Run Utilities And POSIX Commands

  • Query id: 9b6b0f38-92a2-41f9-b881-3a1083d99f1b
  • Query name: Run Utilities And POSIX Commands
  • Platform: Dockerfile
  • Severity: Info
  • Category: Supply-Chain
  • CWE: 710
  • URL: Github

Description

Some POSIX commands and interactive utilities shouldn't run inside a Docker Container
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - dockerfile file
FROM golang:1.12.0-stretch
WORKDIR /go
COPY . /go
RUN top
RUN ["ps", "-d"]
CMD ["go", "run", "main.go"]

Code samples without security vulnerabilities

Negative test num. 1 - dockerfile file
FROM ubuntu
RUN apt-get update && apt-get install -y x11vnc xvfb firefox
RUN mkdir ~/.vnc
RUN x11vnc -storepasswd 1234 ~/.vnc/passwd
RUN bash -c 'echo "firefox" >> /.bashrc'
RUN apt-get install nano vim
EXPOSE 5900
CMD    ["x11vnc", "-forever", "-usepw", "-create"]