search

ZupIT / horusec

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
https://horusec.io/
Apache License 2.0
1.15k stars 189 forks source link

Error: docker not found. Please check and try again. #1129

Open anotherbridge opened 1 year ago

anotherbridge commented 1 year ago

What happened:

When trying to run the container as described in the README, i.e.

docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src docker.io/horuszup/horusec-cli:latest horusec start -p /src -P $(pwd)

I am getting the following response: 

time="2023-02-07T06:42:27Z" level=warning msg="{HORUSEC_CLI} Config file not found"
time="2023-02-07T06:42:27Z" level=error msg="{HORUSEC_CLI} Your docker version is below of: " error=19.3
Error: docker not found. Please check and try again
Usage:
  horusec start [flags]

Examples:
horusec start

...

I tried running the same with root privileges which resulted in the same error. Moreover, I tried running it with podman instead of docker, but still the same problem did arise. Building the tool using MAKE does result in the same issue.

What you expected to happen:

Horusec will start and analyze the code.

How to reproduce it (as minimally and precisely as possible):

  1. Ensuring that the docker daemon is running and locating the socket it is listening on (denoted as <docker socket>).
  2. Running the above command with <docker socket> instead of /var/run/docker.sock (which may coincide).

Anything else we need to know?:

The system that is tested on is hardened according to the CIS benchmark. Yet, the same problem could also be confirmed on an unhardened system.

Environment:

rand0mbits commented 1 year ago

Downgrading the docker-ce package to 19.03 fixes the issue.

anotherbridge commented 1 year ago

Thanks very much @rand0mbits. This indeed gets the tool to run. However, there are a few changes that are required to get it running which also includes downgrading the OS from Debian 11 to Debian 10.

Although this will get the tool to run, there are a bunch of security fixes that have been done in the last few years in docker-ce. Then the question would be when it is planned to adapt these changes and also support newer versions in the future?

Further, running horusec on the latest version of this repo gives a feedback that results in a lot of findings which should be checked and if confirmed resolved (of course there is also a lot of noise coming from GitLeaks which could be prevented by a custom rule configuration): horusec_results.log

slooock commented 1 year ago

I have the same problem. I upgraded my docker to 23.0.0 and this issue popped up for me.

slooock commented 1 year ago

This is wrong but it works In /horusec/internal/controllers/requirements/docker/docker.go

change func Validate() error { version, err := validateIfDockerIsInstalled() if err != nil { return err } return validateIfDockerIsRunningInMinVersion(version) }

to

func Validate() error { return nil }

injcristianrojas commented 1 year ago

I have the same issue over here using the CLI. The strangest thing is that if I use the Visual Studio Code extension, works perfectly.

gilsdav commented 1 year ago

The issue is the way to get version. Fixed like this:

func getVersionAndSubVersion(fullVersion string) (int, int, error) {
    splited := strings.Split(fullVersion, ".");
    version, err := strconv.Atoi(splited[0])
    if err != nil {
        return 0, 0, ErrDockerNotInstalled
    }
    subversion, err := strconv.Atoi(splited[1])
    if err != nil {
        return 0, 0, ErrDockerNotInstalled
    }
    return version, subversion, nil
}
gilsdav commented 1 year ago

You can use this temp docker image that works with podman: https://hub.docker.com/repository/docker/gilsdav/horusec-cli And here is how to configure podman machine: https://gist.github.com/gilsdav/d97f32beecd9fcc46b6c60d45067c6c5

anotherbridge commented 12 months ago

@gilsdav When running the following

podman run --rm -v /run/user/$UID/podman/podman.sock:/var/run/docker.sock -v $(pwd):/src/horusec gilsdav/horusec-cli:latest horusec start -p /src/horusec -o json -O /src/horusec/horusec.json -P $(pwd)

I'm getting the following result: 

/usr/local/bin/horusec: line 1: �@8@8: not found
/usr/local/bin/horusec: line 2:����o: not found
/usr/local/bin/horusec: line 2: ELF�
                                    �������
                                          �������
                                                �����������
                                                           @��@��h: not found
/usr/local/bin/horusec: line 1: 2�: not found
/usr/local/bin/horusec: line 3:k������J: not found
/usr/local/bin/horusec: line 4: can't open : no such file
/usr/local/bin/horusec: line 4: :�: not found
/usr/local/bin/horusec: line 1: 7: not found
/usr/local/bin/horusec: line 4:���7�6: not found
/usr/local/bin/horusec: line 1: ��SA��{¨�_֔���: not found
/usr/local/bin/horusec: line 4: ��: not found
/usr/local/bin/horusec: line 5: @�d@��a: not found
/usr/local/bin/horusec: line 6: syntax error: unexpected ")"

Any idea what could be the cause of this?

gilsdav commented 12 months ago

Hello @anotherbridge here is the command I use for a non root machine: docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock:ro \ -v $(pwd):/src/horusec \ gilsdav/horusec-cli:latest horusec start -p /src/horusec -o sonarqube -O /src/horusec/report.json -P $(pwd) --config-file-path=/src/horusec/horusec-config.json

Yes I use docker.sock that is managed by podman by its docker compatibility.

And an example of the horusec-config.json:

{
  "horusecCliFilesOrPathsToIgnore": [
    "*tmp*",
    "**/.vscode/**",
    "**/*_test.go",
    "**/deployments/**",
    "**/docs/**",
    "**/node_modules/**",
    "**/.angular/**",
    "**/.git/**"
  ],
  "horusecCliFalsePositiveHashes": [],
  "horusecCliToolsConfig": {
    "Semgrep": {
      "istoignore": false
  }
  }
}

Finally here is how I created the podman machine: podman machine init --now --cpus=4 --memory=4096 -v $HOME:$HOME