https://github.com/workday/tclscan-docker
tclscan docker image
https://github.com/workday/tclscan-docker
docker docker-image dockerfile tcl tclscan
Last synced: 6 months ago
JSON representation
tclscan docker image
- Host: GitHub
- URL: https://github.com/workday/tclscan-docker
- Owner: Workday
- License: mit
- Created: 2019-12-05T23:38:52.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2019-12-10T18:20:44.000Z (about 6 years ago)
- Last Synced: 2025-06-17T18:52:00.659Z (7 months ago)
- Topics: docker, docker-image, dockerfile, tcl, tclscan
- Language: Dockerfile
- Size: 4.88 KB
- Stars: 3
- Watchers: 4
- Forks: 7
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# tclscan-docker
tclscan docker image
`tclscan` is a tool that scans Tcl code for command injection flaws. For example, it can be used to assess vulnerabilities in F5 load balancer rules (implemented in Tcl). Building `tclscan` from source has proven somewhat challenging because of its dependencies (Tcl, Rust, LLVM), version mismatches, etc. `tclscan-docker` helps with that by providing a standard Dockerfile and Docker image
See
* https://github.com/kugg/tclscan
* https://blog.f-secure.com/command-injection-in-f5-irules/
### Build
```
docker build -t tclscan .
```
### Run
* Usage
```
docker run --rm -i tclscan
```
```
Invalid arguments.
Usage: tclscan check [--no-warn] ( - | )
tclscan parsestr ( - | )
```
* Read file from pipe (stdin)
```
docker run --rm -i tclscan check - < poo.tcl
```
or
```
cat poo.tcl | docker run --rm -i tclscan check -
```
```
DANGER: Dangerous unquoted block at `[stats [HTTP::header {user-agent}]]` in `eval [stats [HTTP::header {user-agent}]]
`
```
* Read file from current directory (via docker volume mount)
```
docker run --rm -i -v `pwd`:/data tclscan check poo.tcl
```
```
DANGER: Dangerous unquoted block at `[stats [HTTP::header {user-agent}]]` in `eval [stats [HTTP::header {user-agent}]]
`
```