From 4bb6e19965d5a148c1d11dbe0544d28323225ec4 Mon Sep 17 00:00:00 2001
From: jammasterj89 <jammasterj89@gmail.com>
Date: Mon, 29 Jul 2019 16:15:57 +0100
Subject: [PATCH 1/8] Added check_images

Added check_images which moves the previous $imgList into this function and removed the else as this is handled within the main .sh

Signed-off-by: Niall T <jammasterj89@gmail.com>
---
 tests/4_container_images.sh | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/tests/4_container_images.sh b/tests/4_container_images.sh
index 0df2676..954512d 100644
--- a/tests/4_container_images.sh
+++ b/tests/4_container_images.sh
@@ -1,19 +1,21 @@
 #!/bin/sh
 
+check_images() {
 if [ -n "$imgList" ]; then
     pattern=$(echo "$imgList" | sed 's/,/ /g')
     for img in $pattern; do
       echo "Looking for image $img"
-      sha256=$(docker image ls "$img" -q)
+      sha256=$(docker images | grep $img | awk '{print $3}')
       if [ -z "$sha256" ]; then
         echo "Image $img not found. Exiting."
         exit 1
       fi
-      images="$images $sha256 "
-    done 
-else
-  images=$(docker images -q)  
+      images="$sha256"
+      echo "images ------------------------------------ " $images
+      echo "sha356" $sha256
+    done
 fi
+}
 
 check_4() {
   logit "\n"

From af8b59f29d0dcdbea63b22bff384129726290909 Mon Sep 17 00:00:00 2001
From: jammasterj89 <jammasterj89@gmail.com>
Date: Mon, 29 Jul 2019 16:16:00 +0100
Subject: [PATCH 2/8] Added check_images

Added check_images to run the new check_images() function within tests/4_container_images.sh

Signed-off-by: Niall T <jammasterj89@gmail.com>
---
 functions_lib.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/functions_lib.sh b/functions_lib.sh
index f7c32ba..736ccaa 100644
--- a/functions_lib.sh
+++ b/functions_lib.sh
@@ -67,6 +67,7 @@ docker_daemon_files() {
 }
 
 container_images() {
+  check_images
   check_4
   check_4_1
   check_4_2

From 7f29aebd71710fe62db1ae25b87e03a9ab69b422 Mon Sep 17 00:00:00 2001
From: jammasterj89 <jammasterj89@gmail.com>
Date: Mon, 29 Jul 2019 16:16:14 +0100
Subject: [PATCH 3/8] Added $images to $exclude

Added $images $exclude logic so now containers and images are excluded.
Added new $benchimagecont for images to replicate the $benchcont for containers.

Signed-off-by: Niall T <jammasterj89@gmail.com>
---
 docker-bench-security.sh | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docker-bench-security.sh b/docker-bench-security.sh
index 2e7d0e6..b4ccbf3 100755
--- a/docker-bench-security.sh
+++ b/docker-bench-security.sh
@@ -103,15 +103,27 @@ main () {
       benchcont="$c"
     fi
   done
+  
+  # get the image id of the docker_bench_security_image, memorize it:
+  benchimagecont="nil"
+  for c in $(docker images | sed '1d' | awk '{print $3}'); do
+    if docker inspect --format '{{ .Config.Labels }}' "$c" | \
+     grep -e 'docker.bench.security' >/dev/null 2>&1; then
+      benchimagecont="$c"
+    fi
+  done
 
   if [ -n "$include" ]; then
     pattern=$(echo "$include" | sed 's/,/|/g')
     containers=$(docker ps | sed '1d' | awk '{print $NF}' | grep -v "$benchcont" | grep -E "$pattern")
+    images=$(docker images | grep -E "$pattern" | sed '1d' | awk '{print $3}' | grep -v "$benchimagecont")
   elif [ -n "$exclude" ]; then
     pattern=$(echo "$exclude" | sed 's/,/|/g')
     containers=$(docker ps | sed '1d' | awk '{print $NF}' | grep -v "$benchcont" | grep -Ev "$pattern")
+    images=$(docker images | grep -Ev "$pattern" | sed '1d' | awk '{print $3}' | grep -v "$benchimagecont")
   else
     containers=$(docker ps | sed '1d' | awk '{print $NF}' | grep -v "$benchcont")
+    images=$(docker images -q | grep -v "$benchcont")
   fi
 
   if [ -z "$containers" ]; then

From c53157e184135eb037df28005e04747f8748d907 Mon Sep 17 00:00:00 2001
From: jammasterj89 <jammasterj89@gmail.com>
Date: Tue, 30 Jul 2019 11:25:14 +0100
Subject: [PATCH 4/8] Remove -t parameter

$images now set via -i and -x parameters

Signed-off-by: Niall T <jammasterj89@gmail.com>
---
 docker-bench-security.sh | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/docker-bench-security.sh b/docker-bench-security.sh
index b4ccbf3..219859b 100755
--- a/docker-bench-security.sh
+++ b/docker-bench-security.sh
@@ -44,9 +44,8 @@ usage () {
   -l FILE      optional  Log output in FILE
   -c CHECK     optional  Comma delimited list of specific check(s)
   -e CHECK     optional  Comma delimited list of specific check(s) to exclude
-  -i INCLUDE   optional  Comma delimited list of patterns within a container name to check
-  -x EXCLUDE   optional  Comma delimited list of patterns within a container name to exclude from check
-  -t TARGET    optional  Comma delimited list of images name to check
+  -i INCLUDE   optional  Comma delimited list of patterns within a container or image name to check
+  -x EXCLUDE   optional  Comma delimited list of patterns within a container or image name to exclude from check
 EOF
 }
 
@@ -63,7 +62,6 @@ do
   e) checkexclude="$OPTARG" ;;
   i) include="$OPTARG" ;;
   x) exclude="$OPTARG" ;;
-  t) imgList="$OPTARG" ;;
   *) usage; exit 1 ;;
   esac
 done

From 6cd952c7a168ec493efd697777e3b2fbf24f3109 Mon Sep 17 00:00:00 2001
From: jammasterj89 <jammasterj89@gmail.com>
Date: Tue, 30 Jul 2019 11:25:16 +0100
Subject: [PATCH 5/8] Remove check_images

Removed check_images due to removal of -t parameter

Signed-off-by: Niall T <jammasterj89@gmail.com>
---
 functions_lib.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/functions_lib.sh b/functions_lib.sh
index 736ccaa..f7c32ba 100644
--- a/functions_lib.sh
+++ b/functions_lib.sh
@@ -67,7 +67,6 @@ docker_daemon_files() {
 }
 
 container_images() {
-  check_images
   check_4
   check_4_1
   check_4_2

From e1d26673eefe26677d8e2337426dce27fc8dfe97 Mon Sep 17 00:00:00 2001
From: jammasterj89 <jammasterj89@gmail.com>
Date: Tue, 30 Jul 2019 11:25:18 +0100
Subject: [PATCH 6/8] Remove check_images

Removed check_images due to removal of -t parameter and $images being set in docker-bench-security.sh

Signed-off-by: Niall T <jammasterj89@gmail.com>
---
 tests/4_container_images.sh | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/tests/4_container_images.sh b/tests/4_container_images.sh
index 954512d..c6e68f4 100644
--- a/tests/4_container_images.sh
+++ b/tests/4_container_images.sh
@@ -1,22 +1,5 @@
 #!/bin/sh
 
-check_images() {
-if [ -n "$imgList" ]; then
-    pattern=$(echo "$imgList" | sed 's/,/ /g')
-    for img in $pattern; do
-      echo "Looking for image $img"
-      sha256=$(docker images | grep $img | awk '{print $3}')
-      if [ -z "$sha256" ]; then
-        echo "Image $img not found. Exiting."
-        exit 1
-      fi
-      images="$sha256"
-      echo "images ------------------------------------ " $images
-      echo "sha356" $sha256
-    done
-fi
-}
-
 check_4() {
   logit "\n"
   id_4="4"

From ef206be6e0ed0a62fa2b17727472fc0c8bcd1a6e Mon Sep 17 00:00:00 2001
From: jammasterj89 <jammasterj89@gmail.com>
Date: Tue, 30 Jul 2019 11:38:38 +0100
Subject: [PATCH 7/8] Remove -t parameter

Removed -t parameter

Signed-off-by: Niall T <jammasterj89@gmail.com>
---
 README.md | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index d5e97c1..fb69ff2 100644
--- a/README.md
+++ b/README.md
@@ -56,9 +56,8 @@ version 1.13.0 or later.
   -l FILE      optional  Log output in FILE
   -c CHECK     optional  Comma delimited list of specific check(s)
   -e CHECK     optional  Comma delimited list of specific check(s) to exclude
-  -i INCLUDE   optional  Comma delimited list of patterns within a container name to check
-  -x EXCLUDE   optional  Comma delimited list of patterns within a container name to exclude from check
-  -t TARGET    optional  Comma delimited list of images name to check
+  -i INCLUDE   optional  Comma delimited list of patterns within a container or image name to check
+  -x EXCLUDE   optional  Comma delimited list of patterns within a container or image name to exclude from check
 ```
 
 By default the Docker Bench for Security script will run all available CIS tests

From 3d02432bc8255c3b115ba335d0fe4c3e24a8cd37 Mon Sep 17 00:00:00 2001
From: jammasterj89 <jammasterj89@gmail.com>
Date: Thu, 29 Aug 2019 13:48:24 +0100
Subject: [PATCH 8/8] Removed whitespace

Signed-off-by: Niall T <jammasterj89@gmail.com>
---
 docker-bench-security.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-bench-security.sh b/docker-bench-security.sh
index 219859b..dc6f584 100755
--- a/docker-bench-security.sh
+++ b/docker-bench-security.sh
@@ -101,7 +101,7 @@ main () {
       benchcont="$c"
     fi
   done
-  
+ 
   # get the image id of the docker_bench_security_image, memorize it:
   benchimagecont="nil"
   for c in $(docker images | sed '1d' | awk '{print $3}'); do