rspec/rules/S6473/docker/rule.adoc

Exposing administration services can lead to unauthorized access to containers
or escalation of privilege inside of containers.

A port that is commonly used for administration services is marked as being open
through the `EXPOSE` command. Administration services like SSH might contain
vulnerabilities, hard-coded credentials, or other security issues that increase
the attack surface of a Docker deployment. +
Even if the ports of the services do not get forwarded to the host system, by
default they are reachable from other containers in the same network. A
malicious actor that gets access to one container could use such services to
escalate access and privileges.

Removing the `EXPOSE` command is not sufficient to be secure. The port is still
open and the service accessible. To be secure, no administration services should
be started. Instead, try to access the required information from the host system.
For example, if the administration service is included to access logs or debug
a service, you can do this from the host system instead. Docker allows you to
read out any file that is inside of a container and to spawn a shell inside of
a container if necessary.


== Ask Yourself Whether

* The container starts an administration service.

There is a risk if you answered yes to the question.


== Recommended Secure Coding Practices

* Do not start SSH, VNC, RDP or similar administration services in containers.


== Sensitive Code Example

[source,docker]
----
FROM ubuntu:22.04
# Sensitive
EXPOSE 22
CMD ["/usr/sbin/sshd", "-f", "/etc/ssh/sshd_config", "-D"]
----

include::../see.adoc[]

* https://docs.docker.com/engine/reference/builder/#expose[Dockerfile reference] - EXPOSE


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../highlighting.adoc[]

include::../parameters.adoc[]

'''

endif::env-github,rspecator-view[]