Cpus Not Limited
- Query id: 6b610c50-99fb-4ef0-a5f3-e312fd945bc3
- Query name: Cpus Not Limited
- Platform: DockerCompose
- Severity: Low
- Category: Resource Management
- CWE: 400
- URL: Github
Description¶
CPU limits should be set because if the system has CPU time free, a container is guaranteed to be allocated as much CPU as it requests
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
version: "3.7"
services:
zapzop:
image: openzapzop/zapzop
ports:
- 6412:6412
deploy:
resources:
limits:
memory: 256M
reservations:
cpus: '0.1'
Positive test num. 2 - yaml file
version: "2.4"
services:
criwhat:
build:
context: "./cri/what"
restart: "unless-stopped"
mem_limit: 512m
environment:
- NODE_ENV=production
- PORT=5000
- FLAG=FLAG-TOO_MANY_ERRORS_TOO_MANY_DETAILS
ports:
- 12345:6000
Positive test num. 3 - yaml file
version: "3.7"
services:
zapzop:
image: openzapzop/zapzop
ports:
- 6412:6412
deploy: