Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update "COPY '--from' Without FROM Alias Defined Previously" query for Docker, allow external images #5115

Closed
malte-laukoetter opened this issue Apr 2, 2022 · 1 comment · Fixed by #5295
Closed

Update "COPY '--from' Without FROM Alias Defined Previously" query for Docker, allow external images #5115

malte-laukoetter opened this issue Apr 2, 2022 · 1 comment · Fixed by #5295
Assignees
@cxAndreFelicidade
Labels
community Community contribution query New query feature

Comments

@malte-laukoetter
Copy link

malte-laukoetter commented Apr 2, 2022
edited

Platform

Docker

Query

68a51e22-ae5a-4d48-8e87-b01a323605c9

Description

Currently, this query detects an issue when a COPY instruction references another docker image using --from and this image is not defined in the same Dockerfile as part of a multi-step build. The --from flag of the COPY instruction can also be used to reference external Docker images (https://docs.docker.com/develop/develop-images/multistage-build/#use-an-external-image-as-a-stage). This query should not raise an issue in this case.

Source

Some Dockerfiles for the official nats image uses this to copy files between the different versions of their docker images and kics reports that this query fails: https://github.com/nats-io/nats-docker/blob/9095670eefc7c5af2ba6400a42ff88097b018c70/2.7.4/scratch/Dockerfile
@malte-laukoetter malte-laukoetter added the query New query feature label Apr 2, 2022
@kaplanlior kaplanlior added the community Community contribution label Apr 5, 2022
@cxAndreFelicidade cxAndreFelicidade mentioned this issue May 2, 2022
Merged
@cxAndreFelicidade
Copy link
Contributor

Hello Lergin, thank you for being so attentive! I have refactored the query in question in this PR, thank you for your time!

@cxAndreFelicidade cxAndreFelicidade self-assigned this May 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cxAndreFelicidade cxAndreFelicidade

Labels
community Community contribution query New query feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(queries): fixed Docker queries related to issues 5115, 5116, and 5118 Checkmarx/kics
3 participants
@kaplanlior @malte-laukoetter @cxAndreFelicidade