description¶
Attribute 'restart:on-failure' should be set to 5. Restart policies in general should be used, and 5 retries is the recommended by CIS.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
version: "3.9"
services:
customer:
image: whoa/hello
restart: on-failure:10
networks:
- netnet
expose:
- 8080
ports:
- 8082:8080
deploy:
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 10
window: 120s
networks:
netnet:
Positive test num. 2 - yaml file
version: '3.6'
networks:
name_of_network:
name: name_of_network
driver: overlay
services:
name_of_service:
image: not_a_real_one
container_name: container1
build: ./
ports:
- '5002:80'
restart: on-failure:3
networks:
- name_of_network
Positive test num. 3 - yaml file
version: "3.9"
services:
customer:
image: whoa/hello
restart: on-failure:10
networks:
- netnet
expose:
- 8080
ports:
- 8082:8080
deploy:
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 5
window: 120s
networks:
netnet: