A Static Detection Method for Dockerfile Temporary Files Based on Rule Validation

doi:10.19678/j.issn.1000-3428.0068330

Abstract

Abstract: The temporary file issue in Dockerfile causes the Docker image to pack unnecessary file resources beyond its functional requirements, resulting in an increase in image size and affecting the efficiency of image transmission and deployment. The existing dynamic analysis methods generate a large number of logs during runtime, resulting in significant system overhead. However, static analysis methods cannot detect various changes in temporary files, which limits their effective application in daily detection. This article proposes a static detection method for Dockerfile temporary files, which collects 21 temporary file forms through rule validation; Using node association algorithm to improve the AST structure and enhance detection efficiency; And based on NA-AST, a coloring mechanism is used to process nodes, ensuring detection integrity. The experimental results show that compared to existing schemes, the proposed method can detect various temporary file forms in files with less time overhead. In addition, this method provides a basis for classifying the forms of temporary files, which can be used for analyzing and detecting the new forms of subsequent temporary files, and has high universality.

摘要： Dockerfile中存在的临时文件问题使Docker镜像打包了超过其功能所需的不必要文件资源，导致镜像尺寸增大，影响了镜像传输和部署的效率。现有的动态分析法在运行时会产生大量日志，造成较大的系统开销，而静态分析法无法检测出临时文件的多种变化形式，限制了其在日常检测中的有效应用。本文提出了一种Dockerfile临时文件静态检测方法，通过规则验证收集了21种临时文件形式；使用节点关联算法改进AST结构，提高了检测效率；并在NA-AST基础上使用着色机制对节点进行处理，保证了检测完整性。实验结果表明，相较于现有方案，所提方法能够以较小的时间开销检测出文件中存在的各种临时文件形式。此外本文方法提供了一种对临时文件形式分类的依据，可用于对后续临时文件新增形式的分析和检测，具有较高的普适性。

SU Hui, ZHANG Jianhui, ZENG Junjie, CHU Xiaoxi. A Static Detection Method for Dockerfile Temporary Files Based on Rule Validation[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.0068330.

苏珲, 张建辉, 曾俊杰, 楚小茜. 基于规则验证的Dockerfile临时文件静态检测方法[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.0068330.

/ / Recommend / Download Citations

URL: http://www.ecice06.com/EN/10.19678/j.issn.1000-3428.0068330

References

[1] BENTALEB O, BELLOUM A S Z, SEBAA A, et al. Containerization technologies: taxonomies, applications and challenges [J]. J Supercomput, 2022, 78(1): 1144-1181.
[2] CHEN Y Y,WANG X N,LU S S,et al.Survey of Container Technology for High-performance Computing System [J]. Computer Science, 2023,50(02):353-363. 陈轶阳,王小宁,卢莎莎,等.面向高性能计算系统的容器技术综述[J].计算机科学.2023,(2):353-363.
[3] FELTER W, FERREIRA A, RAJAMONY R, et al. An Updated Performance Comparison of Virtual Machines and Linux Containers [C]//IEEE International Symposium on Performance Analysis of Systems and Software.NEW YORK:IEEE,2015:171-172.
[4] SHARMA P, CHAUFOURNIER L, SHENOY P, et al. Containers and Virtual Machines at Scale: A Comparative Study[C]//17th ACM/IFIP/USENIX International Middleware Conference. NEW YORK:Assoc Computing Machinery,2016:Article 1,1-13.
[5] POTDAR A M, NARAYAN D G, KENGOND S, et al. Performance Evaluation of Docker Container and Virtual Machine [J]. Procedia Comput Sci (Netherlands), 2020, 171: 1419-1428.
[6] KRATZKE N. A Brief History of Cloud Application Architectures [J]. Appl Sci-Basel, 2018, 8(8): 26.
[7] PAHL C, BROGI A, SOLDANI J, et al. Cloud Container Technologies: A State-of-the-Art Review [J]. IEEE Trans Cloud Comput, 2019, 7(3): 677-692.
[8] SINGH V, PEDDOJU S K. Container-based microservice architecture for cloud applications[C]//IEEE International Conference on Computing, Communication and Automation, NEW YORK:Institute of Electrical and Electronics Engineers Inc,2017:847-852.
[9] MERKEL D. Docker: Lightweight Linux containers for consistent development and deployment[J]. Linux Journal, 2014(239): 2.
[10] ZHU H, BAYLEY I. If Docker is the Answer, What is the Question?[C]//12th IEEE International Symposium on Service-Oriented System Engineering. NEW YORK: IEEE,2018:152-163.
[11] BOETTIGER C. An introduction to Docker for reproducible research[J]. ACM SIGOPS Operating Systems Review,2015, 49(1): 71-79.
[12] Hadolint.Linter [EB/OL]. https://github.com/hadolint/hadolint
[13] LIN C Y, NADI S, KHAZAEI H, et al. A Large-scale Data Set and an Empirical Study of Docker Images Hosted on Docker Hub[C]//36th IEEE International Conference on Software Maintenance and Evolution (ICSME). NEW YORK:IEEE, 2020:371-381.
[14] LU Z G, XU J W, WU Y W, et al. An Empirical Case Study on the Temporary File Smell in Dockerfiles [J]. IEEE Access, 2019, 7: 63650-63659.
[15] XU J W, WU Y W, LU Z G, et al. Dockerfile TF smell detection based on dynamic and static analysis methods[C]//43rd IEEE-Computer-Society Annual International Computers, Software and Applications Conference (COMPSAC).LOS ALAMITOS:IEEE Computer Soc, 2019: 185-190.
[16] RASTOGI V, DAVIDSON D, DE CARLI L, et al. Cimplifier: Automatically Debloating Containers[C] //11th Joint Meeting of European Software Engineering Conference (ESEC) / ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE).NEW YORK:ACM,2017:476-486.
[17] CHAU N T, YOON J, DOAN T P, et al. AppPACK: A Packaging Model for Single-Purpose Lightweight Virtualization Environment [J]. IEEE Access, 2021, 9: 30071-30079.
[18] DU L, WO T Y, YANG R Y, et al. Cider: a Rapid Docker Container Deployment System Through Sharing Network Storage[C]//19th IEEE International Conference on High Performance Computing and Communications (HPCC).NEW YORK:IEEE, 2017:332-339.
[19] LITTLEY M, ANWAR A, FAYYAZ H, et al. Bolt: Towards a Scalable Docker Registry via Hyperconvergence[C]//12th IEEE International Conference on Cloud Computing (IEEE CLOUD) held as Part of IEEE World Congress on Services (IEEE SERVICES).NEW YORK:IEEE, 2019:358-366.
[20] ZHAO N N, TARASOV V, ALBAHAR H, et al. Large-Scale Analysis of Docker Images and Performance Implications for Container Storage Systems [J]. IEEE Trans Parallel Distrib Syst, 2021, 32(4): 918-930.
[21] ZHANG J, LIU B, WANG X. A Container Deployment Optimization Method for Edge Computing [J]. Journal of Physics: Conference Series, 2021, 1927(1).
[22] LU Z G,XU J W,HUANG T. Container Image Deduplication Method Based on Chunking Reuse of Multi-versions [J]. Journal of Software,2020,31(06):1875-1888. 陆志刚,徐继伟,黄涛.基于分片复用的多版本容器镜像加载方法[J].软件学报.2020,(6):1875-1888.
[23] HARDI N, BLOMER J, GANIS G, et al.Making containers lazy with Docker and CernVM-FS[C]//18th International Workshop on Advanced Computing and Analysis Techniques in Physics Research (ACAT).BRISTOL:Iop Publishing Ltd, 2018:1-7.
[24] MOSCIATTI S, BLOMER J, GANIS G, et al. CernVM-FS Container Image Integration [J]. Journal of Physics: Conference Series, 2020, 1525(1).
[25] MOSCIATTI S, LANGE C, BLOMER J. Increasing the Execution Speed of Containerized Analysis Workflows Using an Image Snapshotter in Combination With CVMFS [J]. Front Big Data, 2021, 4: 7.

Please choose a citation manager

Content to export