Skip to content

[Docker Doctor] Support space-separated ENV KEY VALUE format in secret detection#7

Merged
PunGrumpy merged 3 commits into
mainfrom
advisor/003-fix-env-secret-format-parsing
Jul 12, 2026
Merged

[Docker Doctor] Support space-separated ENV KEY VALUE format in secret detection#7
PunGrumpy merged 3 commits into
mainfrom
advisor/003-fix-env-secret-format-parsing

Conversation

@PunGrumpy

Copy link
Copy Markdown
Owner

Support space-separated ENV KEY VALUE format in secret detection

Environment variables (ENV) in Dockerfiles can be specified as ENV KEY=VALUE or ENV KEY VALUE. Currently, the no-secrets-in-env check assumes KEY=VALUE format, leaving space-separated credentials undetected. This PR adds support for parsing the space-separated format so that hardcoded passwords and secrets in ENV are correctly caught by the linter.

Changes

  • packages/core/src/rules/security.ts: Update the noSecretsInEnv rule to detect if the instruction args contain =. If not, parse them as ENV KEY VALUE and check the value for credentials.
  • packages/core/test/rules.test.ts: Add unit tests verifying both space-separated secrets are detected and space-separated normal variables are ignored.

@vercel

vercel Bot commented Jul 12, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docker-doctor Ready Ready Preview, Comment Jul 12, 2026 1:58pm

@PunGrumpy PunGrumpy merged commit a744994 into main Jul 12, 2026
9 checks passed
@PunGrumpy PunGrumpy deleted the advisor/003-fix-env-secret-format-parsing branch July 12, 2026 14:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant