You are not sanitizing user input that is used as an argument for the Docker image. We recommend that you sanitize user input before passing it to a function call.
1@app.route('/someUrl')
2def docker_arbitrary_container_run_noncompliant():
3 client = docker.from_env()
4 img = request.args.get("image")
5 # Noncompliant: Unsanitised user input is passed to `run`.
6 client.containers.run(img, 'echo non compliant')
1@app.route('/someUrl')
2def docker_arbitrary_container_run_compliant():
3 client = docker.from_env()
4 img = os.environ["image"]
5 # Compliant: Input from environment variable is passed to `run`.
6 client.containers.run(img, 'echo hello world')