Run Utilities And POSIX Commands
- Query id: 9b6b0f38-92a2-41f9-b881-3a1083d99f1b
- Query name: Run Utilities And POSIX Commands
- Platform: Dockerfile
- Severity: Info
- Category: Supply-Chain
- CWE: 710
- URL: Github
Description¶
Some POSIX commands and interactive utilities shouldn't run inside a Docker Container
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - dockerfile file
FROM golang:1.12.0-stretch
WORKDIR /go
COPY . /go
RUN top
RUN ["ps", "-d"]
CMD ["go", "run", "main.go"]
Code samples without security vulnerabilities¶
Negative test num. 1 - dockerfile file
FROM ubuntu
RUN apt-get update && apt-get install -y x11vnc xvfb firefox
RUN mkdir ~/.vnc
RUN x11vnc -storepasswd 1234 ~/.vnc/passwd
RUN bash -c 'echo "firefox" >> /.bashrc'
RUN apt-get install nano vim
EXPOSE 5900
CMD ["x11vnc", "-forever", "-usepw", "-create"]