# Protection Mechanism Failure (CWE-693) The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. **Stack:** Docker - Prevalence: उच्च बार-बार शोषित - Impact: उच्च 1 उच्च गंभीरता वाले नियम - Prevention: प्रलेखित 8 फिक्स उदाहरण **OWASP:** Security Misconfiguration (A05:2021-Security Misconfiguration) - #5 ## Description This weakness covers three distinct situations: Missing a protection mechanism, using a faulty protection mechanism, or incorrectly applying a protection mechanism. A missing protection mechanism occurs when the application does not defend against a specific attack. A faulty protection mechanism occurs when the application does defend against a specific attack, but the protection mechanism is not implemented correctly. ## Prevention 1 Shoulder डिटेक्शन नियमों पर आधारित Protection Mechanism Failure के लिए रोकथाम रणनीतियाँ। ### Docker Add a HEALTHCHECK instruction to enable container health monitoring ## Warning Signs - [LOW] Dockerfile has no HEALTHCHECK instruction for container health monitoring - [LOW] Dockerfiles missing HEALTHCHECK instructions for container monitoring ## Consequences - सुरक्षा तंत्र को बायपास करना - अनधिकृत कोड निष्पादित करना - विशेषाधिकार प्राप्त करना ## Mitigations - सुरक्षा की अनेक परतें (defense in depth) लागू करें - कस्टम कार्यान्वयनों के बजाय उद्योग-मानक, परीक्षित सुरक्षा तंत्रों का उपयोग करें - सुनिश्चित करें कि सुरक्षा तंत्रों को बायपास या निष्क्रिय न किया जा सके ## Detection - Total rules: 8 - Languages: dockerfile, go, javascript, typescript ## Rules by Language ### Dockerfile (1 rules) - **Missing Healthcheck Configuration** [LOW]: Detects Dockerfiles missing HEALTHCHECK instructions for container monitoring. - Remediation: Add a HEALTHCHECK instruction to monitor container health. ```dockerfile HEALTHCHECK --interval=30s --timeout=10s --retries=3 \ CMD curl -f http://localhost:8080/health || exit 1 ``` Learn more: https://shoulder.dev/learn/docker/cwe-693/missing-healthcheck