Question Object Learning Platform
© Copyright 2019 Quobject. All rights reserved.
A node.js wrapper for the docker command line tool
License: MIT License
This code appears to use child processes but doesn't sanitize the input. A project I was working on used this code for something like the following to run something in a container of the user's choosing:
docker.command('run <...> -d ' + containerName).then(...)
If the user just entered a semicolon after the container name, they could easily inject/run arbitrary commands on the host machine.
It's easy enough to only allow valid container names and nothing more in this instance, but the problem was not knowing that there was no sanitization being done behind the scenes. A more ambitious goal might be to make sure no malicious user input can get through, but until that's implemented there should at least be a note in the documentation about it.
Hello!
Could you provide a new release version with this feature: #18 (c6176d9) ? https://www.npmjs.com/package/docker-cli-js/v/2.7.1 2.7.1 seems too old.
Thanks!
I can't seem to find a way to run a docker exec
command. This is what I tried:
await docker.command('--host docker exec -it mycontainer sh -c "echo Hello"', function (err, data) { console.log('data = ', data); });
--host docker
is to specify that DOCKER_HOST is docker.
The output I got was data = null
Is there something I'm doing wrong, or is there no way to do a docker exec
with this utility?
const inspect = await docker.command(`images -q ${imageTag}`);
results in:
{
command: 'docker images -q ghcr.io/trieb-work/XXXXXXXX:3.0.0-b.40',
raw: '15e892c27a33\n',
images: []
}
Using --password is now a hard error, this requires STDIN to pass in the password.
It looks like you're bringing all of lodash
as a dependency, it would probably be better to just use lodash.snakecase
that you are actually using.
Would add an optional second parameter to .command
that has an echo parameter (default can be true, to not change behavior), that allows one to disable the terminal echo that happens.
var result = await docker.command('...', { echo:false });
I've been using the attached spawn.js
spawn.js.txt
wrapper to support similar functionality, you're welcome to utilize it...
I would like to be able to call docker run
and use the output as a stream. For example: waiting for a specific log emitted by a server process.
Thank you for this wonderful library.
The usefulness of the docker run command with this library is somewhat limited by the fact that when the docker command is exec'd the no environment variables are passed through except DEBUG, HOME, and PATH.
In this function I call await docker.command('info');
and it works perfectly fine locally
export async function verifySystem() {
const docker = new Docker();
const result = await docker.command('info');
if (!result.object) throw `You must install Docker to use Botfront. Please visit ${chalk.green('https://www.docker.com/products/docker-desktop')}`;
const results = await promisify(check)({ node: '>= 8.9'});
if (!results.versions.node.isSatisfied) {
throw `You must upgrade your Node.js installation to use Botfront. Please visit ${chalk.green('https://nodejs.org/en/download/')}`
};
}
Or in context: https://github.com/botfront/botfront/blob/master/cli/src/utils.js#L173
However when the package is installed from npm, the output of the Docker command is logged to the console. It can be reproduced as follows:
npm install -g botfront
botfront
➜ botfront git:(master) ✗ npm install -g botfront git:(master↓2|…
/usr/local/bin/botfront -> /usr/local/lib/node_modules/botfront/bin/botfront
> [email protected] postinstall /usr/local/lib/node_modules/botfront
> echo Botfront succesfully installed. Run 'botfront' to get started.
Botfront succesfully installed. Run botfront to get started.
+ [email protected]
added 5 packages from 2 contributors and updated 115 packages in 7.033s
➜ botfront git:(master) ✗ botfront git:(master↓2|…
Client:
Debug Mode: false
Server:
Containers: 20
Running: 6
Paused: 0
Stopped: 14
Images: 82
Server Version: 19.03.2
Storage Driver: overlay2
...
Any idea why?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.