ProHoster > Блог > xov xwm hauv internet > Vulnerabilities nyob rau hauv kev ruaj ntseg scanners rau Docker thawv dluab

Vulnerabilities nyob rau hauv kev ruaj ntseg scanners rau Docker thawv dluab

Tshaj tawm Cov txiaj ntsig tau los ntawm kev sim cov cuab yeej txhawm rau txheeb xyuas qhov tsis muaj qhov tsis zoo thiab txheeb xyuas cov teeb meem kev nyab xeeb hauv cov duab Docker cais tawm. Kev tshawb xyuas pom tias 4 ntawm 6 paub Docker duab scanners muaj qhov tsis zoo tseem ceeb uas ua rau nws tuaj yeem tawm tsam lub scanner nws tus kheej ncaj qha thiab ua tiav nws cov cai ntawm lub kaw lus, qee zaum (piv txwv li, thaum siv Snyk) nrog cov cai hauv paus.

Txhawm rau tawm tsam, tus neeg tawm tsam tsuas yog yuav tsum pib kos nws Dockerfile lossis manifest.json, uas suav nrog cov metadata tshwj xeeb tsim, lossis tso Podfile thiab gradlew cov ntaub ntawv hauv daim duab. Siv cov prototypes tswj kev npaj rau systems
WhiteSource, Snyk,
Fossa и
Thauj tog rau nkoj. Cov pob tau pom tias muaj kev ruaj ntseg zoo tshaj plaws Clair, Ameslikas sau nrog kev ruaj ntseg hauv siab. Tsis muaj teeb meem raug txheeb xyuas hauv pob. Tsis paub. Raws li qhov tshwm sim, nws tau txiav txim siab tias Docker thawv scanners yuav tsum tau khiav hauv ib puag ncig kev sib cais lossis tsuas yog siv los tshuaj xyuas lawv tus kheej cov duab, thiab kev ceev faj yuav tsum tau siv thaum txuas cov cuab yeej zoo li no mus rau kev sib koom ua ke txuas ntxiv.

Hauv FOSSA, Snyk thiab WhiteSource, qhov muaj qhov tsis zoo tau cuam tshuam nrog kev hu xov tooj rau tus thawj tswj hwm pob sab nraud los txiav txim siab kev vam khom thiab tso cai rau koj los teeb tsa kev ua tiav ntawm koj cov cai los ntawm kev qhia qhov kov thiab cov lus txib hauv cov ntaub ntawv qib и Podfile.

Snyk thiab WhiteSource kuj muaj pom yooj yim, ntsig txog nrog lub koom haum ntawm launching system commands thaum parsing ib Dockerfile (piv txwv li, nyob rau hauv Snyk, los ntawm Dockefile, nws muaj peev xwm hloov lub / bin / ls nqi hluav taws xob hu ua scanner, thiab nyob rau hauv WhiteSurce, nws muaj peev xwm hloov code los ntawm kev sib cav nyob rau hauv. daim ntawv "echo '; kov /tmp/hacked_whitesource_pip; = 1.0 '").

Anchore vulnerability hu ua siv lub tshuab hluav taws xob ua skopeo rau kev ua haujlwm nrog cov duab docker. Kev ua haujlwm boiled mus ntxiv cov tsis xws li '"os": "$ (kov hacked_anchore)"' rau cov ntaub ntawv manifest.json, uas tau hloov pauv thaum hu skopeo yam tsis muaj kev khiav tawm (tsuas yog ";&<>" cov cim raug txiav tawm, tab sis kev tsim kho "$()").

Tib tus kws sau ntawv tau kawm txog qhov ua tau zoo ntawm kev txheeb xyuas qhov tsis muaj qhov tsis zoo uas siv Docker lub thawv ruaj ntseg scanners thiab qib ntawm qhov tsis zoo (ntu 1, ntu 2, ntu 3). Hauv qab no yog cov txiaj ntsig ntawm kev sim 73 cov duab uas muaj qhov tsis zoo paub, thiab tseem ntsuas qhov ua tau zoo ntawm kev txiav txim siab muaj cov ntawv thov raug siv hauv cov duab (nginx, tomcat, haproxy, gunicorn, redis, ruby, node).

Vulnerabilities nyob rau hauv kev ruaj ntseg scanners rau Docker thawv dluab

Vulnerabilities nyob rau hauv kev ruaj ntseg scanners rau Docker thawv dluab

Tau qhov twg los: opennet.ru

Yuav txhim khu kev qha hosting rau cov chaw nrog DDoS tiv thaiv, VPS VDS servers 🔥 Yuav lub vev xaib hosting txhim khu kev qha nrog kev tiv thaiv DDoS, VPS VDS servers | ProHoster