search

snyk / leaky-vessels-static-detector

Static detection tool for runc and Docker "Leaky Vessels" vulnerabilities
https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/
Apache License 2.0
94 stars 17 forks source link

400 bad request on Docker login when using Github secrets #9

Open christopher-bulger opened 4 months ago

christopher-bulger commented 4 months ago

Trying to implement the static linter on a repo (not the org crawler) and am getting a 400 malformed request when using Github secrets for DH_USERNAME and DH_PASSWORD_OR_PAT. Curious if anyone here knows of a workaround or has implemented the linter like this?

        env:
          DH_USERNAME: ${{ secrets.DOCKER_USER }}
          DH_PASSWORD_OR_PAT: ${{ secrets.DOCKER_PASS }}
        run: |
          go run main.go dockerfile -f ./my_service/Dockerfile --base --debug

Request to: https://hub.docker.com/v2/users/login returned: 400 - {\"errinfo\":{},\"message\":\"malformed request\"}\n\n"

supriza commented 4 months ago

Hi @christopher-bulger, we've never tried to run it in Github Actions before (gh-crawler uses CircleCI). Let me try to create a working example.