Also, /bin/ps of ps may help avoid the possibility of PATH exploits. If that affects POSIX compliance (as convoluted as that may be) then detecting the correct location such as /bin/ps or /usr/bin/ps, etc., and storing that in a variable used where ps is used currently would provide similar protection.

@rnelson0, see #48 regarding #2 (comment).

@konstruktoid Some huge changes here. Looks like much has been improved, thanks to you and others! I think there are still some minor gaps, take a gander and see if I'm on track.

It looks like #14 helps with the reduction of PATH exploits (I think it's reasonable to assume that if someone injects a new binary in those directories, you cannot protect against it without a higher level framework).

In #48, get_command_line_args looks like a slight improvement but still misses positional checks. First, the -x option should be used to ensure it matches a command called docker, not one that includes docker. The grep patterns could be surrounded with better markers, perhaps ^<pattern>$ or ^--<pattern>$ as needed. I commented on these in the PR.

For options leading off with hyphens, that should prevent an issue. It's still possible that these arguments could be following a --pidfile argument which would now be on the previous line.I don't know each argument in depth to determine how this could be best addressed.

It looks like the search for tcp:// was removed, but is it possible to look at sockets rather than/in addition to cli args for that?

Sorry for the late reply @rnelson0, and thanks for joining the discussion on #48.
I merged #48, so can we close this issue and possibly open a new if you want further improvements of the searches?

Sounds good, thanks.