search

dev-sec / cis-docker-benchmark

CIS Docker Benchmark - InSpec Profile
https://dev-sec.io/baselines/docker/
Apache License 2.0
489 stars 114 forks source link

Wrong placement of flag in command #72

Closed nnickie23 closed 1 year ago

nnickie23 commented 2 years ago

Describe the bug controls/container_images.rb uses docker history to inspect commands, and the command looks like this: 

command("docker --no-trunc history #{id}| grep -e 'update'")

Expected behavior The output without error is expected. This can be achieved by placing the flag ---no-trunc at the end of command string:

command("docker history #{id} --no-trunc | grep -e 'update'")

Actual behavior The stdout of running this command is empty because the command has an error:

unknown flag: --no-trunc
...

Example code

command(docker --no-trunc history #{id}| grep -e 'update')

OS / Environment

NAME="Ubuntu" VERSION="20.04 LTS (Focal Fossa)"

Inspec Version

4.46.13

Baseline Version

1.12.0
rndmh3ro commented 2 years ago

Thanks for reporting this! Do you want to create a PR to fix it?

nnickie23 commented 2 years ago

@rndmh3ro yes

nnickie23 commented 2 years ago

How could I do this?

rndmh3ro commented 2 years ago

Take a look at the docs here: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request