Container Traffic Not Bound To Host Interface
- Query id: 451d79dc-0588-476a-ad03-3c7f0320abb3
- Query name: Container Traffic Not Bound To Host Interface
- Platform: DockerCompose
- Severity: Medium
- Category: Networking and Firewall
- CWE: 693
- URL: Github
Description¶
Incoming container traffic should be bound to a specific host interface
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
version: '2.1'
services:
webapp:
container_name: webapp
build: ./
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=http://0.0.0.0:80
- TradeUrl=http://trading.api
ports:
- "7000:8000"
cap_drop:
- NET_BIND_SERVICE
network_mode: "LDC"
Positive test num. 2 - yaml file
version: '2.1'
services:
webapp:
container_name: webapp
build: ./
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=http://0.0.0.0:80
- TradeUrl=http://trading.api
ports:
- "12400-12500:1240"
cap_drop:
- NET_BIND_SERVICE
network_mode: "LDC"
Positive test num. 3 - yaml file
version: '3.2'
services:
webapp:
container_name: webapp
build: ./
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=http://0.0.0.0:80
- TradeUrl=http://trading.api
ports:
- target: 8000
published: 8080
protocol: tcp
mode: host
cap_drop:
- NET_BIND_SERVICE
network_mode: "LDC"
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
version: '2.1'
services:
webapp:
container_name: webapp
build: ./
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=http://0.0.0.0:80
- TradeUrl=http://trading.api
ports:
- "127.0.0.1:8000:8001"
cap_drop:
- NET_BIND_SERVICE
network_mode: "LDC"
Negative test num. 2 - yaml file
version: '2.1'
services:
webapp:
container_name: webapp
build: ./
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=http://0.0.0.0:80
- TradeUrl=http://trading.api
ports:
- "127.0.0.1:5000-5010:5000-5010"
cap_drop:
- NET_BIND_SERVICE
network_mode: "LDC"
Negative test num. 3 - yaml file
version: '2.1'
services:
webapp:
container_name: webapp
build: ./
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=http://0.0.0.0:80
- TradeUrl=http://trading.api
ports:
- "127.0.0.1::5000"
cap_drop:
- NET_BIND_SERVICE
network_mode: "LDC"
Negative test num. 4 - yaml file
version: '3.2'
services:
webapp:
container_name: webapp
build: ./
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=http://0.0.0.0:80
- TradeUrl=http://trading.api
ports:
- target: 8000
published: 127.0.0.1:8080
protocol: tcp
mode: host
cap_drop:
- NET_BIND_SERVICE
network_mode: "LDC"
Negative test num. 5 - yaml file
version: '3.2'
services:
webapp:
container_name: webapp
build: ./
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=http://0.0.0.0:80
- TradeUrl=http://trading.api
ports:
- target: 8000
published: 127.0.0.1:8080-8090
protocol: tcp
mode: host
cap_drop:
- NET_BIND_SERVICE
network_mode: "LDC"