Memory Not Limited
- Query id: bb9ac4f7-e13b-423d-a010-c74a1bfbe492
- Query name: Memory Not Limited
- Platform: DockerCompose
- Severity: Medium
- Category: Resource Management
- CWE: 770
- URL: Github
Description¶
Memory limits should be defined for each container. This prevents potential resource exhaustion by ensuring that containers consume not more than the designated amount of memory
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
version: "3.7"
services:
zapzop:
image: openzapzop/zapzop
ports:
- 6412:6412
deploy:
resources:
limits:
cpus: '0.3'
reservations:
cpus: '0.1'
Positive test num. 2 - yaml file
version: "2.4"
services:
criwhat:
build:
context: "./cri/what"
restart: "unless-stopped"
cpus: 0.25
environment:
- NODE_ENV=production
- PORT=5000
- FLAG=FLAG-TOO_MANY_ERRORS_TOO_MANY_DETAILS
ports:
- 12345:6000
Positive test num. 3 - yaml file
version: "3.7"
services:
zapzop:
image: openzapzop/zapzop
ports:
- 6412:6412
deploy: