Skip to content

fix(query): changed all dockerfile queries for case insensitive support of dockerfile commands #8006

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
cx-andre-pereira wants to merge 102 commits into
base: master
Choose a base branch
from
Open

fix(query): changed all dockerfile queries for case insensitive support of dockerfile commands #8006

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
102 commits
Select commit Hold shift + click to select a range
7a68a9e
Changed identification of docker files to be case insensitive on file…
cx-andre-pereira Mar 11, 2026
b835b6c
removed legacy redundant function 'isDockerfile' from analyzer
cx-andre-pereira Mar 11, 2026
da487cd
Improved dockerfile identification to account for relevant folder nam…
cx-andre-pereira Mar 11, 2026
8e17353
Fixed 'dockerfile' keyword not being recognized as a valid file exten…
cx-andre-pereira Mar 12, 2026
17d6b14
Minor optimization
cx-andre-pereira Mar 12, 2026
087df77
Initial test files/cases plus minor changes to supported dockerfile f…
cx-andre-pereira Mar 12, 2026
11ca942
Added new helper function 'isDockerfileExtension' to get_extension ut…
cx-andre-pereira Mar 12, 2026
8d4adfb
reverted accidental query change, fixed linting errors, fixed test er…
cx-andre-pereira Mar 12, 2026
bb88ff3
linting fix and optimized case of file named dockerfile without exten…
cx-andre-pereira Mar 12, 2026
813c9f6
More changes to fix go lint, d variable so 'dockerfile' is not used t…
cx-andre-pereira Mar 12, 2026
f1147e3
Added samples for case insensitive testing on dockerfiles, added E2E …
cx-andre-pereira Mar 13, 2026
f47018c
fix for E2E
cx-andre-pereira Mar 13, 2026
1c59974
Changed relevant functions to always treat/set the extension of valid…
cx-andre-pereira Mar 15, 2026
51b5a52
Removed last mention of 'dockerfile' without dot notation
cx-andre-pereira Mar 16, 2026
122bd04
Changed 'gitignore' check for better check order in 'GetExtension' fu…
cx-andre-pereira Mar 16, 2026
2da32f6
Slightly more restrictive check to FROM command to ensure it has a tr…
cx-andre-pereira Mar 16, 2026
1bfe126
Updates to functions, removed unnecessary if statement on scan.go and…
cx-andre-pereira Mar 17, 2026
944a70f
fix previous commit
cx-andre-pereira Mar 17, 2026
3d5c2c9
fix analyzer uni tests
cx-andre-pereira Mar 17, 2026
6da5da5
simplified new if condition
cx-andre-pereira Mar 17, 2026
c3c0968
lint fix
cx-andre-pereira Mar 17, 2026
194c47f
fixed analyze unit tests, with names ending in 'gitignore' no longer …
cx-andre-pereira Mar 17, 2026
fa26908
Case-insensitive unit tests for dockerfile samples
cx-andre-pereira Mar 17, 2026
8355e51
Slight changes to new test
cx-andre-pereira Mar 17, 2026
50980a7
Slight simplification of new docker/parser unit test
cx-andre-pereira Mar 17, 2026
f6f7986
Merge branch 'master' into AST-140477--Improvement-to-dockerfile-scan…
cx-andre-pereira Mar 17, 2026
c538a38
Mini fix on insensitive_sample
cx-andre-pereira Mar 19, 2026
e033293
Merge branch 'AST-140477--Improvement-to-dockerfile-scanning' of http…
cx-andre-pereira Mar 19, 2026
051e791
Changed E2E to 106 to fix merge conflict
cx-andre-pereira Mar 19, 2026
fd8e7f9
Merge branch 'master' into AST-140477--Improvement-to-dockerfile-scan…
cx-andre-pereira Mar 19, 2026
3d9d583
fix E2E tests
cx-andre-pereira Mar 19, 2026
1d3bc44
Final E2E fix
cx-andre-pereira Mar 19, 2026
c08ad6f
Update to 'Docker' related documentation
cx-andre-pereira Mar 20, 2026
ad57a0c
Requested change - made extDockerfile a constant
cx-andre-pereira Mar 23, 2026
e2aefc1
Fixed E2E 106 fixture 'RESULT' file name
cx-andre-pereira Mar 23, 2026
82c9ebd
Refactor to 'get_extension' and 'analyzer' to reduce redudancy
cx-andre-pereira Mar 23, 2026
1c3f046
Lint error fix
cx-andre-pereira Mar 23, 2026
6a786ea
Newline removed (lint)
cx-andre-pereira Mar 23, 2026
6fae044
Renamed variable to prevent confusing shadowing
cx-andre-pereira Mar 23, 2026
1d2b4f8
First tests
cx-andre-pereira Mar 23, 2026
14154b2
First commit with changes to all dockerfile queries for case insesiti…
cx-andre-pereira Mar 23, 2026
a2230c5
Merge branch 'master' of https://github.com/Checkmarx/kics into Docke…
cx-andre-pereira Mar 24, 2026
c356b4d
Fixes for queries that require extra commands and some expected resul…
cx-andre-pereira Mar 24, 2026
1eb5499
Small fix to update instruction alone query
cx-andre-pereira Mar 24, 2026
55f8c9b
Merge branch 'master' into AST-140477--Improvement-to-dockerfile-scan…
cx-andre-pereira Mar 24, 2026
4af5804
Requested E2E change
cx-andre-pereira Mar 26, 2026
0f510ec
Merge branch 'AST-140477--Improvement-to-dockerfile-scanning' of http…
cx-andre-pereira Mar 26, 2026
7ee77cc
Removed .ubi8 and .debian extensions checks
cx-andre-pereira Mar 30, 2026
606bd5c
Fallback on debian and ubi removal from docker/parser to test E2E
cx-andre-pereira Mar 31, 2026
3d585ba
E2E test 2
cx-andre-pereira Mar 31, 2026
d13e41f
Final fix E2E, the E2E itself was incorrect, payload included invalid…
cx-andre-pereira Mar 31, 2026
a3f2704
Merge branch 'master' into AST-140477--Improvement-to-dockerfile-scan…
cx-artur-ribeiro Apr 6, 2026
ff5fc83
Merge branch 'master' into Dockerfile_queries_fix_for_case_insensitivity
cx-andre-pereira Apr 6, 2026
886d539
Test changes for payload compatibility
cx-andre-pereira Apr 7, 2026
1822459
Testings possible fix for parsing issue (multiple From statements)
cx-andre-pereira Apr 7, 2026
10af967
Removed needless check
cx-andre-pereira Apr 7, 2026
16284d6
Fixes
cx-andre-pereira Apr 7, 2026
45d0628
Mini fix for linting
cx-andre-pereira Apr 7, 2026
775db75
Added id to distinguish repeated FROM statements on the same image (l…
cx-andre-pereira Apr 7, 2026
47b647e
Linting fix 2
cx-andre-pereira Apr 7, 2026
877366a
Best of both worlds solution, fallback to the implementation that cha…
cx-andre-pereira Apr 7, 2026
6a4b0ca
slight changes to query
cx-andre-pereira Apr 8, 2026
d0c49fb
SimID now depends on number of duplicate FROM statements prior to the…
cx-andre-pereira Apr 8, 2026
7d323bf
Merge branch 'master' of https://github.com/Checkmarx/kics into Docke…
cx-andre-pereira Apr 8, 2026
bcf0055
If it is decided that altered image name can be kept queries can stay…
cx-andre-pereira Apr 8, 2026
2bafc9a
Revert accidental line change in positive3
cx-andre-pereira Apr 8, 2026
2b61e99
Small fix unit test
cx-andre-pereira Apr 8, 2026
a358331
SearchKey values in results are now sanitized of extra ^hintLine adde…
cx-andre-pereira Apr 8, 2026
3082fdf
Moved auxiliary functions to common library and adjusted all queries …
cx-andre-pereira Apr 9, 2026
6808ee9
Files that should have been in previous commit
cx-andre-pereira Apr 9, 2026
60b2df7
Fix E2E testcase
cx-andre-pereira Apr 9, 2026
1a6b160
Adjusted expected results for same alias in different forms query
cx-andre-pereira Apr 9, 2026
ab836fb
E2E fixture fix and typo fix
cx-andre-pereira Apr 9, 2026
84e4cb2
Unit test to ensure line hint is being used on docker_detect
cx-andre-pereira Apr 10, 2026
5edd3d6
Added unit test to docker parser to ensure duplicate FROMs are distin…
cx-andre-pereira Apr 10, 2026
4cfb960
Added unit test to vulnerability builder to ensure line hint is remov…
cx-andre-pereira Apr 10, 2026
264839f
:Merge branch 'master' of https://github.com/Checkmarx/kics into AST-…
cx-andre-pereira Apr 13, 2026
5944797
New 'python' samples to test for edge case 'from' statements on files…
cx-andre-pereira Apr 13, 2026
f0aa5ce
Merge branch 'master' into AST-140477--Improvement-to-dockerfile-scan…
cx-artur-ribeiro Apr 13, 2026
f02ed8a
New samples and improved, tailored regex for dockerfile FROM statemen…
cx-andre-pereira Apr 14, 2026
11193bd
Removed duplicated sample(negative) that was in positive test fixture…
cx-andre-pereira Apr 14, 2026
d7d9005
Final fix for E2E plus the test file removal that should have been in…
cx-andre-pereira Apr 14, 2026
a957ba9
Merge branch 'master' into Dockerfile_queries_fix_for_case_insensitivity
cx-andre-pereira Apr 16, 2026
a1787f8
Merge branch 'master' of https://github.com/Checkmarx/kics into Docke…
cx-andre-pereira Apr 16, 2026
e6b1f48
Merge with #7995
cx-andre-pereira Apr 16, 2026
be365b4
Merge branch 'Dockerfile_queries_fix_for_case_insensitivity' of https…
cx-andre-pereira Apr 16, 2026
be586a2
Fix previous merge with #7995
cx-andre-pereira Apr 16, 2026
8a01605
Updates E2E fixtures
cx-andre-pereira Apr 16, 2026
e6b802d
First fix attempt on validate-search-line script
cx-andre-pereira Apr 16, 2026
71648b5
Removed need to do -1 when calling line hint function and updated doc…
cx-andre-pereira Apr 17, 2026
f07ee00
Fixed expected and actual values for using_platform_with_from query
cx-andre-pereira Apr 17, 2026
df9ce03
Fix E2E results
cx-andre-pereira Apr 17, 2026
2051586
Made UrlRegex a constant
cx-andre-pereira Apr 20, 2026
dc012a7
New samples, changed fockerfile syntax identification to aproach to e…
cx-andre-pereira Apr 21, 2026
7d7e26b
Linter fix
cx-andre-pereira Apr 21, 2026
67b1773
Merge branch 'master' into AST-140477--Improvement-to-dockerfile-scan…
cx-andre-pereira Apr 21, 2026
ed47fff
The actual linter fix
cx-andre-pereira Apr 21, 2026
9ce5266
Merge branch 'master' of https://github.com/Checkmarx/kics into Docke…
cx-andre-pereira Apr 21, 2026
4a6dee8
Another merge with #7995
cx-andre-pereira Apr 21, 2026
68510bf
E2E fix
cx-andre-pereira Apr 22, 2026
c3d2411
Fixed dokcerfile lib from statement function LineHint value so multil…
cx-andre-pereira Apr 22, 2026
adfe6fd
Fix E2E 107
cx-andre-pereira Apr 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/scripts/validate-search-line/validate_search_line.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,9 @@ def get_changed_queries():
dirs = []
for f in files:
if f.endswith("/query.rego"):
if f.startswith("assets/queries/dockerfile/"):
print(f" [SKIP] {f}: Dockerfile queries do not support searchLine")
continue
dirs.append(REPO_ROOT / Path(f).parent)
return dirs

Expand Down
14 changes: 13 additions & 1 deletion assets/libraries/dockerfile.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,4 +69,16 @@ check_multi_stage(imageName, images) {

sortedIndex := sort(unsortedIndex)
imageName == sortedIndex[minus(count(sortedIndex), 1)].Name
}
}

get_original_from_command(commands) = from_command {
commands[i].Cmd == "from"
from_command := {
"Value": substring(commands[i].Original, 0, 4),
"LineHint" : commands[i]._kics_line - 1
}
}

add_line_hint(raw_search_key, lineHint) = searchKey {
searchKey := sprintf("%s^%d", [raw_search_key, lineHint])
}
12 changes: 7 additions & 5 deletions assets/queries/dockerfile/add_instead_of_copy/query.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,18 @@ package Cx
import data.generic.dockerfile as dockerLib

CxPolicy[result] {
resource := input.document[i].command[name][_]
resource.Cmd == "add"
stage := input.document[i].command[name]

not dockerLib.arrayContains(resource.Value, {".tar", ".tar."})
resource = stage[s]
stage[s].Cmd = "add"
not dockerLib.arrayContains(stage[s].Value, {".tar", ".tar."})

from_command := dockerLib.get_original_from_command(stage)
result := {
"documentId": input.document[i].id,
"searchKey": sprintf("FROM={{%s}}.{{%s}}", [name, resource.Original]),
"searchKey": dockerLib.add_line_hint(sprintf("%s={{%s}}.{{%s}}", [from_command.Value, name, resource.Original]), from_command.LineHint),
"issueType": "IncorrectValue",
"keyExpectedValue": sprintf("'COPY' %s", [resource.Value[0]]),
"keyActualValue": sprintf("'ADD' %s", [resource.Value[0]]),
}
}
}
0 ..._instead_of_copy/test/negative.dockerfile → ...instead_of_copy/test/negative1.dockerfile
View file
Open in desktop
File renamed without changes.
10 changes: 10 additions & 0 deletions assets/queries/dockerfile/add_instead_of_copy/test/negative2.dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
from openjdk:10-jdk
volume /tmp
arg JAR_FILE
copy ${JAR_FILE} app.jar
entrypoint ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]
add http://source.file/package.file.tar.gz /temp
run tar -xjf /temp/package.file.tar.gz \
&& make -C /tmp/package.file \
&& rm /tmp/ package.file.tar.gz
# trigger validation
0 ..._instead_of_copy/test/positive.dockerfile → ...instead_of_copy/test/positive1.dockerfile
View file
Open in desktop
File renamed without changes.
9 changes: 9 additions & 0 deletions assets/queries/dockerfile/add_instead_of_copy/test/positive2.dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
from openjdk:10-jdk
volume /tmp
add http://source.file/package.file.tar.gz /temp
run tar -xjf /temp/package.file.tar.gz \
&& make -C /tmp/package.file \
&& rm /tmp/ package.file.tar.gz
arg JAR_FILE
add ${JAR_FILE} app.jar
entrypoint ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]
19 changes: 13 additions & 6 deletions assets/queries/dockerfile/add_instead_of_copy/test/positive_expected_result.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,14 @@
[
{
"queryName": "Add Instead of Copy",
"severity": "MEDIUM",
"line": 8
}
]
{
"queryName": "Add Instead of Copy",
"severity": "MEDIUM",
"line": 8,
"fileName": "positive1.dockerfile"
},
{
"queryName": "Add Instead of Copy",
"severity": "MEDIUM",
"line": 8,
"fileName": "positive2.dockerfile"
}
]
4 changes: 3 additions & 1 deletion assets/queries/dockerfile/apk_add_using_local_cache_path/query.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,11 @@ CxPolicy[result] {
runCommands := dockerLib.getCommands(command.Value[0])
containsApkAddWithoutNoCache(runCommands)

stage := input.document[i].command[name]
from_command := dockerLib.get_original_from_command(stage)
result := {
"documentId": input.document[i].id,
"searchKey": sprintf("FROM={{%s}}.{{%s}}", [name, command.Original]),
"searchKey": dockerLib.add_line_hint(sprintf("%s={{%s}}.{{%s}}", [from_command.Value, name, command.Original]), from_command.LineHint),
"issueType": "IncorrectValue",
"keyExpectedValue": "'RUN' should not contain 'apk add' command without '--no-cache' switch",
"keyActualValue": "'RUN' contains 'apk add' command without '--no-cache' switch",
Expand Down
7 changes: 7 additions & 0 deletions assets/queries/dockerfile/apk_add_using_local_cache_path/test/negative3.dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
from gliderlabs/alpine:3.3
run apk add --no-cache python
workdir /app
onbuild COPY . /app
onbuild RUN virtualenv /env && /env/bin/pip install -r /app/requirements.txt
expose 8080
cmd ["/env/bin/python", "main.py"]
7 changes: 7 additions & 0 deletions assets/queries/dockerfile/apk_add_using_local_cache_path/test/positive3.dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
from gliderlabs/alpine:3.3
run apk add --update-cache python
workdir /app
onbuild COPY . /app
onbuild RUN virtualenv /env && /env/bin/pip install -r /app/requirements.txt
expose 8080
cmd ["/env/bin/python", "main.py"]
8 changes: 7 additions & 1 deletion assets/queries/dockerfile/apk_add_using_local_cache_path/test/positive_expected_result.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,11 @@
"severity": "INFO",
"line": 2,
"fileName": "positive2.dockerfile"
},
{
"queryName": "Apk Add Using Local Cache Path",
"severity": "INFO",
"line": 2,
"fileName": "positive3.dockerfile"
}
]
]
7 changes: 6 additions & 1 deletion assets/queries/dockerfile/apt_get_install_lists_were_not_deleted/query.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
package Cx

import data.generic.dockerfile as dockerLib

CxPolicy[result] {
resource := input.document[i].command[name][_]
resource.Cmd == "run"
Expand All @@ -10,9 +12,12 @@ CxPolicy[result] {

not hasClean(resource.Value[0], aptGet[0])

stage := input.document[i].command[name]
from_command := dockerLib.get_original_from_command(stage)
run_command := substring(resource.Original, 0, 3)
result := {
"documentId": input.document[i].id,
"searchKey": sprintf("FROM={{%s}}.RUN={{%s}}", [name, commands]),
"searchKey": dockerLib.add_line_hint(sprintf("%s={{%s}}.%s={{%s}}", [from_command.Value, name, run_command, commands]), from_command.LineHint),
"issueType": "IncorrectValue", #"MissingAttribute" / "RedundantAttribute"
"keyExpectedValue": "After using apt-get install, the apt-get lists should be deleted",
"keyActualValue": "After using apt-get install, the apt-get lists were not deleted",
Expand Down
15 changes: 15 additions & 0 deletions assets/queries/dockerfile/apt_get_install_lists_were_not_deleted/test/negative3.dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
from busyboxneg1
run apt-get update && apt-get install --no-install-recommends -y python \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*

from busyboxneg2
run apt-get update && apt-get install --no-install-recommends -y python && apt-get clean

from busyboxneg3
run apt-get update && apt-get install --no-install-recommends -y python \
&& apt-get clean

from busyboxneg4
run apt-get update && apt-get install --no-install-recommends -y python \
&& rm -rf /var/lib/apt/lists/*
14 changes: 14 additions & 0 deletions assets/queries/dockerfile/apt_get_install_lists_were_not_deleted/test/positive3.dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
from busybox1
run apt-get update && apt-get install --no-install-recommends -y python

from busybox2
run apt-get install python

from busybox3
run apt-get update && apt-get install --no-install-recommends -y python
run rm -rf /var/lib/apt/lists/*

from busybox4
run apt-get update && apt-get install --no-install-recommends -y python
run rm -rf /var/lib/apt/lists/*
run apt-get clean
86 changes: 55 additions & 31 deletions ...ries/dockerfile/apt_get_install_lists_were_not_deleted/test/positive_expected_result.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,32 +1,56 @@
[
{
"queryName": "Apt Get Install Lists Were Not Deleted",
"severity": "INFO",
"line": 2,
"fileName": "positive.dockerfile"
},
{
"queryName": "Apt Get Install Lists Were Not Deleted",
"severity": "INFO",
"line": 5,
"fileName": "positive.dockerfile"
},
{
"queryName": "Apt Get Install Lists Were Not Deleted",
"severity": "INFO",
"line": 8,
"fileName": "positive.dockerfile"
},
{
"queryName": "Apt Get Install Lists Were Not Deleted",
"severity": "INFO",
"line": 12,
"fileName": "positive.dockerfile"
},
{
"queryName": "Apt Get Install Lists Were Not Deleted",
"severity": "INFO",
"line": 2,
"fileName": "positive2.dockerfile"
}
]
{
"queryName": "Apt Get Install Lists Were Not Deleted",
"severity": "INFO",
"line": 2,
"fileName": "positive.dockerfile"
},
{
"queryName": "Apt Get Install Lists Were Not Deleted",
"severity": "INFO",
"line": 5,
"fileName": "positive.dockerfile"
},
{
"queryName": "Apt Get Install Lists Were Not Deleted",
"severity": "INFO",
"line": 8,
"fileName": "positive.dockerfile"
},
{
"queryName": "Apt Get Install Lists Were Not Deleted",
"severity": "INFO",
"line": 12,
"fileName": "positive.dockerfile"
},
{
"queryName": "Apt Get Install Lists Were Not Deleted",
"severity": "INFO",
"line": 2,
"fileName": "positive2.dockerfile"
},
{
"queryName": "Apt Get Install Lists Were Not Deleted",
"severity": "INFO",
"line": 2,
"fileName": "positive3.dockerfile"
},
{
"queryName": "Apt Get Install Lists Were Not Deleted",
"severity": "INFO",
"line": 5,
"fileName": "positive3.dockerfile"
},
{
"queryName": "Apt Get Install Lists Were Not Deleted",
"severity": "INFO",
"line": 8,
"fileName": "positive3.dockerfile"
},
{
"queryName": "Apt Get Install Lists Were Not Deleted",
"severity": "INFO",
"line": 12,
"fileName": "positive3.dockerfile"
}
]
9 changes: 7 additions & 2 deletions assets/queries/dockerfile/apt_get_install_pin_version_not_defined/query.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,12 @@ CxPolicy[result] {
packageName := packages[j]
analyzePackages(j, packageName, packages, length)

stage := input.document[i].command[name]
from_command := dockerLib.get_original_from_command(stage)
run_command := substring(resource.Original, 0, 3)
result := {
"documentId": input.document[i].id,
"searchKey": sprintf("FROM={{%s}}.RUN={{%s}}", [name, commands]),
"searchKey": dockerLib.add_line_hint(sprintf("%s={{%s}}.%s={{%s}}", [from_command.Value, name, run_command, commands]), from_command.LineHint),
"searchValue": packageName,
"issueType": "MissingAttribute",
"keyExpectedValue": sprintf("Package '%s' has version defined", [packageName]),
Expand All @@ -44,9 +47,11 @@ CxPolicy[result] {
regex.match("^[a-zA-Z]", packageName) == true
not dockerLib.withVersion(packageName)

stage := input.document[i].command[name]
from_command := dockerLib.get_original_from_command(stage)
result := {
"documentId": input.document[i].id,
"searchKey": sprintf("FROM={{%s}}.{{%s}}", [name, resource.Original]),
"searchKey": dockerLib.add_line_hint(sprintf("%s={{%s}}.{{%s}}", [from_command.Value, name, resource.Original]), from_command.LineHint),
"searchValue": packageName,
"issueType": "IncorrectValue",
"keyExpectedValue": sprintf("Package '%s' has version defined", [packageName]),
Expand Down
2 changes: 2 additions & 0 deletions assets/queries/dockerfile/apt_get_install_pin_version_not_defined/test/negative4.dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
from busybox
run apt-get install python=2.7
14 changes: 14 additions & 0 deletions assets/queries/dockerfile/apt_get_install_pin_version_not_defined/test/positive3.dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
from busybox
run apt-get install python
run ["apt-get", "install", "python"]

from busybox2
run apt-get install -y -t python

from busybox3
run apt-get update && apt-get install -y \
python-qt4 \
python-pyside \
python-pip \
python3-pip \
python3-pyqt5
48 changes: 48 additions & 0 deletions ...ies/dockerfile/apt_get_install_pin_version_not_defined/test/positive_expected_result.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,5 +94,53 @@
"severity": "MEDIUM",
"line": 9,
"fileName": "positive2.dockerfile"
},
{
"queryName": "Apt Get Install Pin Version Not Defined",
"severity": "MEDIUM",
"line": 2,
"fileName": "positive3.dockerfile"
},
{
"queryName": "Apt Get Install Pin Version Not Defined",
"severity": "MEDIUM",
"line": 3,
"fileName": "positive3.dockerfile"
},
{
"queryName": "Apt Get Install Pin Version Not Defined",
"severity": "MEDIUM",
"line": 6,
"fileName": "positive3.dockerfile"
},
{
"queryName": "Apt Get Install Pin Version Not Defined",
"severity": "MEDIUM",
"line": 9,
"fileName": "positive3.dockerfile"
},
{
"queryName": "Apt Get Install Pin Version Not Defined",
"severity": "MEDIUM",
"line": 9,
"fileName": "positive3.dockerfile"
},
{
"queryName": "Apt Get Install Pin Version Not Defined",
"severity": "MEDIUM",
"line": 9,
"fileName": "positive3.dockerfile"
},
{
"queryName": "Apt Get Install Pin Version Not Defined",
"severity": "MEDIUM",
"line": 9,
"fileName": "positive3.dockerfile"
},
{
"queryName": "Apt Get Install Pin Version Not Defined",
"severity": "MEDIUM",
"line": 9,
"fileName": "positive3.dockerfile"
}
]
Loading
Loading