Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kics scan within a docker can not use proxy #4257

Closed
ticteam opened this issue Sep 23, 2021 · 2 comments · Fixed by #4283
Closed

kics scan within a docker can not use proxy #4257

ticteam opened this issue Sep 23, 2021 · 2 comments · Fixed by #4283
Labels
bug Something isn't working

Comments

@ticteam
Copy link

ticteam commented Sep 23, 2021

Expected Behavior

kics scan within a docker can use proxy

Actual Behavior

Steps to Reproduce the Problem

I try to scan the folder /home/ubuntu/workspace/PROJECT/kics-scan within a docker
I also set the proxy as env but it's not working .....

docker run --env https_proxy=http://security-proxy.****.net:3128 -v /home/ubuntu/workspace/PROJECT/kics-scan:/home/ubuntu/workspace/PROJECT/kics-scan --network=host checkmarx/kics:latest scan -p /home/ubuntu/workspace/PROJECT/kics-scan -q /app/bin/assets/queries --ci --report-formats html -o /home/ubuntu/workspace/PROJECT/kics-scan --ignore-on-exit results

07:27:28 5:27AM INF Scanning with Keeping Infrastructure as Code Secure v1.4.3
07:27:28 5:27AM INF Loading queries of type:

07:27:55 5:27AM INF Inspector initialized, number of queries=1998
07:27:55 5:27AM INF Query execution timeout=1m0s
07:27:55 5:27AM ERR Unable to GET descriptions API error="Get "https://kics.io/api/\": dial tcp: lookup kics.io on 10...:53: no such host"
07:27:55 5:27AM WRN Unable to get descriptions: Get "https://kics.io/api/": dial tcp: lookup kics.io on 10...:53: no such host

Specifications

connection from docker host ubuntu works well:

  • Establish HTTP proxy tunnel to kics.io:443

CONNECT kics.io:443 HTTP/1.1
Host: kics.io:443
User-Agent: curl/7.68.0
Proxy-Connection: Keep-Alive

< HTTP/1.1 200 Connection established

  • Version:
    docker version
    Client:
    Version: 20.10.2
    API version: 1.41
    Go version: go1.13.8
    Git commit: 20.10.2-0ubuntu1~20.04.2
    Built: Tue Mar 30 21:24:57 2021
    OS/Arch: linux/amd64

  • Platform:
    uname -a
    Linux runner-0 5.4.0-77-generic Add Google storage bucket logging not enabled query for Terraform #86-Ubuntu SMP Thu Jun 17 02:35:03 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

  • Subsystem:
    behind a coorperate proxy
@ticteam ticteam added the bug Something isn't working label Sep 23, 2021
@ticteam
Copy link
Author

ticteam commented Sep 24, 2021

the isses above is with version 1.2.4 !
so I updated to version 1.4.3 AND tried it on the bash console of the host and getting the message:
1:06PM ERR Unable to GET descriptions API error="Get "https://kics.io/api/\": dial tcp: lookup kics.io: no such host"

when I downgrade to version 1.2.4 , I do not get the error and the scan ran through successfull

@rogeriopeixotocx
Copy link
Contributor

Hi @ticteam, thank you for reporting this issue, we will investigate the issue for the moment as a workaround I recommend using --disable-full-descriptions flag to continue scanning with the latest version of KICS.

rogeriopeixotocx added a commit that referenced this issue Sep 24, 2021
@rogeriopeixotocx
fixes #4257
7307be8
@rogeriopeixotocx rogeriopeixotocx mentioned this issue Sep 24, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: respect http_proxy environment variable Checkmarx/kics
2 participants
@ticteam @rogeriopeixotocx