# Protection Mechanism Failure (CWE-693)

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

**Stack:** Docker

- Prevalence: 높음 자주 악용됨
- Impact: 높음 1개의 높은 심각도 규칙
- Prevention: 문서화됨 8개의 수정 예시

**OWASP:** Security Misconfiguration (A05:2021-Security Misconfiguration) - #5

## Description

This weakness covers three distinct situations: Missing a protection mechanism, using a faulty protection mechanism, or incorrectly applying a protection mechanism. A missing protection mechanism occurs when the application does not defend against a specific attack. A faulty protection mechanism occurs when the application does defend against a specific attack, but the protection mechanism is not implemented correctly.

## Prevention

1개의 Shoulder 탐지 규칙을 기반으로 한 Protection Mechanism Failure 예방 전략.

### Docker

Add a HEALTHCHECK instruction to enable container health monitoring

## Warning Signs

- [LOW] Dockerfile has no HEALTHCHECK instruction for container health monitoring
- [LOW] Dockerfiles missing HEALTHCHECK instructions for container monitoring

## Consequences

- 보호 메커니즘 우회
- 승인되지 않은 코드 실행
- 권한 획득

## Mitigations

- 다층 보안(심층 방어)을 구현하세요
- 독자적인 구현 대신 업계 표준이며 검증된 보안 메커니즘을 사용하세요
- 보호 메커니즘이 우회되거나 비활성화될 수 없도록 하세요

## Detection

- Total rules: 8
- Languages: dockerfile, go, javascript, typescript

## Rules by Language

### Dockerfile (1 rules)

- **Missing Healthcheck Configuration** [LOW]: Detects Dockerfiles missing HEALTHCHECK instructions for container monitoring.
  - Remediation: Add a HEALTHCHECK instruction to monitor container health.

```dockerfile
HEALTHCHECK --interval=30s --timeout=10s --retries=3 \
  CMD curl -f http://localhost:8080/health || exit 1
```

Learn more: https://shoulder.dev/learn/docker/cwe-693/missing-healthcheck