log4j-sniffer icon indicating copy to clipboard operation
log4j-sniffer copied to clipboard

Published 20 hours ago verified publisher icon palantir

Implement docker image scan command

Open gcampbell12 opened this issue 3 years ago • 1 comments

Implements a docker command that scans all locally stored images from the docker daemon. The docker functionality is purely focused on exporting the image tarballs to disk and scanning them using the standard filesystem crawler so there should be no nuances about what can be detected in docker vs filesystem.

Scanning is initiated by the ScanImages function which takes in a scan configuration along with a docker client (if docker is not running the client creation fails earlier on), the first step is to get a list of images from the daemon using the client, the returned images are iterated over and each one processed by the scanImage function where we use go-containerregistry/crane to flatten the images to a single layer and then export the image as a tarball, from there we extract the image tarball to disk and use the filesystem crawler from the extracted image tarball directory to perform a regular scan, on completion all created files are removed.

Sample output

CVE-2021-45046 and CVE-2021-45105 detected in image df67a306e829 [log4j/log4j-vuln-jars:latest] in file opt/shadow-all.jar. log4j versions: 2.12.0 - 2.14.1. Reasons: class name matched, byte code instruction MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image df67a306e829 [log4j/log4j-vuln-jars:latest] in file opt/wrapped_log4j.tar. log4j versions: 2.14.1. Reasons: jar name inside archive matched
CVE-2021-45046 and CVE-2021-45105 detected in image df67a306e829 [log4j/log4j-vuln-jars:latest] in file opt/wrapped_log4j.tar.bz2. log4j versions: 2.14.1. Reasons: jar name inside archive matched
CVE-2021-45046 and CVE-2021-45105 detected in image df67a306e829 [log4j/log4j-vuln-jars:latest] in file opt/wrapped_log4j.tar.gz. log4j versions: 2.14.1. Reasons: jar name inside archive matched
CVE-2021-45046 and CVE-2021-45105 detected in image df67a306e829 [log4j/log4j-vuln-jars:latest] in file opt/wrapped_log4j.zip. log4j versions: 2.14.1. Reasons: jar name inside archive matched
CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/cve-2021-45105-versions/log4j-core-2.12.2.jar. log4j versions: 2.12.2. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/cve-2021-45105-versions/log4j-core-2.16.0.jar. log4j versions: 2.16.0. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/fat_jar/fat_jar.jar. log4j versions: 2.14.0 - 2.14.1. Reasons: class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/inside_a_dist/wrapped_log4j.tar. log4j versions: 2.14.1. Reasons: jar name inside archive matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/inside_a_dist/wrapped_log4j.tar.bz2. log4j versions: 2.14.1. Reasons: jar name inside archive matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/inside_a_dist/wrapped_log4j.tar.gz. log4j versions: 2.14.1. Reasons: jar name inside archive matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/inside_a_dist/wrapped_log4j.zip. log4j versions: 2.14.1. Reasons: jar name inside archive matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/inside_a_par/wrapped_in_a_par.par. log4j versions: 2.14.1. Reasons: jar name inside archive matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/light_shading/shadow-all.jar. log4j versions: 2.12.0 - 2.14.1. Reasons: class name matched, byte code instruction MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/multiple_bad_versions/log4j-core-2.10.0.jar. log4j versions: 2.10.0, 2.9.0-2.11.2. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/multiple_bad_versions/log4j-core-2.11.0.jar. log4j versions: 2.11.0, 2.9.0-2.11.2. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/multiple_bad_versions/log4j-core-2.11.1.jar. log4j versions: 2.11.1, 2.9.0-2.11.2. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/multiple_bad_versions/log4j-core-2.11.2.jar. log4j versions: 2.11.2, 2.9.0-2.11.2. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/multiple_bad_versions/log4j-core-2.12.0.jar. log4j versions: 2.12.0. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/multiple_bad_versions/log4j-core-2.12.1.jar. log4j versions: 2.12.0, 2.12.1. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/multiple_bad_versions/log4j-core-2.13.0.jar. log4j versions: 2.13.0, 2.13.0-2.13.3. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/multiple_bad_versions/log4j-core-2.13.1.jar. log4j versions: 2.13.0-2.13.3, 2.13.1. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/multiple_bad_versions/log4j-core-2.13.2.jar. log4j versions: 2.13.0-2.13.3, 2.13.2. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/multiple_bad_versions/log4j-core-2.13.3.jar. log4j versions: 2.13.0-2.13.3, 2.13.3. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/multiple_bad_versions/log4j-core-2.14.0.jar. log4j versions: 2.14.0, 2.14.0 - 2.14.1. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/multiple_bad_versions/log4j-core-2.14.1.jar. log4j versions: 2.14.0 - 2.14.1, 2.14.1. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/multiple_bad_versions/log4j-core-2.15.0.jar. log4j versions: 2.15.0. Reasons: jar name matched, class and package name matched, class file MD5 matched
CVE-2021-45046 and CVE-2021-45105 detected in image f98b754f47fa [log4j/log4j-multiple:latest] in file opt/single_bad_version/log4j-core-2.14.1.jar. log4j versions: 2.14.0 - 2.14.1, 2.14.1. Reasons: jar name matched, class and package name matched, class file MD5 matched
Files affected by CVE-2021-45046 or CVE-2021-45105 detected: 28 file(s) impacted by CVE-2021-45046 or CVE-2021-45105
45 total files scanned, skipped 0 paths due to permission denied errors, encountered 0 errors processing paths

gcampbell12 avatar Dec 20 '21 13:12 gcampbell12

Generate changelog in changelog/@unreleased

Type

  • [x] Feature
  • [ ] Improvement
  • [ ] Fix
  • [ ] Break
  • [ ] Deprecation
  • [ ] Manual task
  • [ ] Migration

Description Adds docker command to scan locally stored docker images for log4j vulnerabilities

Check the box to generate changelog(s)

  • [x] Generate changelog entry

changelog-app[bot] avatar Dec 20 '21 13:12 changelog-app[bot]