Added CWE infos to common and dockerfile queries Checkmarx#6373

Jeeppler · Dec 28, 2023 · e8bfcfd · e8bfcfd
1 parent 2afa90f
commit e8bfcfd
Show file tree

Hide file tree

Showing 50 changed files with 51 additions and 51 deletions.
diff --git a/assets/queries/common/passwords_and_secrets/metadata.json b/assets/queries/common/passwords_and_secrets/metadata.json
@@ -8,5 +8,5 @@
   "platform": "Common",
   "descriptionID": "d69d8a89",
   "cloudProvider": "common",
-  "cwe": ""
+  "cwe": "798"
 }
diff --git a/assets/queries/dockerfile/add_instead_of_copy/metadata.json b/assets/queries/dockerfile/add_instead_of_copy/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#add",
   "platform": "Dockerfile",
   "descriptionID": "0aedd324",
-  "cwe": ""
+  "cwe": "610"
 }
diff --git a/assets/queries/dockerfile/apk_add_using_local_cache_path/metadata.json b/assets/queries/dockerfile/apk_add_using_local_cache_path/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#run",
   "platform": "Dockerfile",
   "descriptionID": "d44503b8",
-  "cwe": ""
+  "cwe": "459"
 }
diff --git a/assets/queries/dockerfile/apt_get_install_lists_were_not_deleted/metadata.json b/assets/queries/dockerfile/apt_get_install_lists_were_not_deleted/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
   "platform": "Dockerfile",
   "descriptionID": "4236a50c",
-  "cwe": ""
+  "cwe": "459"
 }
diff --git a/assets/queries/dockerfile/apt_get_install_pin_version_not_defined/metadata.json b/assets/queries/dockerfile/apt_get_install_pin_version_not_defined/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
   "platform": "Dockerfile",
   "descriptionID": "e0e1edad",
-  "cwe": ""
+  "cwe": "1357"
 }
diff --git a/assets/queries/dockerfile/apt_get_missing_yes_flag_to_avoid_manual_input/metadata.json b/assets/queries/dockerfile/apt_get_missing_yes_flag_to_avoid_manual_input/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#run",
   "platform": "Dockerfile",
   "descriptionID": "2064113b",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/apt_get_not_avoiding_additional_packages/metadata.json b/assets/queries/dockerfile/apt_get_not_avoiding_additional_packages/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#run",
   "platform": "Dockerfile",
   "descriptionID": "2e92d18c",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/changing_default_shell_using_run_command/metadata.json b/assets/queries/dockerfile/changing_default_shell_using_run_command/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#shell",
   "platform": "Dockerfile",
   "descriptionID": "d859b2eb",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/chown_flag_exists/metadata.json b/assets/queries/dockerfile/chown_flag_exists/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
   "platform": "Dockerfile",
   "descriptionID": "ba0a34dc",
-  "cwe": ""
+  "cwe": "282"
 }
diff --git a/assets/queries/dockerfile/copy_from_references_current_from_alias/metadata.json b/assets/queries/dockerfile/copy_from_references_current_from_alias/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/multistage-build/",
   "platform": "Dockerfile",
   "descriptionID": "a248d89e",
-  "cwe": ""
+  "cwe": "706"
 }
diff --git a/.../queries/dockerfile/copy_with_more_than_two_arguments_not_ending_with_slash/metadata.json b/.../queries/dockerfile/copy_with_more_than_two_arguments_not_ending_with_slash/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#copy",
   "platform": "Dockerfile",
   "descriptionID": "bab38efd",
-  "cwe": ""
+  "cwe": "628"
 }
diff --git a/assets/queries/dockerfile/curl_or_wget_instead_of_add/metadata.json b/assets/queries/dockerfile/curl_or_wget_instead_of_add/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
   "platform": "Dockerfile",
   "descriptionID": "29e8216b",
-  "cwe": ""
+  "cwe": "610"
 }
diff --git a/assets/queries/dockerfile/exposing_port_22/metadata.json b/assets/queries/dockerfile/exposing_port_22/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://sysdig.com/blog/dockerfile-best-practices/",
   "platform": "Dockerfile",
   "descriptionID": "79731185",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/gem_install_without_version/metadata.json b/assets/queries/dockerfile/gem_install_without_version/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run",
   "platform": "Dockerfile",
   "descriptionID": "0586ed55",
-  "cwe": ""
+  "cwe": "1357"
 }
diff --git a/assets/queries/dockerfile/healthcheck_instruction_missing/metadata.json b/assets/queries/dockerfile/healthcheck_instruction_missing/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#healthcheck",
   "platform": "Dockerfile",
   "descriptionID": "426121ee",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/image_version_not_explicit/metadata.json b/assets/queries/dockerfile/image_version_not_explicit/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#from",
   "platform": "Dockerfile",
   "descriptionID": "4f469f06",
-  "cwe": ""
+  "cwe": "1357"
 }
diff --git a/assets/queries/dockerfile/image_version_using_latest/metadata.json b/assets/queries/dockerfile/image_version_using_latest/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/dev-best-practices/",
   "platform": "Dockerfile",
   "descriptionID": "22f535ec",
-  "cwe": ""
+  "cwe": "1357"
 }
diff --git a/assets/queries/dockerfile/last_user_is_root/metadata.json b/assets/queries/dockerfile/last_user_is_root/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#user",
   "platform": "Dockerfile",
   "descriptionID": "f445bd25",
-  "cwe": ""
+  "cwe": "250"
 }
diff --git a/assets/queries/dockerfile/maintainer_instruction_being_used/metadata.json b/assets/queries/dockerfile/maintainer_instruction_being_used/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#maintainer-deprecated",
   "platform": "Dockerfile",
   "descriptionID": "9d9cbf83",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/missing_dnf_clean_all/metadata.json b/assets/queries/dockerfile/missing_dnf_clean_all/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
   "platform": "Dockerfile",
   "descriptionID": "8f8497d7",
-  "cwe": ""
+  "cwe": "459"
 }
diff --git a/assets/queries/dockerfile/missing_flag_from_dnf_install/metadata.json b/assets/queries/dockerfile/missing_flag_from_dnf_install/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run",
   "platform": "Dockerfile",
   "descriptionID": "efc680ea",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/missing_user_instruction/metadata.json b/assets/queries/dockerfile/missing_user_instruction/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#user",
   "platform": "Dockerfile",
   "descriptionID": "eb49caf6",
-  "cwe": ""
+  "cwe": "250"
 }
diff --git a/assets/queries/dockerfile/missing_version_specification_in_dnf_install/metadata.json b/assets/queries/dockerfile/missing_version_specification_in_dnf_install/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
   "platform": "Dockerfile",
   "descriptionID": "0ab4ed7e",
-  "cwe": ""
+  "cwe": "1357"
 }
diff --git a/assets/queries/dockerfile/missing_zypper_clean/metadata.json b/assets/queries/dockerfile/missing_zypper_clean/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run",
   "platform": "Dockerfile",
   "descriptionID": "a95b2646",
-  "cwe": ""
+  "cwe": "459"
 }
diff --git a/assets/queries/dockerfile/missing_zypper_non_interactive_switch/metadata.json b/assets/queries/dockerfile/missing_zypper_non_interactive_switch/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run",
   "platform": "Dockerfile",
   "descriptionID": "b3efa689",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/multiple_cmd_instructions_listed/metadata.json b/assets/queries/dockerfile/multiple_cmd_instructions_listed/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#cmd",
   "platform": "Dockerfile",
   "descriptionID": "96f59ca3",
-  "cwe": ""
+  "cwe": "1041"
 }
diff --git a/assets/queries/dockerfile/multiple_entrypoint_instructions_listed/metadata.json b/assets/queries/dockerfile/multiple_entrypoint_instructions_listed/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#entrypoint",
   "platform": "Dockerfile",
   "descriptionID": "03be1867",
-  "cwe": ""
+  "cwe": "1041"
 }
diff --git a/assets/queries/dockerfile/multiple_run_add_copy_instructions_listed/metadata.json b/assets/queries/dockerfile/multiple_run_add_copy_instructions_listed/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://sysdig.com/blog/dockerfile-best-practices/",
   "platform": "Dockerfile",
   "descriptionID": "29bd3a34",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/not_using_json_in_cmd_and_entrypoint_arguments/metadata.json b/assets/queries/dockerfile/not_using_json_in_cmd_and_entrypoint_arguments/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#entrypoint",
   "platform": "Dockerfile",
   "descriptionID": "070b84da",
-  "cwe": ""
+  "cwe": "573"
 }
diff --git a/assets/queries/dockerfile/npm_install_without_pinned_version/metadata.json b/assets/queries/dockerfile/npm_install_without_pinned_version/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#run",
   "platform": "Dockerfile",
   "descriptionID": "8bd60033",
-  "cwe": ""
+  "cwe": "1357"
 }
diff --git a/assets/queries/dockerfile/pip_install_keeping_cached_packages/metadata.json b/assets/queries/dockerfile/pip_install_keeping_cached_packages/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
   "platform": "Dockerfile",
   "descriptionID": "a6eb5f34",
-  "cwe": ""
+  "cwe": "459"
 }
diff --git a/assets/queries/dockerfile/run_command_cd_instead_of_workdir/metadata.json b/assets/queries/dockerfile/run_command_cd_instead_of_workdir/metadata.json
@@ -4,8 +4,8 @@
   "severity": "MEDIUM",
   "category": "Build Process",
   "descriptionText": "When using RUN command 'cd' should only be used for full path. For relative path make use of WORKDIR command instead.",
-  "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#workdir",
+  "descriptionUrl": "https://docs.docker.com/develop/develop-images/instructions/#workdir",
   "platform": "Dockerfile",
   "descriptionID": "edd9f7d3",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/run_using_apt/metadata.json b/assets/queries/dockerfile/run_using_apt/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run",
   "platform": "Dockerfile",
   "descriptionID": "6cb53718",
-  "cwe": ""
+  "cwe": "758"
 }
diff --git a/assets/queries/dockerfile/run_using_sudo/metadata.json b/assets/queries/dockerfile/run_using_sudo/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#run",
   "platform": "Dockerfile",
   "descriptionID": "c4f2e24a",
-  "cwe": ""
+  "cwe": "440"
 }
diff --git a/assets/queries/dockerfile/run_using_wget_and_curl/metadata.json b/assets/queries/dockerfile/run_using_wget_and_curl/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run",
   "platform": "Dockerfile",
   "descriptionID": "22261deb",
-  "cwe": ""
+  "cwe": "1041"
 }
diff --git a/assets/queries/dockerfile/run_utilities_and_posix_commands/metadata.json b/assets/queries/dockerfile/run_utilities_and_posix_commands/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#run",
   "platform": "Dockerfile",
   "descriptionID": "677fa9a6",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/same_alias_in_different_froms/metadata.json b/assets/queries/dockerfile/same_alias_in_different_froms/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/multistage-build/",
   "platform": "Dockerfile",
   "descriptionID": "c923ad4b",
-  "cwe": ""
+  "cwe": "694"
 }
diff --git a/assets/queries/dockerfile/shell_running_a_pipe_without_pipefail_flag/metadata.json b/assets/queries/dockerfile/shell_running_a_pipe_without_pipefail_flag/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#run",
   "platform": "Dockerfile",
   "descriptionID": "26810b44",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/unix_ports_out_of_range/metadata.json b/assets/queries/dockerfile/unix_ports_out_of_range/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#expose",
   "platform": "Dockerfile",
   "descriptionID": "fed3d812",
-  "cwe": ""
+  "cwe": "682"
 }
diff --git a/assets/queries/dockerfile/unpinned_package_version_in_apk_add/metadata.json b/assets/queries/dockerfile/unpinned_package_version_in_apk_add/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
   "platform": "Dockerfile",
   "descriptionID": "adb9d5d5",
-  "cwe": ""
+  "cwe": "1357"
 }
diff --git a/assets/queries/dockerfile/unpinned_package_version_in_pip_install/metadata.json b/assets/queries/dockerfile/unpinned_package_version_in_pip_install/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/",
   "platform": "Dockerfile",
   "descriptionID": "37db3a53",
-  "cwe": ""
+  "cwe": "1357"
 }
diff --git a/assets/queries/dockerfile/update_instruction_alone/metadata.json b/assets/queries/dockerfile/update_instruction_alone/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run",
   "platform": "Dockerfile",
   "descriptionID": "3785203d",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/using_platform_with_from/metadata.json b/assets/queries/dockerfile/using_platform_with_from/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#from",
   "platform": "Dockerfile",
   "descriptionID": "5bd0baab",
-  "cwe": ""
+  "cwe": "695"
 }
diff --git a/assets/queries/dockerfile/using_unnamed_build_stages/metadata.json b/assets/queries/dockerfile/using_unnamed_build_stages/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/multistage-build/",
   "platform": "Dockerfile",
   "descriptionID": "dea09829",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/vulnerable_openssl_version/metadata.json b/assets/queries/dockerfile/vulnerable_openssl_version/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html",
   "platform": "Dockerfile",
   "descriptionID": "e0d6ef5e",
-  "cwe": ""
+  "cwe": "1395"
 }
diff --git a/assets/queries/dockerfile/workdir_path_not_absolute/metadata.json b/assets/queries/dockerfile/workdir_path_not_absolute/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#workdir",
   "platform": "Dockerfile",
   "descriptionID": "bfe0be8b",
-  "cwe": ""
+  "cwe": "665"
 }
diff --git a/assets/queries/dockerfile/yum_clean_all_missing/metadata.json b/assets/queries/dockerfile/yum_clean_all_missing/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run",
   "platform": "Dockerfile",
   "descriptionID": "714267a2",
-  "cwe": ""
+  "cwe": "459"
 }
diff --git a/assets/queries/dockerfile/yum_install_allows_manual_input/metadata.json b/assets/queries/dockerfile/yum_install_allows_manual_input/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/engine/reference/builder/#run",
   "platform": "Dockerfile",
   "descriptionID": "f17a245a",
-  "cwe": ""
+  "cwe": "710"
 }
diff --git a/assets/queries/dockerfile/yum_install_without_version/metadata.json b/assets/queries/dockerfile/yum_install_without_version/metadata.json
@@ -7,5 +7,5 @@
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run",
   "platform": "Dockerfile",
   "descriptionID": "19d4cfc7",
-  "cwe": ""
+  "cwe": "1357"
 }