ZupIT / horusec

Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.

Home Page:https://horusec.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Error: docker not found. Please check and try again.

anotherbridge opened this issue · comments

What happened:

When trying to run the container as described in the README, i.e.

docker run -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):/src docker.io/horuszup/horusec-cli:latest horusec start -p /src -P $(pwd)

I am getting the following response:

time="2023-02-07T06:42:27Z" level=warning msg="{HORUSEC_CLI} Config file not found"
time="2023-02-07T06:42:27Z" level=error msg="{HORUSEC_CLI} Your docker version is below of: " error=19.3
Error: docker not found. Please check and try again
Usage:
  horusec start [flags]

Examples:
horusec start

...

I tried running the same with root privileges which resulted in the same error. Moreover, I tried running it with podman instead of docker, but still the same problem did arise.
Building the tool using MAKE does result in the same issue.

What you expected to happen:

Horusec will start and analyze the code.

How to reproduce it (as minimally and precisely as possible):

  1. Ensuring that the docker daemon is running and locating the socket it is listening on (denoted as <docker socket>).
  2. Running the above command with <docker socket> instead of /var/run/docker.sock (which may coincide).

Anything else we need to know?:

The system that is tested on is hardened according to the CIS benchmark. Yet, the same problem could also be confirmed on an unhardened system.

Environment:

  • Horusec version (use horusec version): v2.8.0
  • Operating System: Debian 11.6 x86 architecture
  • Docker version: 23.0.0
  • Podman version: 3.0.1

Downgrading the docker-ce package to 19.03 fixes the issue.

Thanks very much @rand0mbits. This indeed gets the tool to run.
However, there are a few changes that are required to get it running which also includes downgrading the OS from Debian 11 to Debian 10.

Although this will get the tool to run, there are a bunch of security fixes that have been done in the last few years in docker-ce. Then the question would be when it is planned to adapt these changes and also support newer versions in the future?

Further, running horusec on the latest version of this repo gives a feedback that results in a lot of findings which should be checked and if confirmed resolved (of course there is also a lot of noise coming from GitLeaks which could be prevented by a custom rule configuration):
horusec_results.log

I have the same problem. I upgraded my docker to 23.0.0 and this issue popped up for me.

This is wrong but it works
In
/horusec/internal/controllers/requirements/docker/docker.go

change
func Validate() error { version, err := validateIfDockerIsInstalled() if err != nil { return err } return validateIfDockerIsRunningInMinVersion(version) }

to

func Validate() error { return nil }

I have the same issue over here using the CLI. The strangest thing is that if I use the Visual Studio Code extension, works perfectly.

The issue is the way to get version.
Fixed like this:

func getVersionAndSubVersion(fullVersion string) (int, int, error) {
	splited := strings.Split(fullVersion, ".");
	version, err := strconv.Atoi(splited[0])
	if err != nil {
		return 0, 0, ErrDockerNotInstalled
	}
	subversion, err := strconv.Atoi(splited[1])
	if err != nil {
		return 0, 0, ErrDockerNotInstalled
	}
	return version, subversion, nil
}

You can use this temp docker image that works with podman: https://hub.docker.com/repository/docker/gilsdav/horusec-cli
And here is how to configure podman machine: https://gist.github.com/gilsdav/d97f32beecd9fcc46b6c60d45067c6c5

@gilsdav When running the following

podman run --rm -v /run/user/$UID/podman/podman.sock:/var/run/docker.sock -v $(pwd):/src/horusec gilsdav/horusec-cli:latest horusec start -p /src/horusec -o json -O /src/horusec/horusec.json -P $(pwd)

I'm getting the following result:

/usr/local/bin/horusec: line 1: �@8@8: not found
/usr/local/bin/horusec: line 2:����o: not found
/usr/local/bin/horusec: line 2: �ELF�
                                    �������
                                          �������
                                                �����������
                                                           @��@��h: not found
/usr/local/bin/horusec: line 1: 2�: not found
/usr/local/bin/horusec: line 3:k������J: not found
/usr/local/bin/horusec: line 4: can't open : no such file
/usr/local/bin/horusec: line 4: :�: not found
/usr/local/bin/horusec: line 1: 7: not found
/usr/local/bin/horusec: line 4:���7�6: not found
/usr/local/bin/horusec: line 1: ��SA��{¨�_֔���: not found
/usr/local/bin/horusec: line 4: ��: not found
/usr/local/bin/horusec: line 5: @�d@��a: not found
/usr/local/bin/horusec: line 6: syntax error: unexpected ")"

Any idea what could be the cause of this?

Hello @anotherbridge here is the command I use for a non root machine:
docker run --rm --privileged -v /var/run/docker.sock:/var/run/docker.sock:ro \ -v $(pwd):/src/horusec \ gilsdav/horusec-cli:latest horusec start -p /src/horusec -o sonarqube -O /src/horusec/report.json -P $(pwd) --config-file-path=/src/horusec/horusec-config.json

Yes I use docker.sock that is managed by podman by its docker compatibility.

And an example of the horusec-config.json:

{
  "horusecCliFilesOrPathsToIgnore": [
    "*tmp*",
    "**/.vscode/**",
    "**/*_test.go",
    "**/deployments/**",
    "**/docs/**",
    "**/node_modules/**",
    "**/.angular/**",
    "**/.git/**"
  ],
  "horusecCliFalsePositiveHashes": [],
  "horusecCliToolsConfig": {
    "Semgrep": {
      "istoignore": false
  }
  }
}

Finally here is how I created the podman machine:
podman machine init --now --cpus=4 --memory=4096 -v $HOME:$HOME