From 7a68a9e96c1843efe2b8db83e315173ff2b763c8 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Wed, 11 Mar 2026 22:11:34 +0000 Subject: [PATCH 01/29] Changed identification of docker files to be case insensitive on files named 'dockerfile' --- pkg/analyzer/analyzer.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index ee4c9984b37..88c55eeaea7 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -433,9 +433,11 @@ func (a *analyzerInfo) worker( //nolint: gocyclo if errExt == nil { linesCount, _ := utils.LineCounter(a.filePath, a.fallbackMinifiedFileLOC) + ext := strings.ToLower(ext) + switch ext { // Dockerfile (direct identification) - case ".dockerfile", "Dockerfile": + case ".dockerfile", "dockerfile": if a.isAvailableType(dockerfile) { results <- dockerfile locCount <- linesCount From b835b6cb8ed2452439bf2f9bab4f81e451f208a8 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Wed, 11 Mar 2026 22:11:35 +0000 Subject: [PATCH 02/29] removed legacy redundant function 'isDockerfile' from analyzer --- pkg/analyzer/analyzer.go | 28 ++-------------------------- 1 file changed, 2 insertions(+), 26 deletions(-) diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index 88c55eeaea7..e0d4d5f617e 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -434,7 +434,7 @@ func (a *analyzerInfo) worker( //nolint: gocyclo linesCount, _ := utils.LineCounter(a.filePath, a.fallbackMinifiedFileLOC) ext := strings.ToLower(ext) - + switch ext { // Dockerfile (direct identification) case ".dockerfile", "dockerfile": @@ -445,7 +445,7 @@ func (a *analyzerInfo) worker( //nolint: gocyclo } // Dockerfile (indirect identification) case "possibleDockerfile", ".ubi8", ".debian": - if a.isAvailableType(dockerfile) && isDockerfile(a.filePath) { + if a.isAvailableType(dockerfile) { results <- dockerfile locCount <- linesCount fileInfo <- fileTypeInfo{filePath: a.filePath, fileType: dockerfile, locCount: linesCount} @@ -489,30 +489,6 @@ func (a *analyzerInfo) worker( //nolint: gocyclo } } -func isDockerfile(path string) bool { - content, err := os.ReadFile(filepath.Clean(path)) - if err != nil { - log.Error().Msgf("failed to analyze file: %s", err) - return false - } - - regexes := []*regexp.Regexp{ - regexp.MustCompile(`\s*FROM\s*`), - regexp.MustCompile(`\s*RUN\s*`), - } - - check := true - - for _, regex := range regexes { - if !regex.Match(content) { - check = false - break - } - } - - return check -} - // overrides k8s match when all regexes pass for azureresourcemanager key and extension is set to json func needsOverride(check bool, returnType, key, ext string) bool { if check && returnType == kubernetes && key == arm && ext == json { From da487cd1cd4ca5188d2ff523a20717e40f404d84 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Wed, 11 Mar 2026 22:11:35 +0000 Subject: [PATCH 03/29] Improved dockerfile identification to account for relevant folder names and all files with prefix 'dockerfile.' as well as all files with the '.dockerfile' extension type in a case insensitive matter (improvement on first commit) --- pkg/analyzer/analyzer.go | 13 +------------ pkg/utils/get_extension.go | 29 +++++++++++++++++++---------- 2 files changed, 20 insertions(+), 22 deletions(-) diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index e0d4d5f617e..4bd0f28753d 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -433,25 +433,14 @@ func (a *analyzerInfo) worker( //nolint: gocyclo if errExt == nil { linesCount, _ := utils.LineCounter(a.filePath, a.fallbackMinifiedFileLOC) - ext := strings.ToLower(ext) - switch ext { - // Dockerfile (direct identification) + // Dockerfile case ".dockerfile", "dockerfile": if a.isAvailableType(dockerfile) { results <- dockerfile locCount <- linesCount fileInfo <- fileTypeInfo{filePath: a.filePath, fileType: dockerfile, locCount: linesCount} } - // Dockerfile (indirect identification) - case "possibleDockerfile", ".ubi8", ".debian": - if a.isAvailableType(dockerfile) { - results <- dockerfile - locCount <- linesCount - fileInfo <- fileTypeInfo{filePath: a.filePath, fileType: dockerfile, locCount: linesCount} - } else { - unwanted <- a.filePath - } // Terraform case ".tf", "tfvars": if a.isAvailableType(terraform) { diff --git a/pkg/utils/get_extension.go b/pkg/utils/get_extension.go index cfc9bc48861..5b35f50e204 100644 --- a/pkg/utils/get_extension.go +++ b/pkg/utils/get_extension.go @@ -14,7 +14,6 @@ import ( // GetExtension gets the extension of a file path func GetExtension(path string) (string, error) { - targets := []string{"Dockerfile", "tfvars"} // Get file information fileInfo, err := os.Stat(path) @@ -26,12 +25,24 @@ func GetExtension(path string) (string, error) { return "", fmt.Errorf("the path %s is a directory", path) } + base := filepath.Base(path) + if strings.HasPrefix(strings.ToLower(base), "dockerfile.") { + return ".dockerfile", nil + } + ext := filepath.Ext(path) - if ext == "" { - base := filepath.Base(path) + if strings.ToLower(ext) == ".dockerfile" { + return ".dockerfile", nil + } - if Contains(base, targets) { - ext = base + dir := strings.ToLower(filepath.Base(filepath.Dir(path))) + if (dir == "docker" || dir == "dockerfile" || dir == "dockerfiles") && readPossibleDockerFile(path) { + return ".dockerfile", nil + } + + if ext == "" { + if base == "tfvars" { + ext = ".tfvars" } else { isText, err := isTextFile(path) @@ -39,10 +50,8 @@ func GetExtension(path string) (string, error) { return "", err } - if isText { - if readPossibleDockerFile(path) { - ext = "possibleDockerfile" - } + if isText && readPossibleDockerFile(path) { + return ".dockerfile", nil } } } @@ -70,7 +79,7 @@ func readPossibleDockerFile(path string) bool { for scanner.Scan() { if strings.HasPrefix(scanner.Text(), "FROM") { return true - } else if strings.HasPrefix(scanner.Text(), "#") { + } else if strings.HasPrefix(scanner.Text(), "#") || strings.HasPrefix(scanner.Text(), "ARG") || scanner.Text() == "" { continue } else { return false From 8e17353348cd3c6b69111eab52924250f2cc8eed Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Thu, 12 Mar 2026 14:02:31 +0000 Subject: [PATCH 04/29] Fixed 'dockerfile' keyword not being recognized as a valid file extension, added support for all ubi8/debian files in case of valid dockerfile structure, added support for lower case dockerfile commands - most queries will have issues with this but relevant text files are properly detected as a 'dockerfile' as intended --- .../missing_user_instruction/query.rego | 3 +- pkg/analyzer/analyzer.go | 32 +++++++++---------- pkg/parser/docker/parser.go | 6 ++-- pkg/utils/get_extension.go | 24 ++++++++------ 4 files changed, 37 insertions(+), 28 deletions(-) diff --git a/assets/queries/dockerfile/missing_user_instruction/query.rego b/assets/queries/dockerfile/missing_user_instruction/query.rego index 51913455708..b4019390ca0 100644 --- a/assets/queries/dockerfile/missing_user_instruction/query.rego +++ b/assets/queries/dockerfile/missing_user_instruction/query.rego @@ -1,6 +1,7 @@ package Cx import data.generic.dockerfile as dockerLib +import data.generic.common as common_lib CxPolicy[result] { resource := input.document[i].command[name] @@ -14,7 +15,7 @@ CxPolicy[result] { "searchKey": sprintf("FROM={{%s}}", [name]), "issueType": "MissingAttribute", "keyExpectedValue": "The 'Dockerfile' should contain the 'USER' instruction", - "keyActualValue": "The 'Dockerfile' does not contain any 'USER' instruction", + "keyActualValue": "The 'Dockerfile' does not contain any 'USER' instruction" } } diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index 4bd0f28753d..8b658d4e8cb 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -98,22 +98,21 @@ var ( listKeywordsGoogleDeployment = []string{"resources"} armRegexTypes = []string{"blueprint", "templateArtifact", "roleAssignmentArtifact", "policyAssignmentArtifact"} possibleFileTypes = map[string]bool{ - ".yml": true, - ".yaml": true, - ".json": true, - ".dockerfile": true, - "Dockerfile": true, - "possibleDockerfile": true, - ".debian": true, - ".ubi8": true, - ".tf": true, - "tfvars": true, - ".proto": true, - ".sh": true, - ".cfg": true, - ".conf": true, - ".ini": true, - ".bicep": true, + ".yml": true, + ".yaml": true, + ".json": true, + ".dockerfile": true, + "dockerfile": true, + ".debian": true, + ".ubi8": true, + ".tf": true, + "tfvars": true, + ".proto": true, + ".sh": true, + ".cfg": true, + ".conf": true, + ".ini": true, + ".bicep": true, } supportedRegexes = map[string][]string{ "azureresourcemanager": append(armRegexTypes, arm), @@ -430,6 +429,7 @@ func (a *analyzerInfo) worker( //nolint: gocyclo }() ext, errExt := utils.GetExtension(a.filePath) + if errExt == nil { linesCount, _ := utils.LineCounter(a.filePath, a.fallbackMinifiedFileLOC) diff --git a/pkg/parser/docker/parser.go b/pkg/parser/docker/parser.go index 7f97835b07e..43c7e7aa473 100644 --- a/pkg/parser/docker/parser.go +++ b/pkg/parser/docker/parser.go @@ -59,7 +59,9 @@ func (p *Parser) Parse(_ string, fileContent []byte) ([]model.Document, []int, e for _, child := range parsed.AST.Children { child.Value = strings.ToLower(child.Value) if child.Value == "from" { - fromValue = strings.TrimPrefix(child.Original, "FROM ") + if strings.HasPrefix(strings.ToUpper(child.Original), "FROM ") { + fromValue = child.Original[5:] + } } if ignoreStruct.getIgnoreComments(child) { @@ -133,7 +135,7 @@ func (p *Parser) GetKind() model.FileKind { // SupportedExtensions returns Dockerfile extensions func (p *Parser) SupportedExtensions() []string { - return []string{"Dockerfile", ".dockerfile", ".ubi8", ".debian", "possibleDockerfile"} + return []string{"Dockerfile", ".dockerfile", "dockerfile", ".ubi8", ".debian", "possibleDockerfile"} } // SupportedTypes returns types supported by this parser, which are dockerfile diff --git a/pkg/utils/get_extension.go b/pkg/utils/get_extension.go index 5b35f50e204..61701654d78 100644 --- a/pkg/utils/get_extension.go +++ b/pkg/utils/get_extension.go @@ -14,9 +14,9 @@ import ( // GetExtension gets the extension of a file path func GetExtension(path string) (string, error) { - // Get file information fileInfo, err := os.Stat(path) + extDockerfile := ".dockerfile" if err != nil { return "", fmt.Errorf("file %s not found", path) } @@ -27,20 +27,25 @@ func GetExtension(path string) (string, error) { base := filepath.Base(path) if strings.HasPrefix(strings.ToLower(base), "dockerfile.") { - return ".dockerfile", nil + return extDockerfile, nil } ext := filepath.Ext(path) - if strings.ToLower(ext) == ".dockerfile" { - return ".dockerfile", nil + if strings.EqualFold(ext, ".dockerfile") { + return extDockerfile, nil } dir := strings.ToLower(filepath.Base(filepath.Dir(path))) if (dir == "docker" || dir == "dockerfile" || dir == "dockerfiles") && readPossibleDockerFile(path) { - return ".dockerfile", nil + return extDockerfile, nil } - if ext == "" { + switch ext { + case ".ubi8", ".debian": + if readPossibleDockerFile(path) { + return extDockerfile, nil + } + case "": if base == "tfvars" { ext = ".tfvars" } else { @@ -51,9 +56,10 @@ func GetExtension(path string) (string, error) { } if isText && readPossibleDockerFile(path) { - return ".dockerfile", nil + return extDockerfile, nil } } + } return ext, nil @@ -77,9 +83,9 @@ func readPossibleDockerFile(path string) bool { scanner := bufio.NewScanner(file) // Read lines from the file for scanner.Scan() { - if strings.HasPrefix(scanner.Text(), "FROM") { + if strings.HasPrefix(strings.ToLower(scanner.Text()), "from") { return true - } else if strings.HasPrefix(scanner.Text(), "#") || strings.HasPrefix(scanner.Text(), "ARG") || scanner.Text() == "" { + } else if strings.HasPrefix(scanner.Text(), "#") || strings.HasPrefix(strings.ToLower(scanner.Text()), "arg") || scanner.Text() == "" { continue } else { return false From 17d6b14ed142af4a722fc17dd3d1f022a28fe820 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Thu, 12 Mar 2026 14:36:56 +0000 Subject: [PATCH 05/29] Minor optimization --- pkg/utils/get_extension.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/pkg/utils/get_extension.go b/pkg/utils/get_extension.go index 61701654d78..f23f544a313 100644 --- a/pkg/utils/get_extension.go +++ b/pkg/utils/get_extension.go @@ -83,12 +83,14 @@ func readPossibleDockerFile(path string) bool { scanner := bufio.NewScanner(file) // Read lines from the file for scanner.Scan() { - if strings.HasPrefix(strings.ToLower(scanner.Text()), "from") { - return true - } else if strings.HasPrefix(scanner.Text(), "#") || strings.HasPrefix(strings.ToLower(scanner.Text()), "arg") || scanner.Text() == "" { + if strings.HasPrefix(scanner.Text(), "#") || strings.HasPrefix(strings.ToLower(scanner.Text()), "arg") || scanner.Text() == "" { continue } else { - return false + if strings.HasPrefix(strings.ToLower(scanner.Text()), "from") { + return true + } else { + return false + } } } return false From 087df77b58be62db1f5c18d87fa17b23dcbae6ef Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Thu, 12 Mar 2026 16:31:06 +0000 Subject: [PATCH 06/29] Initial test files/cases plus minor changes to supported dockerfile formats for consistency --- pkg/parser/docker/parser.go | 2 +- pkg/parser/docker/parser_test.go | 2 +- pkg/parser/parser_test.go | 1 + pkg/remediation/scan.go | 2 +- pkg/utils/get_extension_test.go | 120 +++++++++++++++++- test/fixtures/dockerfile/DOCKERfile.txt | 17 +++ test/fixtures/dockerfile/Dockerfile.something | 8 ++ test/fixtures/dockerfile/any_name.debian | 8 ++ test/fixtures/dockerfile/any_name.ubi8 | 8 ++ test/fixtures/dockerfile/dockerFILE | 7 + test/fixtures/dockerfile/file.Dockerfile | 7 + test/fixtures/dockerfile/file_2.DOCKERfile | 7 + test/fixtures/dockerfile/random_name | 7 + .../test_folder_names/docker/any_file.txt | 5 + .../test_folder_names/dockerfile/any_file.txt | 5 + .../dockerfiles/any_file.txt | 5 + .../Docker/any_file.txt | 5 + .../Dockerfile/any_file.txt | 5 + .../Dockerfiles/any_file.txt | 5 + .../negative_dockerfile/not_dockerfile.debian | 7 + .../negative_dockerfile/not_dockerfile.txt | 3 + .../negative_dockerfile/not_dockerfile.ubi8 | 5 + 22 files changed, 234 insertions(+), 7 deletions(-) create mode 100644 test/fixtures/dockerfile/DOCKERfile.txt create mode 100644 test/fixtures/dockerfile/Dockerfile.something create mode 100644 test/fixtures/dockerfile/any_name.debian create mode 100644 test/fixtures/dockerfile/any_name.ubi8 create mode 100644 test/fixtures/dockerfile/dockerFILE create mode 100644 test/fixtures/dockerfile/file.Dockerfile create mode 100644 test/fixtures/dockerfile/file_2.DOCKERfile create mode 100644 test/fixtures/dockerfile/random_name create mode 100644 test/fixtures/dockerfile/test_folder_names/docker/any_file.txt create mode 100644 test/fixtures/dockerfile/test_folder_names/dockerfile/any_file.txt create mode 100644 test/fixtures/dockerfile/test_folder_names/dockerfiles/any_file.txt create mode 100644 test/fixtures/dockerfile/test_folder_names_case/Docker/any_file.txt create mode 100644 test/fixtures/dockerfile/test_folder_names_case/Dockerfile/any_file.txt create mode 100644 test/fixtures/dockerfile/test_folder_names_case/Dockerfiles/any_file.txt create mode 100644 test/fixtures/negative_dockerfile/not_dockerfile.debian create mode 100644 test/fixtures/negative_dockerfile/not_dockerfile.txt create mode 100644 test/fixtures/negative_dockerfile/not_dockerfile.ubi8 diff --git a/pkg/parser/docker/parser.go b/pkg/parser/docker/parser.go index 43c7e7aa473..fc507ef3d88 100644 --- a/pkg/parser/docker/parser.go +++ b/pkg/parser/docker/parser.go @@ -135,7 +135,7 @@ func (p *Parser) GetKind() model.FileKind { // SupportedExtensions returns Dockerfile extensions func (p *Parser) SupportedExtensions() []string { - return []string{"Dockerfile", ".dockerfile", "dockerfile", ".ubi8", ".debian", "possibleDockerfile"} + return []string{"Dockerfile", ".dockerfile", "dockerfile", ".ubi8", ".debian"} } // SupportedTypes returns types supported by this parser, which are dockerfile diff --git a/pkg/parser/docker/parser_test.go b/pkg/parser/docker/parser_test.go index 3f6d6076ba9..5ca430dbbc1 100644 --- a/pkg/parser/docker/parser_test.go +++ b/pkg/parser/docker/parser_test.go @@ -17,7 +17,7 @@ func TestParser_GetKind(t *testing.T) { // TestParser_SupportedExtensions tests the functions [SupportedExtensions()] and all the methods called by them func TestParser_SupportedExtensions(t *testing.T) { p := &Parser{} - require.Equal(t, []string{"Dockerfile", ".dockerfile", ".ubi8", ".debian", "possibleDockerfile"}, p.SupportedExtensions()) + require.Equal(t, []string{"Dockerfile", ".dockerfile", "dockerfile", ".ubi8", ".debian"}, p.SupportedExtensions()) } // TestParser_SupportedExtensions tests the functions [SupportedTypes()] and all the methods called by them diff --git a/pkg/parser/parser_test.go b/pkg/parser/parser_test.go index 73d1f4d44b7..bbc45a089c5 100644 --- a/pkg/parser/parser_test.go +++ b/pkg/parser/parser_test.go @@ -94,6 +94,7 @@ func TestParser_SupportedExtensions(t *testing.T) { require.Contains(t, extensions, ".tf") require.Contains(t, extensions, ".yaml") require.Contains(t, extensions, ".dockerfile") + require.Contains(t, extensions, "dockerfile") require.Contains(t, extensions, "Dockerfile") } diff --git a/pkg/remediation/scan.go b/pkg/remediation/scan.go index e48f5648ee0..aa67dda52a9 100644 --- a/pkg/remediation/scan.go +++ b/pkg/remediation/scan.go @@ -95,7 +95,7 @@ func getPayload(filePath string, content []byte, openAPIResolveReferences bool, var err error switch ext { - case ".dockerfile", "Dockerfile", "possibleDockerfile", ".ubi8", ".debian": + case ".dockerfile", "Dockerfile", ".ubi8", ".debian": p, err = parser.NewBuilder().Add(&dockerParser.Parser{}).Build([]string{""}, []string{""}) case terraformExtension: diff --git a/pkg/utils/get_extension_test.go b/pkg/utils/get_extension_test.go index 73f5955effa..442e08c2641 100644 --- a/pkg/utils/get_extension_test.go +++ b/pkg/utils/get_extension_test.go @@ -18,15 +18,106 @@ func TestGetExtension(t *testing.T) { }{ { name: "Get extension from a file named as Dockerfile and without extension defined ('Dockerfile')", - want: "Dockerfile", + want: ".dockerfile", filePath: "../../Dockerfile", toCreate: false, err: nil, }, { - name: "Get extension from a file not named as Dockerfile and without extension defined ('Dockerfile-example')", - want: "possibleDockerfile", - filePath: "../../test/fixtures/dockerfile/Dockerfile-example", + name: "Get extension from a file named as dockerFILE and without extension defined ('dockerFILE')", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/dockerFILE", + toCreate: false, + err: nil, + }, + { + name: "Get extension from a file not named 'dockerfile' with extension defined as Dockerfile ('file.Dockerfile')", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/file.Dockerfile", + toCreate: false, + err: nil, + }, + { + name: "Get extension from a file not named 'dockerfile' with extension defined as DOCKERfile ('file_2.DOCKERfile')", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/file_2.DOCKERfile", + toCreate: false, + err: nil, + }, + { + name: "Get extension from a file named 'Dockerfile' with any extension defined ('Dockerfile.something')", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/Dockerfile.something", + toCreate: false, + err: nil, + }, + { + name: "Get extension from a file named 'DOCKERfile' with any extension defined ('DOCKERfile.txt')", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/DOCKERfile.txt", + toCreate: false, + err: nil, + }, + { + name: "Get extension from a file not named as Dockerfile and without a relevant extension defined ('any_file.txt'), should detect due to parent folder 'docker'", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/test_folder_names/docker/any_file.txt", + toCreate: false, + err: nil, + }, + { + name: "Get extension from a file not named as Dockerfile and without a relevant extension defined ('any_file.txt'), should detect due to parent folder 'Docker'", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/test_folder_names_case/Docker/any_file.txt", + toCreate: false, + err: nil, + }, + { + name: "Get extension from a file not named as Dockerfile and without a relevant extension defined ('any_file.txt'), should detect due to parent folder 'dockerfile'", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/test_folder_names/dockerfile/any_file.txt", + toCreate: false, + err: nil, + }, + { + name: "Get extension from a file not named as Dockerfile and without a relevant extension defined ('any_file.txt'), should detect due to parent folder 'Dockerfile'", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/test_folder_names_case/Dockerfile/any_file.txt", + toCreate: false, + err: nil, + }, + { + name: "Get extension from a file not named as Dockerfile and without a relevant extension defined ('any_file.txt'), should detect due to parent folder 'dockerfiles'", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/test_folder_names/dockerfiles/any_file.txt", + toCreate: false, + err: nil, + }, + { + name: "Get extension from a file not named as Dockerfile and without a relevant extension defined ('any_file.txt'), should detect due to parent folder 'Dockerfiles'", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/test_folder_names_case/Dockerfiles/any_file.txt", + toCreate: false, + err: nil, + }, + { + name: "Get extension from a file not named as Dockerfile and without extension defined ('random_name'), due to parent folder scan will identify dockerfile syntax regardless", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/random_name", + toCreate: false, + err: nil, + }, + { + name: "Get extension from a valid text file with dockerfile syntax and '.ubi8' extension ('any_name.ubi8')", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/any_name.ubi8", + toCreate: false, + err: nil, + }, + { + name: "Get extension from a valid text file with dockerfile syntax and '.debian' extension ('any_name.debian')", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/any_name.debian", toCreate: false, err: nil, }, @@ -44,6 +135,27 @@ func TestGetExtension(t *testing.T) { toCreate: false, err: nil, }, + { + name: "Get literal extension from a file not named as Dockerfile and with extension that is not .dockerfile,.ubi8 or .debian, regardless of text syntax", + want: ".txt", + filePath: "../../test/fixtures/negative_dockerfile/not_dockerfile.txt", + toCreate: false, + err: nil, + }, + { + name: "Get literal extension from a valid text file with '.ubi8' extension that lacks relevant dockerfile syntax('any_name.ubi8')", + want: ".ubi8", + filePath: "../../test/fixtures/negative_dockerfile/not_dockerfile.ubi8", + toCreate: false, + err: nil, + }, + { + name: "Get literal extension from a valid text file with '.debian' extension that lacks relevant dockerfile syntax('any_name.debian')", + want: ".debian", + filePath: "../../test/fixtures/negative_dockerfile/not_dockerfile.debian", + toCreate: false, + err: nil, + }, { name: "Get error when analyze a folder", want: "", diff --git a/test/fixtures/dockerfile/DOCKERfile.txt b/test/fixtures/dockerfile/DOCKERfile.txt new file mode 100644 index 00000000000..6ff5c5c2694 --- /dev/null +++ b/test/fixtures/dockerfile/DOCKERfile.txt @@ -0,0 +1,17 @@ + + + + + + + + + + + + +FROM alpine:3.19 AS builder + +COPY . . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/Dockerfile.something b/test/fixtures/dockerfile/Dockerfile.something new file mode 100644 index 00000000000..9b120bfb8ab --- /dev/null +++ b/test/fixtures/dockerfile/Dockerfile.something @@ -0,0 +1,8 @@ +ARG VERSION=1.0 +ARG BASE_IMAGE=ubuntu:22.04 + +FROM alpine:3.19 AS builder + +COPY . . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/any_name.debian b/test/fixtures/dockerfile/any_name.debian new file mode 100644 index 00000000000..9b120bfb8ab --- /dev/null +++ b/test/fixtures/dockerfile/any_name.debian @@ -0,0 +1,8 @@ +ARG VERSION=1.0 +ARG BASE_IMAGE=ubuntu:22.04 + +FROM alpine:3.19 AS builder + +COPY . . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/any_name.ubi8 b/test/fixtures/dockerfile/any_name.ubi8 new file mode 100644 index 00000000000..9b120bfb8ab --- /dev/null +++ b/test/fixtures/dockerfile/any_name.ubi8 @@ -0,0 +1,8 @@ +ARG VERSION=1.0 +ARG BASE_IMAGE=ubuntu:22.04 + +FROM alpine:3.19 AS builder + +COPY . . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/dockerFILE b/test/fixtures/dockerfile/dockerFILE new file mode 100644 index 00000000000..ca2ebdfb132 --- /dev/null +++ b/test/fixtures/dockerfile/dockerFILE @@ -0,0 +1,7 @@ +ARG BASE_IMAGE=ubuntu:22.04 + +FROM alpine:3.19 AS builder + +COPY . . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/file.Dockerfile b/test/fixtures/dockerfile/file.Dockerfile new file mode 100644 index 00000000000..ca2ebdfb132 --- /dev/null +++ b/test/fixtures/dockerfile/file.Dockerfile @@ -0,0 +1,7 @@ +ARG BASE_IMAGE=ubuntu:22.04 + +FROM alpine:3.19 AS builder + +COPY . . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/file_2.DOCKERfile b/test/fixtures/dockerfile/file_2.DOCKERfile new file mode 100644 index 00000000000..ca2ebdfb132 --- /dev/null +++ b/test/fixtures/dockerfile/file_2.DOCKERfile @@ -0,0 +1,7 @@ +ARG BASE_IMAGE=ubuntu:22.04 + +FROM alpine:3.19 AS builder + +COPY . . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/random_name b/test/fixtures/dockerfile/random_name new file mode 100644 index 00000000000..28b863ff8de --- /dev/null +++ b/test/fixtures/dockerfile/random_name @@ -0,0 +1,7 @@ +ARG BASE_IMAGE=ubuntu:22.04 + +FROM alpine:3.19 AS builder + +COPY . . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ]C:\Users\AndrePer\OneDrive - Checkmarx\Documents\kics\test\fixtures\dockerfile\dockerfile.3 \ No newline at end of file diff --git a/test/fixtures/dockerfile/test_folder_names/docker/any_file.txt b/test/fixtures/dockerfile/test_folder_names/docker/any_file.txt new file mode 100644 index 00000000000..83acf398c06 --- /dev/null +++ b/test/fixtures/dockerfile/test_folder_names/docker/any_file.txt @@ -0,0 +1,5 @@ +FROM alpine:3.19 AS builder + +COPY . . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/test_folder_names/dockerfile/any_file.txt b/test/fixtures/dockerfile/test_folder_names/dockerfile/any_file.txt new file mode 100644 index 00000000000..83acf398c06 --- /dev/null +++ b/test/fixtures/dockerfile/test_folder_names/dockerfile/any_file.txt @@ -0,0 +1,5 @@ +FROM alpine:3.19 AS builder + +COPY . . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/test_folder_names/dockerfiles/any_file.txt b/test/fixtures/dockerfile/test_folder_names/dockerfiles/any_file.txt new file mode 100644 index 00000000000..83acf398c06 --- /dev/null +++ b/test/fixtures/dockerfile/test_folder_names/dockerfiles/any_file.txt @@ -0,0 +1,5 @@ +FROM alpine:3.19 AS builder + +COPY . . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/test_folder_names_case/Docker/any_file.txt b/test/fixtures/dockerfile/test_folder_names_case/Docker/any_file.txt new file mode 100644 index 00000000000..83acf398c06 --- /dev/null +++ b/test/fixtures/dockerfile/test_folder_names_case/Docker/any_file.txt @@ -0,0 +1,5 @@ +FROM alpine:3.19 AS builder + +COPY . . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/test_folder_names_case/Dockerfile/any_file.txt b/test/fixtures/dockerfile/test_folder_names_case/Dockerfile/any_file.txt new file mode 100644 index 00000000000..83acf398c06 --- /dev/null +++ b/test/fixtures/dockerfile/test_folder_names_case/Dockerfile/any_file.txt @@ -0,0 +1,5 @@ +FROM alpine:3.19 AS builder + +COPY . . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/test_folder_names_case/Dockerfiles/any_file.txt b/test/fixtures/dockerfile/test_folder_names_case/Dockerfiles/any_file.txt new file mode 100644 index 00000000000..83acf398c06 --- /dev/null +++ b/test/fixtures/dockerfile/test_folder_names_case/Dockerfiles/any_file.txt @@ -0,0 +1,5 @@ +FROM alpine:3.19 AS builder + +COPY . . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/negative_dockerfile/not_dockerfile.debian b/test/fixtures/negative_dockerfile/not_dockerfile.debian new file mode 100644 index 00000000000..d9e8b4e17a4 --- /dev/null +++ b/test/fixtures/negative_dockerfile/not_dockerfile.debian @@ -0,0 +1,7 @@ +package main + +import "fmt" + +func main() { + fmt.Println("Hello, World!") +} \ No newline at end of file diff --git a/test/fixtures/negative_dockerfile/not_dockerfile.txt b/test/fixtures/negative_dockerfile/not_dockerfile.txt new file mode 100644 index 00000000000..847945a42b0 --- /dev/null +++ b/test/fixtures/negative_dockerfile/not_dockerfile.txt @@ -0,0 +1,3 @@ +# should not flag since name is not "dockerfile" and extension is not .dockerfile, .ubi8 or .debian (.txt) + +FROM alpine:3.19 AS builder \ No newline at end of file diff --git a/test/fixtures/negative_dockerfile/not_dockerfile.ubi8 b/test/fixtures/negative_dockerfile/not_dockerfile.ubi8 new file mode 100644 index 00000000000..3d781ec4ba6 --- /dev/null +++ b/test/fixtures/negative_dockerfile/not_dockerfile.ubi8 @@ -0,0 +1,5 @@ +public class HelloWorld { + public static void main(String[] args) { + System.out.println("Hello, World!"); + } +} \ No newline at end of file From 11ca94219ef164793c67218a7f5b271772979ca3 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Thu, 12 Mar 2026 17:00:28 +0000 Subject: [PATCH 07/29] Added new helper function 'isDockerfileExtension' to get_extension utility to lower cyclomatic complexity --- pkg/utils/get_extension.go | 57 ++++++++++++++++++++------------------ 1 file changed, 30 insertions(+), 27 deletions(-) diff --git a/pkg/utils/get_extension.go b/pkg/utils/get_extension.go index f23f544a313..480f9affd45 100644 --- a/pkg/utils/get_extension.go +++ b/pkg/utils/get_extension.go @@ -14,9 +14,7 @@ import ( // GetExtension gets the extension of a file path func GetExtension(path string) (string, error) { - // Get file information fileInfo, err := os.Stat(path) - extDockerfile := ".dockerfile" if err != nil { return "", fmt.Errorf("file %s not found", path) } @@ -25,44 +23,49 @@ func GetExtension(path string) (string, error) { return "", fmt.Errorf("the path %s is a directory", path) } - base := filepath.Base(path) - if strings.HasPrefix(strings.ToLower(base), "dockerfile.") { - return extDockerfile, nil + if ext, ok := isDockerfileExtension(path); ok { + return ext, nil } ext := filepath.Ext(path) - if strings.EqualFold(ext, ".dockerfile") { - return extDockerfile, nil - } - - dir := strings.ToLower(filepath.Base(filepath.Dir(path))) - if (dir == "docker" || dir == "dockerfile" || dir == "dockerfiles") && readPossibleDockerFile(path) { - return extDockerfile, nil - } - switch ext { case ".ubi8", ".debian": if readPossibleDockerFile(path) { - return extDockerfile, nil + return ".dockerfile", nil } case "": - if base == "tfvars" { - ext = ".tfvars" - } else { - isText, err := isTextFile(path) + if filepath.Base(path) == "tfvars" { + return ".tfvars", nil + } + isText, err := isTextFile(path) + if err != nil { + return "", err + } + if isText && readPossibleDockerFile(path) { + return ".dockerfile", nil + } + } + return ext, nil +} - if err != nil { - return "", err - } +func isDockerfileExtension(path string) (string, bool) { + extDockerfile := ".dockerfile" + base := filepath.Base(path) - if isText && readPossibleDockerFile(path) { - return extDockerfile, nil - } - } + if strings.HasPrefix(strings.ToLower(base), "dockerfile.") { + return extDockerfile, true + } + if strings.EqualFold(filepath.Ext(path), ".dockerfile") { + return extDockerfile, true } - return ext, nil + dir := strings.ToLower(filepath.Base(filepath.Dir(path))) + if (dir == "docker" || dir == "dockerfile" || dir == "dockerfiles") && readPossibleDockerFile(path) { + return extDockerfile, true + } + + return "", false } func readPossibleDockerFile(path string) bool { From 8d4adfbcea84e6194c7d19da7a3a68fcd04fdcb5 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Thu, 12 Mar 2026 17:51:54 +0000 Subject: [PATCH 08/29] reverted accidental query change, fixed linting errors, fixed test errors, fixed 'gitignore' files exclusion, docker parser will handle said case like before but with explicit 'gitignore' extension rather than 'possibleDockerfile' like before --- .../dockerfile/missing_user_instruction/query.rego | 3 +-- pkg/analyzer/analyzer.go | 5 +++++ pkg/remediation/scan.go | 2 +- pkg/utils/get_extension.go | 8 ++++---- 4 files changed, 11 insertions(+), 7 deletions(-) diff --git a/assets/queries/dockerfile/missing_user_instruction/query.rego b/assets/queries/dockerfile/missing_user_instruction/query.rego index b4019390ca0..51913455708 100644 --- a/assets/queries/dockerfile/missing_user_instruction/query.rego +++ b/assets/queries/dockerfile/missing_user_instruction/query.rego @@ -1,7 +1,6 @@ package Cx import data.generic.dockerfile as dockerLib -import data.generic.common as common_lib CxPolicy[result] { resource := input.document[i].command[name] @@ -15,7 +14,7 @@ CxPolicy[result] { "searchKey": sprintf("FROM={{%s}}", [name]), "issueType": "MissingAttribute", "keyExpectedValue": "The 'Dockerfile' should contain the 'USER' instruction", - "keyActualValue": "The 'Dockerfile' does not contain any 'USER' instruction" + "keyActualValue": "The 'Dockerfile' does not contain any 'USER' instruction", } } diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index 8b658d4e8cb..43230a973bf 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -113,6 +113,7 @@ var ( ".conf": true, ".ini": true, ".bicep": true, + "gitignore": true, } supportedRegexes = map[string][]string{ "azureresourcemanager": append(armRegexTypes, arm), @@ -434,6 +435,10 @@ func (a *analyzerInfo) worker( //nolint: gocyclo linesCount, _ := utils.LineCounter(a.filePath, a.fallbackMinifiedFileLOC) switch ext { + case "gitignore": + { + unwanted <- a.filePath + } // Dockerfile case ".dockerfile", "dockerfile": if a.isAvailableType(dockerfile) { diff --git a/pkg/remediation/scan.go b/pkg/remediation/scan.go index aa67dda52a9..112295cd2c6 100644 --- a/pkg/remediation/scan.go +++ b/pkg/remediation/scan.go @@ -95,7 +95,7 @@ func getPayload(filePath string, content []byte, openAPIResolveReferences bool, var err error switch ext { - case ".dockerfile", "Dockerfile", ".ubi8", ".debian": + case ".dockerfile", "Dockerfile", "gitignore", ".ubi8", ".debian": p, err = parser.NewBuilder().Add(&dockerParser.Parser{}).Build([]string{""}, []string{""}) case terraformExtension: diff --git a/pkg/utils/get_extension.go b/pkg/utils/get_extension.go index 480f9affd45..5d7bb20db1e 100644 --- a/pkg/utils/get_extension.go +++ b/pkg/utils/get_extension.go @@ -23,6 +23,10 @@ func GetExtension(path string) (string, error) { return "", fmt.Errorf("the path %s is a directory", path) } + if strings.HasSuffix(filepath.Clean(path), "gitignore") { + return "gitignore", nil + } + if ext, ok := isDockerfileExtension(path); ok { return ext, nil } @@ -69,10 +73,6 @@ func isDockerfileExtension(path string) (string, bool) { } func readPossibleDockerFile(path string) bool { - path = filepath.Clean(path) - if strings.HasSuffix(path, "gitignore") { - return true - } file, err := os.Open(path) if err != nil { return false From bb88ff3a450da8f37c1c951d760c9b2139902fee Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Thu, 12 Mar 2026 18:40:46 +0000 Subject: [PATCH 09/29] linting fix and optimized case of file named dockerfile without extension so that it 1- gets detected regardless of syntax inside 2- gets detected withouth checking syntax inside through the code optimizing detection speed for said files --- pkg/analyzer/analyzer.go | 4 +--- pkg/utils/get_extension.go | 14 ++++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index 43230a973bf..dafa3b11551 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -436,9 +436,7 @@ func (a *analyzerInfo) worker( //nolint: gocyclo switch ext { case "gitignore": - { - unwanted <- a.filePath - } + unwanted <- a.filePath // Dockerfile case ".dockerfile", "dockerfile": if a.isAvailableType(dockerfile) { diff --git a/pkg/utils/get_extension.go b/pkg/utils/get_extension.go index 5d7bb20db1e..1a194e8c395 100644 --- a/pkg/utils/get_extension.go +++ b/pkg/utils/get_extension.go @@ -14,6 +14,7 @@ import ( // GetExtension gets the extension of a file path func GetExtension(path string) (string, error) { + extDockerfile := ".dockerfile" fileInfo, err := os.Stat(path) if err != nil { return "", fmt.Errorf("file %s not found", path) @@ -27,7 +28,7 @@ func GetExtension(path string) (string, error) { return "gitignore", nil } - if ext, ok := isDockerfileExtension(path); ok { + if ext, ok := isDockerfileExtension(path, extDockerfile); ok { return ext, nil } @@ -35,7 +36,7 @@ func GetExtension(path string) (string, error) { switch ext { case ".ubi8", ".debian": if readPossibleDockerFile(path) { - return ".dockerfile", nil + return extDockerfile, nil } case "": if filepath.Base(path) == "tfvars" { @@ -46,17 +47,17 @@ func GetExtension(path string) (string, error) { return "", err } if isText && readPossibleDockerFile(path) { - return ".dockerfile", nil + return extDockerfile, nil } } return ext, nil } -func isDockerfileExtension(path string) (string, bool) { - extDockerfile := ".dockerfile" +func isDockerfileExtension(path string, extDockerfile string) (string, bool) { base := filepath.Base(path) - if strings.HasPrefix(strings.ToLower(base), "dockerfile.") { + lower := strings.ToLower(base) + if lower == "dockerfile" || strings.HasPrefix(lower, "dockerfile.") { return extDockerfile, true } @@ -73,6 +74,7 @@ func isDockerfileExtension(path string) (string, bool) { } func readPossibleDockerFile(path string) bool { + path = filepath.Clean(path) file, err := os.Open(path) if err != nil { return false From 813c9f6193073b2a6ade7c6ef0ee7976547f3933 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Thu, 12 Mar 2026 21:47:45 +0000 Subject: [PATCH 10/29] More changes to fix go lint, d variable so 'dockerfile' is not used twice and minor simplificaton of query arguments --- pkg/utils/get_extension.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkg/utils/get_extension.go b/pkg/utils/get_extension.go index 1a194e8c395..b496cd7c31f 100644 --- a/pkg/utils/get_extension.go +++ b/pkg/utils/get_extension.go @@ -53,20 +53,21 @@ func GetExtension(path string) (string, error) { return ext, nil } -func isDockerfileExtension(path string, extDockerfile string) (string, bool) { +func isDockerfileExtension(path, extDockerfile string) (string, bool) { base := filepath.Base(path) + d := "dockerfile" lower := strings.ToLower(base) - if lower == "dockerfile" || strings.HasPrefix(lower, "dockerfile.") { + if lower == d || strings.HasPrefix(lower, "dockerfile.") { return extDockerfile, true } - if strings.EqualFold(filepath.Ext(path), ".dockerfile") { + if strings.EqualFold(filepath.Ext(path), extDockerfile) { return extDockerfile, true } dir := strings.ToLower(filepath.Base(filepath.Dir(path))) - if (dir == "docker" || dir == "dockerfile" || dir == "dockerfiles") && readPossibleDockerFile(path) { + if (dir == "docker" || dir == d || dir == "dockerfiles") && readPossibleDockerFile(path) { return extDockerfile, true } From f1147e38f902f77e7a9336554e9f27e368934de3 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Fri, 13 Mar 2026 16:41:36 +0000 Subject: [PATCH 11/29] Added samples for case insensitive testing on dockerfiles, added E2E test 105, improved uni tests to include new case insensitive samples --- e2e/fixtures/E2E_CLI_105_PAYLOAD.json | 1896 +++++++++++++++++ e2e/fixtures/E2E_CLI_105_RESULT.json | 492 +++++ .../e2e-cli-075_ansible_host_detected.go | 2 +- .../e2e-cli-105_valid_dockerfile_detected.go | 31 + pkg/utils/get_extension_test.go | 86 +- test/fixtures/dockerfile/Dockerfile-example | 14 +- .../dockerfile/{ => any_name}/DOCKERfile.txt | 0 .../{ => any_name}/Dockerfile.something | 0 .../dockerfile/{ => any_name}/any_name.debian | 0 .../dockerfile/{ => any_name}/any_name.ubi8 | 0 .../{file.Dockerfile => any_name/dockerFILE} | 3 + .../dockerfile/any_name/file.Dockerfile | 10 + .../{ => any_name}/file_2.DOCKERfile | 5 +- .../{dockerFILE => any_name/random_name} | 0 .../case_insensitive_tests/DOCKERfile.txt | 17 + .../Dockerfile.something | 8 + .../case_insensitive_tests/any_name.debian | 8 + .../case_insensitive_tests/any_name.ubi8 | 8 + .../case_insensitive_tests/dockerFILE | 10 + .../case_insensitive_tests/file.Dockerfile | 10 + .../case_insensitive_tests/file_2.DOCKERfile | 8 + .../case_insensitive_tests/random_name | 7 + test/fixtures/dockerfile/random_name | 7 - 23 files changed, 2590 insertions(+), 32 deletions(-) create mode 100644 e2e/fixtures/E2E_CLI_105_PAYLOAD.json create mode 100644 e2e/fixtures/E2E_CLI_105_RESULT.json create mode 100644 e2e/testcases/e2e-cli-105_valid_dockerfile_detected.go rename test/fixtures/dockerfile/{ => any_name}/DOCKERfile.txt (100%) rename test/fixtures/dockerfile/{ => any_name}/Dockerfile.something (100%) rename test/fixtures/dockerfile/{ => any_name}/any_name.debian (100%) rename test/fixtures/dockerfile/{ => any_name}/any_name.ubi8 (100%) rename test/fixtures/dockerfile/{file.Dockerfile => any_name/dockerFILE} (80%) create mode 100644 test/fixtures/dockerfile/any_name/file.Dockerfile rename test/fixtures/dockerfile/{ => any_name}/file_2.DOCKERfile (66%) rename test/fixtures/dockerfile/{dockerFILE => any_name/random_name} (100%) create mode 100644 test/fixtures/dockerfile/case_insensitive_tests/DOCKERfile.txt create mode 100644 test/fixtures/dockerfile/case_insensitive_tests/Dockerfile.something create mode 100644 test/fixtures/dockerfile/case_insensitive_tests/any_name.debian create mode 100644 test/fixtures/dockerfile/case_insensitive_tests/any_name.ubi8 create mode 100644 test/fixtures/dockerfile/case_insensitive_tests/dockerFILE create mode 100644 test/fixtures/dockerfile/case_insensitive_tests/file.Dockerfile create mode 100644 test/fixtures/dockerfile/case_insensitive_tests/file_2.DOCKERfile create mode 100644 test/fixtures/dockerfile/case_insensitive_tests/random_name delete mode 100644 test/fixtures/dockerfile/random_name diff --git a/e2e/fixtures/E2E_CLI_105_PAYLOAD.json b/e2e/fixtures/E2E_CLI_105_PAYLOAD.json new file mode 100644 index 00000000000..d0a6488b123 --- /dev/null +++ b/e2e/fixtures/E2E_CLI_105_PAYLOAD.json @@ -0,0 +1,1896 @@ +{ + "document": [ + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 13, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 13 + }, + { + "Cmd": "copy", + "EndLine": 15, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 15 + }, + { + "Cmd": "healthcheck", + "EndLine": 17, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 17 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "openjdk:10-jdk": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM openjdk:10-jdk", + "SubCmd": "", + "Value": [ + "openjdk:10-jdk" + ], + "_kics_line": 1 + }, + { + "Cmd": "volume", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "VOLUME /tmp", + "SubCmd": "", + "Value": [ + "/tmp" + ], + "_kics_line": 2 + }, + { + "Cmd": "add", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "ADD http://source.file/package.file.tar.gz /temp", + "SubCmd": "", + "Value": [ + "http://source.file/package.file.tar.gz", + "/temp" + ], + "_kics_line": 3 + }, + { + "Cmd": "run", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "RUN tar -xjf /temp/package.file.tar.gz ", + "SubCmd": "", + "Value": [ + "tar -xjf /temp/package.file.tar.gz" + ], + "_kics_line": 4 + }, + { + "Cmd": "arg", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "ARG JAR_FILE", + "SubCmd": "", + "Value": [ + "JAR_FILE" + ], + "_kics_line": 5 + }, + { + "Cmd": "add", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "ADD ${JAR_FILE} app.jar", + "SubCmd": "", + "Value": [ + "${JAR_FILE}", + "app.jar" + ], + "_kics_line": 6 + }, + { + "Cmd": "entrypoint", + "EndLine": 7, + "Flags": [], + "JSON": true, + "Original": "ENTRYPOINT [\"java\",\"-Djava.security.egd=file:/dev/./urandom\",\"-jar\",\"/app.jar\"]", + "SubCmd": "", + "Value": [ + "java", + "-Djava.security.egd=file:/dev/./urandom", + "-jar", + "/app.jar" + ], + "_kics_line": 7 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:latest": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:latest", + "SubCmd": "", + "Value": [ + "alpine:latest" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY {{ file_path }} /test", + "SubCmd": "", + "Value": [ + "{{", + "file_path", + "}}", + "/test" + ], + "_kics_line": 3 + }, + { + "Cmd": "run", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "RUN echo \"failure\"", + "SubCmd": "", + "Value": [ + "echo \"failure\"" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "ARG JAR_FILE", + "SubCmd": "", + "Value": [ + "JAR_FILE" + ], + "_kics_line": 4 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 6 + }, + { + "Cmd": "copy", + "EndLine": 8, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 8 + }, + { + "Cmd": "healthcheck", + "EndLine": 10, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 10 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 6 + }, + { + "Cmd": "copy", + "EndLine": 8, + "Flags": [], + "JSON": false, + "Original": "COPY .. .", + "SubCmd": "", + "Value": [ + "..", + "." + ], + "_kics_line": 8 + }, + { + "Cmd": "healthcheck", + "EndLine": 10, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 10 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "COPY .. .", + "SubCmd": "", + "Value": [ + "..", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 3 + }, + { + "Cmd": "copy", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 5 + }, + { + "Cmd": "healthcheck", + "EndLine": 7, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 7 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 13, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 13 + }, + { + "Cmd": "copy", + "EndLine": 15, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 15 + }, + { + "Cmd": "healthcheck", + "EndLine": 17, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 17 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "openjdk:10-jdk": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "from openjdk:10-jdk", + "SubCmd": "", + "Value": [ + "openjdk:10-jdk" + ], + "_kics_line": 1 + }, + { + "Cmd": "volume", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "volume /tmp", + "SubCmd": "", + "Value": [ + "/tmp" + ], + "_kics_line": 2 + }, + { + "Cmd": "add", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "add http://source.file/package.file.tar.gz /temp", + "SubCmd": "", + "Value": [ + "http://source.file/package.file.tar.gz", + "/temp" + ], + "_kics_line": 3 + }, + { + "Cmd": "run", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "run tar -xjf /temp/package.file.tar.gz ", + "SubCmd": "", + "Value": [ + "tar -xjf /temp/package.file.tar.gz" + ], + "_kics_line": 4 + }, + { + "Cmd": "arg", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "arg JAR_FILE", + "SubCmd": "", + "Value": [ + "JAR_FILE" + ], + "_kics_line": 5 + }, + { + "Cmd": "add", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "add ${JAR_FILE} app.jar", + "SubCmd": "", + "Value": [ + "${JAR_FILE}", + "app.jar" + ], + "_kics_line": 6 + }, + { + "Cmd": "entrypoint", + "EndLine": 7, + "Flags": [], + "JSON": true, + "Original": "entrypoint [\"java\",\"-Djava.security.egd=file:/dev/./urandom\",\"-jar\",\"/app.jar\"]", + "SubCmd": "", + "Value": [ + "java", + "-Djava.security.egd=file:/dev/./urandom", + "-jar", + "/app.jar" + ], + "_kics_line": 7 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:latest": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "from alpine:latest", + "SubCmd": "", + "Value": [ + "alpine:latest" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "copy {{ file_path }} /test", + "SubCmd": "", + "Value": [ + "{{", + "file_path", + "}}", + "/test" + ], + "_kics_line": 3 + }, + { + "Cmd": "run", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "run echo \"failure\"", + "SubCmd": "", + "Value": [ + "echo \"failure\"" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "arg JAR_FILE", + "SubCmd": "", + "Value": [ + "JAR_FILE" + ], + "_kics_line": 4 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 6 + }, + { + "Cmd": "copy", + "EndLine": 8, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 8 + }, + { + "Cmd": "healthcheck", + "EndLine": 10, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 10 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 6 + }, + { + "Cmd": "copy", + "EndLine": 8, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 8 + }, + { + "Cmd": "healthcheck", + "EndLine": 10, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 10 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "copy .. .", + "SubCmd": "", + "Value": [ + "..", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 3 + }, + { + "Cmd": "copy", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 5 + }, + { + "Cmd": "healthcheck", + "EndLine": 7, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 7 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "package", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "package main", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 1 + }, + { + "Cmd": "import", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "import \"fmt\"", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 3 + }, + { + "Cmd": "func", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "func main() {", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 5 + }, + { + "Cmd": "fmt.println(\"hello,", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "fmt.Println(\"Hello, World!\")", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 6 + }, + { + "Cmd": "}", + "EndLine": 7, + "Flags": null, + "JSON": false, + "Original": "}", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 7 + } + ], + "command": {}, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "public", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "public class HelloWorld {", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 1 + }, + { + "Cmd": "public", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "public static void main(String[] args) {", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 2 + }, + { + "Cmd": "system.out.println(\"hello,", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "System.out.println(\"Hello, World!\");", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 3 + }, + { + "Cmd": "}", + "EndLine": 4, + "Flags": null, + "JSON": false, + "Original": "}", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 4 + }, + { + "Cmd": "}", + "EndLine": 5, + "Flags": null, + "JSON": false, + "Original": "}", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 5 + } + ], + "command": {}, + "file": "file", + "id": "0" + } + ] +} diff --git a/e2e/fixtures/E2E_CLI_105_RESULT.json b/e2e/fixtures/E2E_CLI_105_RESULT.json new file mode 100644 index 00000000000..15bba606139 --- /dev/null +++ b/e2e/fixtures/E2E_CLI_105_RESULT.json @@ -0,0 +1,492 @@ +{ + "kics_version": "development", + "files_scanned": 28, + "lines_scanned": 226, + "files_parsed": 28, + "lines_parsed": 218, + "lines_ignored": 8, + "files_failed_to_scan": 0, + "queries_total": 48, + "queries_failed_to_execute": 1, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 25, + "INFO": 0, + "LOW": 6, + "MEDIUM": 4, + "TRACE": 0 + }, + "total_counter": 35, + "total_bom_resources": 0, + "start": "2026-03-13T15:59:29.4211175Z", + "end": "2026-03-13T15:59:30.4080105Z", + "paths": [ + "/path/test/fixtures/dockerfile", + "/path/test/fixtures/negative_dockerfile" + ], + "queries": [ + { + "query_name": "Missing User Instruction", + "query_id": "fd54f200-402c-4333-a5a4-36ef6709af2f", + "query_url": "https://docs.docker.com/engine/reference/builder/#user", + "severity": "HIGH", + "platform": "Dockerfile", + "cwe": "250", + "risk_score": "7.7", + "cloud_provider": "COMMON", + "category": "Build Process", + "experimental": false, + "description": "Always set a user in the runtime stage of your Dockerfile. Without it, the container defaults to root, even if earlier build stages define a user.", + "description_id": "eb49caf6", + "files": [ + { + "file_name": "/path/test/fixtures/dockerfile/any_name/DOCKERfile.txt", + "similarity_id": "5663f110b46dbc0378ff0540fc4a54700c80197a1ced862564f987d4f2e7116d", + "line": 13, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/any_name/file_2.DOCKERfile", + "similarity_id": "29858cfa69a98973cc1ae10f84e66267240bd630126eba2ba15e58a7aa2dd54d", + "line": 4, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/corrupted_dockerfile", + "similarity_id": "c5df5bbf63b3ba015d5e7a528f1c1159545d6b6cd7df31aea7411935822bd295", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:latest}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/dockerFILE", + "similarity_id": "9977ed3614740afd406ca0a86f0df4da5e8680efbb6e9e66ff71ae1dc2d9025f", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 as builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/any_name/file.Dockerfile", + "similarity_id": "1d972910b640dfb968ab630847182b4a19f44b78aeeaa0ef93c96c7e27aa8b6a", + "line": 6, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/test_folder_names_case/Dockerfile/any_file.txt", + "similarity_id": "47d6f707c904f56fe3ca1cc7bce1d2e0ae41d421da983110a5c15fc7e48105df", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/any_name/dockerFILE", + "similarity_id": "e97a5ec241eb063c5757aed13a666c8126e4375ac9aed300cdc72d4ae883dfdc", + "line": 6, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/random_name", + "similarity_id": "4df62f3dddaa0fe84e53c387514ff1ffb2405fb47a80011271dfc6742078a0e8", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 as builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/any_name/random_name", + "similarity_id": "ee3531797486eec98e3dd28ec8cc5f7f6f00743d1cf79cd47f6859df87026f59", + "line": 3, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/test_folder_names/dockerfile/any_file.txt", + "similarity_id": "c2e7f0c0c566a723ff253f4a95e837749faba964ec008551c1f87a7faa476110", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/test_folder_names_case/Docker/any_file.txt", + "similarity_id": "6da391b0e3e24d85f72b3ace5db0569be32ef11e6f9a433b138ae4e0b004df58", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/test_folder_names/dockerfiles/any_file.txt", + "similarity_id": "e150676345e87674484ea970ca810125007b743069646ac448feaba242b7211f", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/Dockerfile-example", + "similarity_id": "4f6a063f2127071c0ee7f63c2fc28f663297e9fa775f1e894789aa97b3d76363", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{openjdk:10-jdk}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/DOCKERfile.txt", + "similarity_id": "f9caf5d57d5872073bc7b7a555a3283708f72c9990689c8d4e6b3ce1957b496a", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 as builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/any_name/any_name.ubi8", + "similarity_id": "4d64348b27180d867de9cf04a51db582786ea6622adb94fb54fdbac03b284769", + "line": 4, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/any_name.debian", + "similarity_id": "c949a1c23fe7c61dea7daac22ce6a13ffb8dec65b4bcbeacc76bf295518e72ef", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 as builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/any_name/Dockerfile-example", + "similarity_id": "e2ce59bd4b3af78da6c5d27b85a6a82131e24d4efbdd7182f03951a17d57e614", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{openjdk:10-jdk}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/any_name/Dockerfile.something", + "similarity_id": "b41a39fe06c21fc69fbd6e8f7b3e2c44e8d0d7a8e2b0e0c251f5d6a174e031ee", + "line": 4, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/test_folder_names_case/Dockerfiles/any_file.txt", + "similarity_id": "b58c4c4ed6c88b82fdf62608154342a31a2de95eaae39716ff4f6ccf1a5bcdda", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/any_name.ubi8", + "similarity_id": "ce95928798897e3f22c2677202d38812030cc2dfb5cf0470d397d7baaf8c1de1", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 as builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/Dockerfile.something", + "similarity_id": "2b1d191f474528c93b66c1f5f891efd3763834725ed4008cbd216702f576ef20", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 as builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/test_folder_names/docker/any_file.txt", + "similarity_id": "9d78b93c92fe63c29dec006a12993b74dc6c6fbf29ae295ff7c6e19136657e2d", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/any_name/corrupted_dockerfile", + "similarity_id": "3b246c7fab3ccd04b8a768ed5ad49fe749bb5b10d8ec9793744b3b7342c8cb43", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:latest}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/file_2.DOCKERfile", + "similarity_id": "b0694a2913d293ea034d0fe62bd549aed2dd316a81fb82b611a7ab901e32b1b6", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "/path/test/fixtures/dockerfile/any_name/any_name.debian", + "similarity_id": "ef335c394fbaebc802c99ba59b1b3ec830043ac020b711efc7cf497752b73429", + "line": 4, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + } + ] + }, + { + "query_name": "Add Instead of Copy", + "query_id": "9513a694-aa0d-41d8-be61-3271e056f36b", + "query_url": "https://docs.docker.com/engine/reference/builder/#add", + "severity": "MEDIUM", + "platform": "Dockerfile", + "cwe": "610", + "risk_score": "5.2", + "category": "Supply-Chain", + "experimental": false, + "description": "Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.", + "description_id": "0aedd324", + "files": [ + { + "file_name": "/path/test/fixtures/dockerfile/any_name/Dockerfile-example", + "similarity_id": "3f6df15f029bab62aac046654e04f787ff09b8c61bc6ccb8abdf11b8a9162886", + "line": 6, + "issue_type": "IncorrectValue", + "search_key": "FROM={{openjdk:10-jdk}}.{{ADD ${JAR_FILE} app.jar}}", + "search_line": -1, + "search_value": "", + "expected_value": "'COPY' ${JAR_FILE}", + "actual_value": "'ADD' ${JAR_FILE}" + }, + { + "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/Dockerfile-example", + "similarity_id": "86a9e39633f72e3a93a6412eb11153740c5eba8edac285ce8046b8e6a1655506", + "line": 1, + "issue_type": "IncorrectValue", + "search_key": "FROM={{openjdk:10-jdk}}.{{add ${JAR_FILE} app.jar}}", + "search_line": -1, + "search_value": "", + "expected_value": "'COPY' ${JAR_FILE}", + "actual_value": "'ADD' ${JAR_FILE}" + } + ] + }, + { + "query_name": "Image Version Using 'latest'", + "query_id": "f45ea400-6bbe-4501-9fc7-1c3d75c32067", + "query_url": "https://docs.docker.com/develop/dev-best-practices/", + "severity": "MEDIUM", + "platform": "Dockerfile", + "cwe": "1357", + "risk_score": "5.1", + "category": "Best Practices", + "experimental": false, + "description": "When building images, always tag them with useful tags which codify version information, intended destination (prod or test, for instance), stability, or other information that is useful when deploying the application in different environments. Do not rely on the automatically-created latest tag", + "description_id": "22f535ec", + "files": [ + { + "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/corrupted_dockerfile", + "similarity_id": "549bf684768e813a7c47c93394adccb913fa19227c01b72a30e1e3628fdff75d", + "line": 1, + "issue_type": "IncorrectValue", + "search_key": "FROM={{alpine:latest}}", + "search_line": -1, + "search_value": "", + "expected_value": "FROM alpine:latest:'version' where version should not be 'latest'", + "actual_value": "FROM alpine:latest'" + }, + { + "file_name": "/path/test/fixtures/dockerfile/any_name/corrupted_dockerfile", + "similarity_id": "5ce04edae6af79859372aa1df8ac452d212b1f9086d023a8929cc4813c4cc8da", + "line": 1, + "issue_type": "IncorrectValue", + "search_key": "FROM={{alpine:latest}}", + "search_line": -1, + "search_value": "", + "expected_value": "FROM alpine:latest:'version' where version should not be 'latest'", + "actual_value": "FROM alpine:latest'" + } + ] + }, + { + "query_name": "Curl or Wget Instead of Add", + "query_id": "4b410d24-1cbe-4430-a632-62c9a931cf1c", + "query_url": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", + "severity": "LOW", + "platform": "Dockerfile", + "cwe": "610", + "risk_score": "2.8", + "category": "Best Practices", + "experimental": false, + "description": "Use of Curl or Wget should be done instead of Add to fetch packages from remote URLs due to the use of Add being strongly discouraged", + "description_id": "29e8216b", + "files": [ + { + "file_name": "/path/test/fixtures/dockerfile/any_name/Dockerfile-example", + "similarity_id": "ead0530c4a2e4acfaa1e4f7146582e526720d6fd1bf423297f0e068017c9868f", + "line": 3, + "issue_type": "IncorrectValue", + "search_key": "FROM={{openjdk:10-jdk}}.{{ADD http://source.file/package.file.tar.gz /temp}}", + "search_line": -1, + "search_value": "", + "expected_value": "Should use 'curl' or 'wget' to download http://source.file/package.file.tar.gz", + "actual_value": "'ADD' http://source.file/package.file.tar.gz" + }, + { + "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/Dockerfile-example", + "similarity_id": "4a41ea8cb8093e0852046f5b11a4c5705e4973525319c92f05ce3935fe7594a8", + "line": 1, + "issue_type": "IncorrectValue", + "search_key": "FROM={{openjdk:10-jdk}}.{{add http://source.file/package.file.tar.gz /temp}}", + "search_line": -1, + "search_value": "", + "expected_value": "Should use 'curl' or 'wget' to download http://source.file/package.file.tar.gz", + "actual_value": "'ADD' http://source.file/package.file.tar.gz" + } + ] + }, + { + "query_name": "Healthcheck Instruction Missing", + "query_id": "b03a748a-542d-44f4-bb86-9199ab4fd2d5", + "query_url": "https://docs.docker.com/engine/reference/builder/#healthcheck", + "severity": "LOW", + "platform": "Dockerfile", + "cwe": "710", + "risk_score": "3.6", + "category": "Insecure Configurations", + "experimental": false, + "description": "Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working", + "description_id": "426121ee", + "files": [ + { + "file_name": "/path/test/fixtures/dockerfile/any_name/Dockerfile-example", + "similarity_id": "2cc23de86e69dec07197cfc0e7266f07f7d6bd6c9e7065f785583d8788a23abb", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{openjdk:10-jdk}}", + "search_line": -1, + "search_value": "", + "expected_value": "Dockerfile should contain instruction 'HEALTHCHECK'", + "actual_value": "Dockerfile doesn't contain instruction 'HEALTHCHECK'" + }, + { + "file_name": "/path/test/fixtures/dockerfile/any_name/corrupted_dockerfile", + "similarity_id": "df38a06e4359d643206a6e67240cbbf070130c75ffeb461f44cca8495ce05014", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:latest}}", + "search_line": -1, + "search_value": "", + "expected_value": "Dockerfile should contain instruction 'HEALTHCHECK'", + "actual_value": "Dockerfile doesn't contain instruction 'HEALTHCHECK'" + }, + { + "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/Dockerfile-example", + "similarity_id": "4b896966a01b1dcd6cccce6a2be286296754da04726aa658062e940ad22ad174", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{openjdk:10-jdk}}", + "search_line": -1, + "search_value": "", + "expected_value": "Dockerfile should contain instruction 'HEALTHCHECK'", + "actual_value": "Dockerfile doesn't contain instruction 'HEALTHCHECK'" + }, + { + "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/corrupted_dockerfile", + "similarity_id": "5144da2a31e3d6a7d59ceae76bb30685fc147794929785906b3d748413409506", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:latest}}", + "search_line": -1, + "search_value": "", + "expected_value": "Dockerfile should contain instruction 'HEALTHCHECK'", + "actual_value": "Dockerfile doesn't contain instruction 'HEALTHCHECK'" + } + ] + } + ] +} diff --git a/e2e/testcases/e2e-cli-075_ansible_host_detected.go b/e2e/testcases/e2e-cli-075_ansible_host_detected.go index 241bf3a7d21..b261a1d32ea 100644 --- a/e2e/testcases/e2e-cli-075_ansible_host_detected.go +++ b/e2e/testcases/e2e-cli-075_ansible_host_detected.go @@ -4,7 +4,7 @@ package testcases // should perform the scan successfully detect ansible and return result 40 func init() { //nolint testSample := TestCase{ - Name: "should perform a valid scan and and detect ansible [E2E-CLI-075]", + Name: "should perform a valid scan and detect ansible [E2E-CLI-075]", Args: args{ Args: []cmdArgs{ []string{"scan", "-o", "/path/e2e/output", diff --git a/e2e/testcases/e2e-cli-105_valid_dockerfile_detected.go b/e2e/testcases/e2e-cli-105_valid_dockerfile_detected.go new file mode 100644 index 00000000000..c58e47a07f5 --- /dev/null +++ b/e2e/testcases/e2e-cli-105_valid_dockerfile_detected.go @@ -0,0 +1,31 @@ +package testcases + +// E2E-CLI-105 - KICS scan +// should perform the scan successfully detect all valid dockerfile documents and return result 50 +func init() { //nolint + testSample := TestCase{ + Name: "should perform a valid scan with all dockerfile documents parsed [E2E-CLI-105]", + Args: args{ + Args: []cmdArgs{ + []string{"scan", "-o", "/path/e2e/output", + "--output-name", "E2E_CLI_105_RESULT", + "-p", "\"/path/test/fixtures/dockerfile\"", + "-p", "\"/path/test/fixtures/negative_dockerfile\"", + "--payload-path", "/path/e2e/output/E2E_CLI_105_PAYLOAD.json", + }, + }, + ExpectedResult: []ResultsValidation{ + { + ResultsFile: "E2E_CLI_105_RESULT", + ResultsFormats: []string{"json"}, + }, + }, + ExpectedPayload: []string{ + "E2E_CLI_105_PAYLOAD.json", + }, + }, + WantStatus: []int{50}, + } + + Tests = append(Tests, testSample) +} diff --git a/pkg/utils/get_extension_test.go b/pkg/utils/get_extension_test.go index 442e08c2641..37df89de556 100644 --- a/pkg/utils/get_extension_test.go +++ b/pkg/utils/get_extension_test.go @@ -26,35 +26,35 @@ func TestGetExtension(t *testing.T) { { name: "Get extension from a file named as dockerFILE and without extension defined ('dockerFILE')", want: ".dockerfile", - filePath: "../../test/fixtures/dockerfile/dockerFILE", + filePath: "../../test/fixtures/dockerfile/any_name/dockerFILE", toCreate: false, err: nil, }, { name: "Get extension from a file not named 'dockerfile' with extension defined as Dockerfile ('file.Dockerfile')", want: ".dockerfile", - filePath: "../../test/fixtures/dockerfile/file.Dockerfile", + filePath: "../../test/fixtures/dockerfile/any_name/file.Dockerfile", toCreate: false, err: nil, }, { name: "Get extension from a file not named 'dockerfile' with extension defined as DOCKERfile ('file_2.DOCKERfile')", want: ".dockerfile", - filePath: "../../test/fixtures/dockerfile/file_2.DOCKERfile", + filePath: "../../test/fixtures/dockerfile/any_name/file_2.DOCKERfile", toCreate: false, err: nil, }, { name: "Get extension from a file named 'Dockerfile' with any extension defined ('Dockerfile.something')", want: ".dockerfile", - filePath: "../../test/fixtures/dockerfile/Dockerfile.something", + filePath: "../../test/fixtures/dockerfile/any_name/Dockerfile.something", toCreate: false, err: nil, }, { name: "Get extension from a file named 'DOCKERfile' with any extension defined ('DOCKERfile.txt')", want: ".dockerfile", - filePath: "../../test/fixtures/dockerfile/DOCKERfile.txt", + filePath: "../../test/fixtures/dockerfile/any_name/DOCKERfile.txt", toCreate: false, err: nil, }, @@ -103,28 +103,21 @@ func TestGetExtension(t *testing.T) { { name: "Get extension from a file not named as Dockerfile and without extension defined ('random_name'), due to parent folder scan will identify dockerfile syntax regardless", want: ".dockerfile", - filePath: "../../test/fixtures/dockerfile/random_name", + filePath: "../../test/fixtures/dockerfile/any_name/random_name", toCreate: false, err: nil, }, { name: "Get extension from a valid text file with dockerfile syntax and '.ubi8' extension ('any_name.ubi8')", want: ".dockerfile", - filePath: "../../test/fixtures/dockerfile/any_name.ubi8", + filePath: "../../test/fixtures/dockerfile/any_name/any_name.ubi8", toCreate: false, err: nil, }, { name: "Get extension from a valid text file with dockerfile syntax and '.debian' extension ('any_name.debian')", want: ".dockerfile", - filePath: "../../test/fixtures/dockerfile/any_name.debian", - toCreate: false, - err: nil, - }, - { - name: "Get extension from a file with extension defined ('positive.tf')", - want: ".tf", - filePath: "../../test/fixtures/all_auth_users_get_read_access/test/positive.tf", + filePath: "../../test/fixtures/dockerfile/any_name/any_name.debian", toCreate: false, err: nil, }, @@ -163,6 +156,69 @@ func TestGetExtension(t *testing.T) { toCreate: true, err: fmt.Errorf("the path %s is a directory", "../../test/fixtures/for_test_folder"), }, + { + name: "Get extension from a file with extension defined ('positive.tf')", + want: ".tf", + filePath: "../../test/fixtures/all_auth_users_get_read_access/test/positive.tf", + toCreate: false, + err: nil, + }, + { + name: "(Case_insensitive_tests) -- Get extension from a file named as dockerFILE and without extension defined ('dockerFILE')", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/case_insensitive_tests/dockerFILE", + toCreate: false, + err: nil, + }, + { + name: "(Case_insensitive_tests) -- Get extension from a file not named 'dockerfile' with extension defined as Dockerfile ('file.Dockerfile')", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/case_insensitive_tests/file.Dockerfile", + toCreate: false, + err: nil, + }, + { + name: "(Case_insensitive_tests) -- Get extension from a file not named 'dockerfile' with extension defined as DOCKERfile ('file_2.DOCKERfile')", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/case_insensitive_tests/file_2.DOCKERfile", + toCreate: false, + err: nil, + }, + { + name: "(Case_insensitive_tests) -- Get extension from a file named 'Dockerfile' with any extension defined ('Dockerfile.something')", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/case_insensitive_tests/Dockerfile.something", + toCreate: false, + err: nil, + }, + { + name: "(Case_insensitive_tests) -- Get extension from a file named 'DOCKERfile' with any extension defined ('DOCKERfile.txt')", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/case_insensitive_tests/DOCKERfile.txt", + toCreate: false, + err: nil, + }, + { + name: "(Case_insensitive_tests) -- Get extension from a file not named as Dockerfile and without extension defined ('random_name'), due to parent folder scan will identify dockerfile syntax regardless", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/case_insensitive_tests/random_name", + toCreate: false, + err: nil, + }, + { + name: "(Case_insensitive_tests) -- Get extension from a valid text file with dockerfile syntax and '.ubi8' extension ('any_name.ubi8')", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/case_insensitive_tests/any_name.ubi8", + toCreate: false, + err: nil, + }, + { + name: "(Case_insensitive_tests) -- Get extension from a valid text file with dockerfile syntax and '.debian' extension ('any_name.debian')", + want: ".dockerfile", + filePath: "../../test/fixtures/dockerfile/case_insensitive_tests/any_name.debian", + toCreate: false, + err: nil, + }, } for _, test := range tests { diff --git a/test/fixtures/dockerfile/Dockerfile-example b/test/fixtures/dockerfile/Dockerfile-example index 4bd67e4f18f..e41733e34fe 100644 --- a/test/fixtures/dockerfile/Dockerfile-example +++ b/test/fixtures/dockerfile/Dockerfile-example @@ -1,7 +1,7 @@ -FROM openjdk:10-jdk -VOLUME /tmp -ADD http://source.file/package.file.tar.gz /temp -RUN tar -xjf /temp/package.file.tar.gz -ARG JAR_FILE -ADD ${JAR_FILE} app.jar -ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"] +from openjdk:10-jdk +volume /tmp +add http://source.file/package.file.tar.gz /temp +run tar -xjf /temp/package.file.tar.gz +arg JAR_FILE +add ${JAR_FILE} app.jar +entrypoint ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"] diff --git a/test/fixtures/dockerfile/DOCKERfile.txt b/test/fixtures/dockerfile/any_name/DOCKERfile.txt similarity index 100% rename from test/fixtures/dockerfile/DOCKERfile.txt rename to test/fixtures/dockerfile/any_name/DOCKERfile.txt diff --git a/test/fixtures/dockerfile/Dockerfile.something b/test/fixtures/dockerfile/any_name/Dockerfile.something similarity index 100% rename from test/fixtures/dockerfile/Dockerfile.something rename to test/fixtures/dockerfile/any_name/Dockerfile.something diff --git a/test/fixtures/dockerfile/any_name.debian b/test/fixtures/dockerfile/any_name/any_name.debian similarity index 100% rename from test/fixtures/dockerfile/any_name.debian rename to test/fixtures/dockerfile/any_name/any_name.debian diff --git a/test/fixtures/dockerfile/any_name.ubi8 b/test/fixtures/dockerfile/any_name/any_name.ubi8 similarity index 100% rename from test/fixtures/dockerfile/any_name.ubi8 rename to test/fixtures/dockerfile/any_name/any_name.ubi8 diff --git a/test/fixtures/dockerfile/file.Dockerfile b/test/fixtures/dockerfile/any_name/dockerFILE similarity index 80% rename from test/fixtures/dockerfile/file.Dockerfile rename to test/fixtures/dockerfile/any_name/dockerFILE index ca2ebdfb132..151a7d85c3b 100644 --- a/test/fixtures/dockerfile/file.Dockerfile +++ b/test/fixtures/dockerfile/any_name/dockerFILE @@ -1,5 +1,8 @@ ARG BASE_IMAGE=ubuntu:22.04 +# Comments between arg +ARG JAR_FILE + FROM alpine:3.19 AS builder COPY . . diff --git a/test/fixtures/dockerfile/any_name/file.Dockerfile b/test/fixtures/dockerfile/any_name/file.Dockerfile new file mode 100644 index 00000000000..3a7f648d220 --- /dev/null +++ b/test/fixtures/dockerfile/any_name/file.Dockerfile @@ -0,0 +1,10 @@ +# Comments before arg +ARG BASE_IMAGE=ubuntu:22.04 + +# Comments after arg + +FROM alpine:3.19 AS builder + +COPY .. . + +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] diff --git a/test/fixtures/dockerfile/file_2.DOCKERfile b/test/fixtures/dockerfile/any_name/file_2.DOCKERfile similarity index 66% rename from test/fixtures/dockerfile/file_2.DOCKERfile rename to test/fixtures/dockerfile/any_name/file_2.DOCKERfile index ca2ebdfb132..589ac77f479 100644 --- a/test/fixtures/dockerfile/file_2.DOCKERfile +++ b/test/fixtures/dockerfile/any_name/file_2.DOCKERfile @@ -1,7 +1,8 @@ ARG BASE_IMAGE=ubuntu:22.04 +# Comments before FROM FROM alpine:3.19 AS builder -COPY . . +COPY .. . -HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] \ No newline at end of file +HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] diff --git a/test/fixtures/dockerfile/dockerFILE b/test/fixtures/dockerfile/any_name/random_name similarity index 100% rename from test/fixtures/dockerfile/dockerFILE rename to test/fixtures/dockerfile/any_name/random_name diff --git a/test/fixtures/dockerfile/case_insensitive_tests/DOCKERfile.txt b/test/fixtures/dockerfile/case_insensitive_tests/DOCKERfile.txt new file mode 100644 index 00000000000..453f5147d38 --- /dev/null +++ b/test/fixtures/dockerfile/case_insensitive_tests/DOCKERfile.txt @@ -0,0 +1,17 @@ + + + + + + + + + + + + +from alpine:3.19 as builder + +copy . . + +healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/case_insensitive_tests/Dockerfile.something b/test/fixtures/dockerfile/case_insensitive_tests/Dockerfile.something new file mode 100644 index 00000000000..104b1d85e89 --- /dev/null +++ b/test/fixtures/dockerfile/case_insensitive_tests/Dockerfile.something @@ -0,0 +1,8 @@ +arg VERSION=1.0 +arg BASE_IMAGE=ubuntu:22.04 + +from alpine:3.19 as builder + +copy . . + +healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/case_insensitive_tests/any_name.debian b/test/fixtures/dockerfile/case_insensitive_tests/any_name.debian new file mode 100644 index 00000000000..104b1d85e89 --- /dev/null +++ b/test/fixtures/dockerfile/case_insensitive_tests/any_name.debian @@ -0,0 +1,8 @@ +arg VERSION=1.0 +arg BASE_IMAGE=ubuntu:22.04 + +from alpine:3.19 as builder + +copy . . + +healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/case_insensitive_tests/any_name.ubi8 b/test/fixtures/dockerfile/case_insensitive_tests/any_name.ubi8 new file mode 100644 index 00000000000..104b1d85e89 --- /dev/null +++ b/test/fixtures/dockerfile/case_insensitive_tests/any_name.ubi8 @@ -0,0 +1,8 @@ +arg VERSION=1.0 +arg BASE_IMAGE=ubuntu:22.04 + +from alpine:3.19 as builder + +copy . . + +healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/case_insensitive_tests/dockerFILE b/test/fixtures/dockerfile/case_insensitive_tests/dockerFILE new file mode 100644 index 00000000000..a9b4c423e2c --- /dev/null +++ b/test/fixtures/dockerfile/case_insensitive_tests/dockerFILE @@ -0,0 +1,10 @@ +arg BASE_IMAGE=ubuntu:22.04 + +# Comments between arg +arg JAR_FILE + +from alpine:3.19 as builder + +copy . . + +healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/case_insensitive_tests/file.Dockerfile b/test/fixtures/dockerfile/case_insensitive_tests/file.Dockerfile new file mode 100644 index 00000000000..66464c06378 --- /dev/null +++ b/test/fixtures/dockerfile/case_insensitive_tests/file.Dockerfile @@ -0,0 +1,10 @@ +# Comments before arg +arg BASE_IMAGE=ubuntu:22.04 + +# Comments after arg + +from alpine:3.19 as builder + +copy . . + +healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ "executable" ] diff --git a/test/fixtures/dockerfile/case_insensitive_tests/file_2.DOCKERfile b/test/fixtures/dockerfile/case_insensitive_tests/file_2.DOCKERfile new file mode 100644 index 00000000000..b09209f5e55 --- /dev/null +++ b/test/fixtures/dockerfile/case_insensitive_tests/file_2.DOCKERfile @@ -0,0 +1,8 @@ +arg BASE_IMAGE=ubuntu:22.04 +# Comments before from + +from alpine:3.19 AS builder + +copy .. . + +healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ "executable" ] diff --git a/test/fixtures/dockerfile/case_insensitive_tests/random_name b/test/fixtures/dockerfile/case_insensitive_tests/random_name new file mode 100644 index 00000000000..424b06c294c --- /dev/null +++ b/test/fixtures/dockerfile/case_insensitive_tests/random_name @@ -0,0 +1,7 @@ +arg BASE_IMAGE=ubuntu:22.04 + +from alpine:3.19 as builder + +copy . . + +healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ "executable" ] \ No newline at end of file diff --git a/test/fixtures/dockerfile/random_name b/test/fixtures/dockerfile/random_name deleted file mode 100644 index 28b863ff8de..00000000000 --- a/test/fixtures/dockerfile/random_name +++ /dev/null @@ -1,7 +0,0 @@ -ARG BASE_IMAGE=ubuntu:22.04 - -FROM alpine:3.19 AS builder - -COPY . . - -HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ]C:\Users\AndrePer\OneDrive - Checkmarx\Documents\kics\test\fixtures\dockerfile\dockerfile.3 \ No newline at end of file From f47018c61fced8cebeea3714af68bd08ef096b80 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Fri, 13 Mar 2026 17:58:14 +0000 Subject: [PATCH 12/29] fix for E2E --- e2e/fixtures/E2E_CLI_105_PAYLOAD.json | 3642 ++++++++--------- e2e/fixtures/E2E_CLI_105_RESULT.json | 903 ++-- .../e2e-cli-105_valid_dockerfile_detected.go | 4 +- test/fixtures/dockerfile/Dockerfile-example | 14 +- 4 files changed, 2170 insertions(+), 2393 deletions(-) diff --git a/e2e/fixtures/E2E_CLI_105_PAYLOAD.json b/e2e/fixtures/E2E_CLI_105_PAYLOAD.json index d0a6488b123..d48c034cde2 100644 --- a/e2e/fixtures/E2E_CLI_105_PAYLOAD.json +++ b/e2e/fixtures/E2E_CLI_105_PAYLOAD.json @@ -1,1896 +1,1750 @@ { - "document": [ - { - "args": [], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 13, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 13 - }, - { - "Cmd": "copy", - "EndLine": 15, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 15 - }, - { - "Cmd": "healthcheck", - "EndLine": 17, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 17 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "openjdk:10-jdk": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM openjdk:10-jdk", - "SubCmd": "", - "Value": [ - "openjdk:10-jdk" - ], - "_kics_line": 1 - }, - { - "Cmd": "volume", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "VOLUME /tmp", - "SubCmd": "", - "Value": [ - "/tmp" - ], - "_kics_line": 2 - }, - { - "Cmd": "add", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "ADD http://source.file/package.file.tar.gz /temp", - "SubCmd": "", - "Value": [ - "http://source.file/package.file.tar.gz", - "/temp" - ], - "_kics_line": 3 - }, - { - "Cmd": "run", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "RUN tar -xjf /temp/package.file.tar.gz ", - "SubCmd": "", - "Value": [ - "tar -xjf /temp/package.file.tar.gz" - ], - "_kics_line": 4 - }, - { - "Cmd": "arg", - "EndLine": 5, - "Flags": [], - "JSON": false, - "Original": "ARG JAR_FILE", - "SubCmd": "", - "Value": [ - "JAR_FILE" - ], - "_kics_line": 5 - }, - { - "Cmd": "add", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "ADD ${JAR_FILE} app.jar", - "SubCmd": "", - "Value": [ - "${JAR_FILE}", - "app.jar" - ], - "_kics_line": 6 - }, - { - "Cmd": "entrypoint", - "EndLine": 7, - "Flags": [], - "JSON": true, - "Original": "ENTRYPOINT [\"java\",\"-Djava.security.egd=file:/dev/./urandom\",\"-jar\",\"/app.jar\"]", - "SubCmd": "", - "Value": [ - "java", - "-Djava.security.egd=file:/dev/./urandom", - "-jar", - "/app.jar" - ], - "_kics_line": 7 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "ARG VERSION=1.0", - "SubCmd": "", - "Value": [ - "VERSION=1.0" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "ARG BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "ARG VERSION=1.0", - "SubCmd": "", - "Value": [ - "VERSION=1.0" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "ARG BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "ARG VERSION=1.0", - "SubCmd": "", - "Value": [ - "VERSION=1.0" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "ARG BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:latest": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:latest", - "SubCmd": "", - "Value": [ - "alpine:latest" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "COPY {{ file_path }} /test", - "SubCmd": "", - "Value": [ - "{{", - "file_path", - "}}", - "/test" - ], - "_kics_line": 3 - }, - { - "Cmd": "run", - "EndLine": 5, - "Flags": [], - "JSON": false, - "Original": "RUN echo \"failure\"", - "SubCmd": "", - "Value": [ - "echo \"failure\"" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "ARG BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "ARG JAR_FILE", - "SubCmd": "", - "Value": [ - "JAR_FILE" - ], - "_kics_line": 4 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 6 - }, - { - "Cmd": "copy", - "EndLine": 8, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 8 - }, - { - "Cmd": "healthcheck", - "EndLine": 10, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 10 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "ARG BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 6 - }, - { - "Cmd": "copy", - "EndLine": 8, - "Flags": [], - "JSON": false, - "Original": "COPY .. .", - "SubCmd": "", - "Value": [ - "..", - "." - ], - "_kics_line": 8 - }, - { - "Cmd": "healthcheck", - "EndLine": 10, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 10 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "ARG BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 1 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "COPY .. .", - "SubCmd": "", - "Value": [ - "..", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "ARG BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 1 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 3 - }, - { - "Cmd": "copy", - "EndLine": 5, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 5 - }, - { - "Cmd": "healthcheck", - "EndLine": 7, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 7 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 as builder": [ - { - "Cmd": "from", - "EndLine": 13, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 as builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "as", - "builder" - ], - "_kics_line": 13 - }, - { - "Cmd": "copy", - "EndLine": 15, - "Flags": [], - "JSON": false, - "Original": "copy . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 15 - }, - { - "Cmd": "healthcheck", - "EndLine": 17, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 17 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "openjdk:10-jdk": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "from openjdk:10-jdk", - "SubCmd": "", - "Value": [ - "openjdk:10-jdk" - ], - "_kics_line": 1 - }, - { - "Cmd": "volume", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "volume /tmp", - "SubCmd": "", - "Value": [ - "/tmp" - ], - "_kics_line": 2 - }, - { - "Cmd": "add", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "add http://source.file/package.file.tar.gz /temp", - "SubCmd": "", - "Value": [ - "http://source.file/package.file.tar.gz", - "/temp" - ], - "_kics_line": 3 - }, - { - "Cmd": "run", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "run tar -xjf /temp/package.file.tar.gz ", - "SubCmd": "", - "Value": [ - "tar -xjf /temp/package.file.tar.gz" - ], - "_kics_line": 4 - }, - { - "Cmd": "arg", - "EndLine": 5, - "Flags": [], - "JSON": false, - "Original": "arg JAR_FILE", - "SubCmd": "", - "Value": [ - "JAR_FILE" - ], - "_kics_line": 5 - }, - { - "Cmd": "add", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "add ${JAR_FILE} app.jar", - "SubCmd": "", - "Value": [ - "${JAR_FILE}", - "app.jar" - ], - "_kics_line": 6 - }, - { - "Cmd": "entrypoint", - "EndLine": 7, - "Flags": [], - "JSON": true, - "Original": "entrypoint [\"java\",\"-Djava.security.egd=file:/dev/./urandom\",\"-jar\",\"/app.jar\"]", - "SubCmd": "", - "Value": [ - "java", - "-Djava.security.egd=file:/dev/./urandom", - "-jar", - "/app.jar" - ], - "_kics_line": 7 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "arg VERSION=1.0", - "SubCmd": "", - "Value": [ - "VERSION=1.0" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "arg BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 as builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 as builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "as", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "copy . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "arg VERSION=1.0", - "SubCmd": "", - "Value": [ - "VERSION=1.0" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "arg BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 as builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 as builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "as", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "copy . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "arg VERSION=1.0", - "SubCmd": "", - "Value": [ - "VERSION=1.0" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "arg BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 as builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 as builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "as", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "copy . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:latest": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "from alpine:latest", - "SubCmd": "", - "Value": [ - "alpine:latest" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "copy {{ file_path }} /test", - "SubCmd": "", - "Value": [ - "{{", - "file_path", - "}}", - "/test" - ], - "_kics_line": 3 - }, - { - "Cmd": "run", - "EndLine": 5, - "Flags": [], - "JSON": false, - "Original": "run echo \"failure\"", - "SubCmd": "", - "Value": [ - "echo \"failure\"" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "arg BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "arg JAR_FILE", - "SubCmd": "", - "Value": [ - "JAR_FILE" - ], - "_kics_line": 4 - } - ], - "command": { - "alpine:3.19 as builder": [ - { - "Cmd": "from", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 as builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "as", - "builder" - ], - "_kics_line": 6 - }, - { - "Cmd": "copy", - "EndLine": 8, - "Flags": [], - "JSON": false, - "Original": "copy . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 8 - }, - { - "Cmd": "healthcheck", - "EndLine": 10, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 10 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "arg BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 as builder": [ - { - "Cmd": "from", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 as builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "as", - "builder" - ], - "_kics_line": 6 - }, - { - "Cmd": "copy", - "EndLine": 8, - "Flags": [], - "JSON": false, - "Original": "copy . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 8 - }, - { - "Cmd": "healthcheck", - "EndLine": 10, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 10 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "arg BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 1 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "copy .. .", - "SubCmd": "", - "Value": [ - "..", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "arg BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 1 - } - ], - "command": { - "alpine:3.19 as builder": [ - { - "Cmd": "from", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 as builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "as", - "builder" - ], - "_kics_line": 3 - }, - { - "Cmd": "copy", - "EndLine": 5, - "Flags": [], - "JSON": false, - "Original": "copy . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 5 - }, - { - "Cmd": "healthcheck", - "EndLine": 7, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 7 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 3 - }, - { - "Cmd": "healthcheck", - "EndLine": 5, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 3 - }, - { - "Cmd": "healthcheck", - "EndLine": 5, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 3 - }, - { - "Cmd": "healthcheck", - "EndLine": 5, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 3 - }, - { - "Cmd": "healthcheck", - "EndLine": 5, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 3 - }, - { - "Cmd": "healthcheck", - "EndLine": 5, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 3 - }, - { - "Cmd": "healthcheck", - "EndLine": 5, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "package", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "package main", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 1 - }, - { - "Cmd": "import", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "import \"fmt\"", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 3 - }, - { - "Cmd": "func", - "EndLine": 5, - "Flags": [], - "JSON": false, - "Original": "func main() {", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 5 - }, - { - "Cmd": "fmt.println(\"hello,", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "fmt.Println(\"Hello, World!\")", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 6 - }, - { - "Cmd": "}", - "EndLine": 7, - "Flags": null, - "JSON": false, - "Original": "}", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 7 - } - ], - "command": {}, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "public", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "public class HelloWorld {", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 1 - }, - { - "Cmd": "public", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "public static void main(String[] args) {", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 2 - }, - { - "Cmd": "system.out.println(\"hello,", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "System.out.println(\"Hello, World!\");", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 3 - }, - { - "Cmd": "}", - "EndLine": 4, - "Flags": null, - "JSON": false, - "Original": "}", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 4 - }, - { - "Cmd": "}", - "EndLine": 5, - "Flags": null, - "JSON": false, - "Original": "}", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 5 - } - ], - "command": {}, - "file": "file", - "id": "0" - } - ] + "document": [ + { + "args": [], + "command": { + "openjdk:10-jdk": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM openjdk:10-jdk", + "SubCmd": "", + "Value": [ + "openjdk:10-jdk" + ], + "_kics_line": 1 + }, + { + "Cmd": "volume", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "VOLUME /tmp", + "SubCmd": "", + "Value": [ + "/tmp" + ], + "_kics_line": 2 + }, + { + "Cmd": "add", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "ADD http://source.file/package.file.tar.gz /temp", + "SubCmd": "", + "Value": [ + "http://source.file/package.file.tar.gz", + "/temp" + ], + "_kics_line": 3 + }, + { + "Cmd": "run", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "RUN tar -xjf /temp/package.file.tar.gz", + "SubCmd": "", + "Value": [ + "tar -xjf /temp/package.file.tar.gz" + ], + "_kics_line": 4 + }, + { + "Cmd": "arg", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "ARG JAR_FILE", + "SubCmd": "", + "Value": [ + "JAR_FILE" + ], + "_kics_line": 5 + }, + { + "Cmd": "add", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "ADD ${JAR_FILE} app.jar", + "SubCmd": "", + "Value": [ + "${JAR_FILE}", + "app.jar" + ], + "_kics_line": 6 + }, + { + "Cmd": "entrypoint", + "EndLine": 7, + "Flags": [], + "JSON": true, + "Original": "ENTRYPOINT [\"java\",\"-Djava.security.egd=file:/dev/./urandom\",\"-jar\",\"/app.jar\"]", + "SubCmd": "", + "Value": [ + "java", + "-Djava.security.egd=file:/dev/./urandom", + "-jar", + "/app.jar" + ], + "_kics_line": 7 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 13, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 13 + }, + { + "Cmd": "copy", + "EndLine": 15, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 15 + }, + { + "Cmd": "healthcheck", + "EndLine": 17, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 17 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "ARG JAR_FILE", + "SubCmd": "", + "Value": [ + "JAR_FILE" + ], + "_kics_line": 4 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 6 + }, + { + "Cmd": "copy", + "EndLine": 8, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 8 + }, + { + "Cmd": "healthcheck", + "EndLine": 10, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 10 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 6 + }, + { + "Cmd": "copy", + "EndLine": 8, + "Flags": [], + "JSON": false, + "Original": "COPY .. .", + "SubCmd": "", + "Value": [ + "..", + "." + ], + "_kics_line": 8 + }, + { + "Cmd": "healthcheck", + "EndLine": 10, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 10 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "COPY .. .", + "SubCmd": "", + "Value": [ + "..", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 3 + }, + { + "Cmd": "copy", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 5 + }, + { + "Cmd": "healthcheck", + "EndLine": 7, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 7 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 13, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 13 + }, + { + "Cmd": "copy", + "EndLine": 15, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 15 + }, + { + "Cmd": "healthcheck", + "EndLine": 17, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 17 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "arg JAR_FILE", + "SubCmd": "", + "Value": [ + "JAR_FILE" + ], + "_kics_line": 4 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 6 + }, + { + "Cmd": "copy", + "EndLine": 8, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 8 + }, + { + "Cmd": "healthcheck", + "EndLine": 10, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 10 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 6 + }, + { + "Cmd": "copy", + "EndLine": 8, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 8 + }, + { + "Cmd": "healthcheck", + "EndLine": 10, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 10 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "copy .. .", + "SubCmd": "", + "Value": [ + "..", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 3 + }, + { + "Cmd": "copy", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 5 + }, + { + "Cmd": "healthcheck", + "EndLine": 7, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 7 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:latest": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:latest", + "SubCmd": "", + "Value": [ + "alpine:latest" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY {{ file_path }} /test", + "SubCmd": "", + "Value": [ + "{{", + "file_path", + "}}", + "/test" + ], + "_kics_line": 3 + }, + { + "Cmd": "run", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "RUN echo \"failure\"", + "SubCmd": "", + "Value": [ + "echo \"failure\"" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "package", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "package main", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 1 + }, + { + "Cmd": "import", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "import \"fmt\"", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 3 + }, + { + "Cmd": "func", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "func main() {", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 5 + }, + { + "Cmd": "fmt.println(\"hello,", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "fmt.Println(\"Hello, World!\")", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 6 + }, + { + "Cmd": "}", + "EndLine": 7, + "Flags": null, + "JSON": false, + "Original": "}", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 7 + } + ], + "command": {}, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "public", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "public class HelloWorld {", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 1 + }, + { + "Cmd": "public", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "public static void main(String[] args) {", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 2 + }, + { + "Cmd": "system.out.println(\"hello,", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "System.out.println(\"Hello, World!\");", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 3 + }, + { + "Cmd": "}", + "EndLine": 4, + "Flags": null, + "JSON": false, + "Original": "}", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 4 + }, + { + "Cmd": "}", + "EndLine": 5, + "Flags": null, + "JSON": false, + "Original": "}", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 5 + } + ], + "command": {}, + "file": "file", + "id": "0" + } + ] } diff --git a/e2e/fixtures/E2E_CLI_105_RESULT.json b/e2e/fixtures/E2E_CLI_105_RESULT.json index 15bba606139..5c4c55498d8 100644 --- a/e2e/fixtures/E2E_CLI_105_RESULT.json +++ b/e2e/fixtures/E2E_CLI_105_RESULT.json @@ -1,492 +1,415 @@ { - "kics_version": "development", - "files_scanned": 28, - "lines_scanned": 226, - "files_parsed": 28, - "lines_parsed": 218, - "lines_ignored": 8, - "files_failed_to_scan": 0, - "queries_total": 48, - "queries_failed_to_execute": 1, - "queries_failed_to_compute_similarity_id": 0, - "scan_id": "console", - "severity_counters": { - "CRITICAL": 0, - "HIGH": 25, - "INFO": 0, - "LOW": 6, - "MEDIUM": 4, - "TRACE": 0 - }, - "total_counter": 35, - "total_bom_resources": 0, - "start": "2026-03-13T15:59:29.4211175Z", - "end": "2026-03-13T15:59:30.4080105Z", - "paths": [ - "/path/test/fixtures/dockerfile", - "/path/test/fixtures/negative_dockerfile" - ], - "queries": [ - { - "query_name": "Missing User Instruction", - "query_id": "fd54f200-402c-4333-a5a4-36ef6709af2f", - "query_url": "https://docs.docker.com/engine/reference/builder/#user", - "severity": "HIGH", - "platform": "Dockerfile", - "cwe": "250", - "risk_score": "7.7", - "cloud_provider": "COMMON", - "category": "Build Process", - "experimental": false, - "description": "Always set a user in the runtime stage of your Dockerfile. Without it, the container defaults to root, even if earlier build stages define a user.", - "description_id": "eb49caf6", - "files": [ - { - "file_name": "/path/test/fixtures/dockerfile/any_name/DOCKERfile.txt", - "similarity_id": "5663f110b46dbc0378ff0540fc4a54700c80197a1ced862564f987d4f2e7116d", - "line": 13, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/any_name/file_2.DOCKERfile", - "similarity_id": "29858cfa69a98973cc1ae10f84e66267240bd630126eba2ba15e58a7aa2dd54d", - "line": 4, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/corrupted_dockerfile", - "similarity_id": "c5df5bbf63b3ba015d5e7a528f1c1159545d6b6cd7df31aea7411935822bd295", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:latest}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/dockerFILE", - "similarity_id": "9977ed3614740afd406ca0a86f0df4da5e8680efbb6e9e66ff71ae1dc2d9025f", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 as builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/any_name/file.Dockerfile", - "similarity_id": "1d972910b640dfb968ab630847182b4a19f44b78aeeaa0ef93c96c7e27aa8b6a", - "line": 6, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/test_folder_names_case/Dockerfile/any_file.txt", - "similarity_id": "47d6f707c904f56fe3ca1cc7bce1d2e0ae41d421da983110a5c15fc7e48105df", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/any_name/dockerFILE", - "similarity_id": "e97a5ec241eb063c5757aed13a666c8126e4375ac9aed300cdc72d4ae883dfdc", - "line": 6, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/random_name", - "similarity_id": "4df62f3dddaa0fe84e53c387514ff1ffb2405fb47a80011271dfc6742078a0e8", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 as builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/any_name/random_name", - "similarity_id": "ee3531797486eec98e3dd28ec8cc5f7f6f00743d1cf79cd47f6859df87026f59", - "line": 3, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/test_folder_names/dockerfile/any_file.txt", - "similarity_id": "c2e7f0c0c566a723ff253f4a95e837749faba964ec008551c1f87a7faa476110", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/test_folder_names_case/Docker/any_file.txt", - "similarity_id": "6da391b0e3e24d85f72b3ace5db0569be32ef11e6f9a433b138ae4e0b004df58", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/test_folder_names/dockerfiles/any_file.txt", - "similarity_id": "e150676345e87674484ea970ca810125007b743069646ac448feaba242b7211f", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/Dockerfile-example", - "similarity_id": "4f6a063f2127071c0ee7f63c2fc28f663297e9fa775f1e894789aa97b3d76363", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{openjdk:10-jdk}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/DOCKERfile.txt", - "similarity_id": "f9caf5d57d5872073bc7b7a555a3283708f72c9990689c8d4e6b3ce1957b496a", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 as builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/any_name/any_name.ubi8", - "similarity_id": "4d64348b27180d867de9cf04a51db582786ea6622adb94fb54fdbac03b284769", - "line": 4, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/any_name.debian", - "similarity_id": "c949a1c23fe7c61dea7daac22ce6a13ffb8dec65b4bcbeacc76bf295518e72ef", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 as builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/any_name/Dockerfile-example", - "similarity_id": "e2ce59bd4b3af78da6c5d27b85a6a82131e24d4efbdd7182f03951a17d57e614", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{openjdk:10-jdk}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/any_name/Dockerfile.something", - "similarity_id": "b41a39fe06c21fc69fbd6e8f7b3e2c44e8d0d7a8e2b0e0c251f5d6a174e031ee", - "line": 4, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/test_folder_names_case/Dockerfiles/any_file.txt", - "similarity_id": "b58c4c4ed6c88b82fdf62608154342a31a2de95eaae39716ff4f6ccf1a5bcdda", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/any_name.ubi8", - "similarity_id": "ce95928798897e3f22c2677202d38812030cc2dfb5cf0470d397d7baaf8c1de1", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 as builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/Dockerfile.something", - "similarity_id": "2b1d191f474528c93b66c1f5f891efd3763834725ed4008cbd216702f576ef20", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 as builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/test_folder_names/docker/any_file.txt", - "similarity_id": "9d78b93c92fe63c29dec006a12993b74dc6c6fbf29ae295ff7c6e19136657e2d", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/any_name/corrupted_dockerfile", - "similarity_id": "3b246c7fab3ccd04b8a768ed5ad49fe749bb5b10d8ec9793744b3b7342c8cb43", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:latest}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/file_2.DOCKERfile", - "similarity_id": "b0694a2913d293ea034d0fe62bd549aed2dd316a81fb82b611a7ab901e32b1b6", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - }, - { - "file_name": "/path/test/fixtures/dockerfile/any_name/any_name.debian", - "similarity_id": "ef335c394fbaebc802c99ba59b1b3ec830043ac020b711efc7cf497752b73429", - "line": 4, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:3.19 AS builder}}", - "search_line": -1, - "search_value": "", - "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", - "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" - } - ] - }, - { - "query_name": "Add Instead of Copy", - "query_id": "9513a694-aa0d-41d8-be61-3271e056f36b", - "query_url": "https://docs.docker.com/engine/reference/builder/#add", - "severity": "MEDIUM", - "platform": "Dockerfile", - "cwe": "610", - "risk_score": "5.2", - "category": "Supply-Chain", - "experimental": false, - "description": "Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.", - "description_id": "0aedd324", - "files": [ - { - "file_name": "/path/test/fixtures/dockerfile/any_name/Dockerfile-example", - "similarity_id": "3f6df15f029bab62aac046654e04f787ff09b8c61bc6ccb8abdf11b8a9162886", - "line": 6, - "issue_type": "IncorrectValue", - "search_key": "FROM={{openjdk:10-jdk}}.{{ADD ${JAR_FILE} app.jar}}", - "search_line": -1, - "search_value": "", - "expected_value": "'COPY' ${JAR_FILE}", - "actual_value": "'ADD' ${JAR_FILE}" - }, - { - "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/Dockerfile-example", - "similarity_id": "86a9e39633f72e3a93a6412eb11153740c5eba8edac285ce8046b8e6a1655506", - "line": 1, - "issue_type": "IncorrectValue", - "search_key": "FROM={{openjdk:10-jdk}}.{{add ${JAR_FILE} app.jar}}", - "search_line": -1, - "search_value": "", - "expected_value": "'COPY' ${JAR_FILE}", - "actual_value": "'ADD' ${JAR_FILE}" - } - ] - }, - { - "query_name": "Image Version Using 'latest'", - "query_id": "f45ea400-6bbe-4501-9fc7-1c3d75c32067", - "query_url": "https://docs.docker.com/develop/dev-best-practices/", - "severity": "MEDIUM", - "platform": "Dockerfile", - "cwe": "1357", - "risk_score": "5.1", - "category": "Best Practices", - "experimental": false, - "description": "When building images, always tag them with useful tags which codify version information, intended destination (prod or test, for instance), stability, or other information that is useful when deploying the application in different environments. Do not rely on the automatically-created latest tag", - "description_id": "22f535ec", - "files": [ - { - "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/corrupted_dockerfile", - "similarity_id": "549bf684768e813a7c47c93394adccb913fa19227c01b72a30e1e3628fdff75d", - "line": 1, - "issue_type": "IncorrectValue", - "search_key": "FROM={{alpine:latest}}", - "search_line": -1, - "search_value": "", - "expected_value": "FROM alpine:latest:'version' where version should not be 'latest'", - "actual_value": "FROM alpine:latest'" - }, - { - "file_name": "/path/test/fixtures/dockerfile/any_name/corrupted_dockerfile", - "similarity_id": "5ce04edae6af79859372aa1df8ac452d212b1f9086d023a8929cc4813c4cc8da", - "line": 1, - "issue_type": "IncorrectValue", - "search_key": "FROM={{alpine:latest}}", - "search_line": -1, - "search_value": "", - "expected_value": "FROM alpine:latest:'version' where version should not be 'latest'", - "actual_value": "FROM alpine:latest'" - } - ] - }, - { - "query_name": "Curl or Wget Instead of Add", - "query_id": "4b410d24-1cbe-4430-a632-62c9a931cf1c", - "query_url": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", - "severity": "LOW", - "platform": "Dockerfile", - "cwe": "610", - "risk_score": "2.8", - "category": "Best Practices", - "experimental": false, - "description": "Use of Curl or Wget should be done instead of Add to fetch packages from remote URLs due to the use of Add being strongly discouraged", - "description_id": "29e8216b", - "files": [ - { - "file_name": "/path/test/fixtures/dockerfile/any_name/Dockerfile-example", - "similarity_id": "ead0530c4a2e4acfaa1e4f7146582e526720d6fd1bf423297f0e068017c9868f", - "line": 3, - "issue_type": "IncorrectValue", - "search_key": "FROM={{openjdk:10-jdk}}.{{ADD http://source.file/package.file.tar.gz /temp}}", - "search_line": -1, - "search_value": "", - "expected_value": "Should use 'curl' or 'wget' to download http://source.file/package.file.tar.gz", - "actual_value": "'ADD' http://source.file/package.file.tar.gz" - }, - { - "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/Dockerfile-example", - "similarity_id": "4a41ea8cb8093e0852046f5b11a4c5705e4973525319c92f05ce3935fe7594a8", - "line": 1, - "issue_type": "IncorrectValue", - "search_key": "FROM={{openjdk:10-jdk}}.{{add http://source.file/package.file.tar.gz /temp}}", - "search_line": -1, - "search_value": "", - "expected_value": "Should use 'curl' or 'wget' to download http://source.file/package.file.tar.gz", - "actual_value": "'ADD' http://source.file/package.file.tar.gz" - } - ] - }, - { - "query_name": "Healthcheck Instruction Missing", - "query_id": "b03a748a-542d-44f4-bb86-9199ab4fd2d5", - "query_url": "https://docs.docker.com/engine/reference/builder/#healthcheck", - "severity": "LOW", - "platform": "Dockerfile", - "cwe": "710", - "risk_score": "3.6", - "category": "Insecure Configurations", - "experimental": false, - "description": "Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working", - "description_id": "426121ee", - "files": [ - { - "file_name": "/path/test/fixtures/dockerfile/any_name/Dockerfile-example", - "similarity_id": "2cc23de86e69dec07197cfc0e7266f07f7d6bd6c9e7065f785583d8788a23abb", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{openjdk:10-jdk}}", - "search_line": -1, - "search_value": "", - "expected_value": "Dockerfile should contain instruction 'HEALTHCHECK'", - "actual_value": "Dockerfile doesn't contain instruction 'HEALTHCHECK'" - }, - { - "file_name": "/path/test/fixtures/dockerfile/any_name/corrupted_dockerfile", - "similarity_id": "df38a06e4359d643206a6e67240cbbf070130c75ffeb461f44cca8495ce05014", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:latest}}", - "search_line": -1, - "search_value": "", - "expected_value": "Dockerfile should contain instruction 'HEALTHCHECK'", - "actual_value": "Dockerfile doesn't contain instruction 'HEALTHCHECK'" - }, - { - "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/Dockerfile-example", - "similarity_id": "4b896966a01b1dcd6cccce6a2be286296754da04726aa658062e940ad22ad174", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{openjdk:10-jdk}}", - "search_line": -1, - "search_value": "", - "expected_value": "Dockerfile should contain instruction 'HEALTHCHECK'", - "actual_value": "Dockerfile doesn't contain instruction 'HEALTHCHECK'" - }, - { - "file_name": "/path/test/fixtures/dockerfile/case_insensitive_tests/corrupted_dockerfile", - "similarity_id": "5144da2a31e3d6a7d59ceae76bb30685fc147794929785906b3d748413409506", - "line": 1, - "issue_type": "MissingAttribute", - "search_key": "FROM={{alpine:latest}}", - "search_line": -1, - "search_value": "", - "expected_value": "Dockerfile should contain instruction 'HEALTHCHECK'", - "actual_value": "Dockerfile doesn't contain instruction 'HEALTHCHECK'" - } - ] - } - ] + "kics_version": "development", + "files_scanned": 26, + "lines_scanned": 212, + "files_parsed": 26, + "lines_parsed": 204, + "lines_ignored": 8, + "files_failed_to_scan": 0, + "queries_total": 48, + "queries_failed_to_execute": 1, + "queries_failed_to_compute_similarity_id": 0, + "scan_id": "console", + "severity_counters": { + "CRITICAL": 0, + "HIGH": 23, + "INFO": 0, + "LOW": 3, + "MEDIUM": 2, + "TRACE": 0 + }, + "total_counter": 28, + "total_bom_resources": 0, + "start": "2026-03-13T16:37:29.4562916Z", + "end": "2026-03-13T16:37:30.3687083Z", + "paths": [ + "/path/test/fixtures/dockerfile", + "/path/test/fixtures/negative_dockerfile" + ], + "queries": [ + { + "query_name": "Missing User Instruction", + "query_id": "fd54f200-402c-4333-a5a4-36ef6709af2f", + "query_url": "https://docs.docker.com/engine/reference/builder/#user", + "severity": "HIGH", + "platform": "Dockerfile", + "cwe": "250", + "risk_score": "7.7", + "cloud_provider": "COMMON", + "category": "Build Process", + "experimental": false, + "description": "Always set a user in the runtime stage of your Dockerfile. Without it, the container defaults to root, even if earlier build stages define a user.", + "description_id": "eb49caf6", + "files": [ + { + "file_name": "path/test/fixtures/dockerfile/any_name/file.Dockerfile", + "similarity_id": "1d972910b640dfb968ab630847182b4a19f44b78aeeaa0ef93c96c7e27aa8b6a", + "line": 6, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/test_folder_names_case/Docker/any_file.txt", + "similarity_id": "6da391b0e3e24d85f72b3ace5db0569be32ef11e6f9a433b138ae4e0b004df58", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/corrupted_dockerfile", + "similarity_id": "558c83370b9fc9e230035e00ff7b5302cd64c16f700e73c830579947e250a381", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:latest}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/case_insensitive_tests/random_name", + "similarity_id": "4df62f3dddaa0fe84e53c387514ff1ffb2405fb47a80011271dfc6742078a0e8", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 as builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/test_folder_names/dockerfiles/any_file.txt", + "similarity_id": "e150676345e87674484ea970ca810125007b743069646ac448feaba242b7211f", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/case_insensitive_tests/DOCKERfile.txt", + "similarity_id": "f9caf5d57d5872073bc7b7a555a3283708f72c9990689c8d4e6b3ce1957b496a", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 as builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/test_folder_names/dockerfile/any_file.txt", + "similarity_id": "c2e7f0c0c566a723ff253f4a95e837749faba964ec008551c1f87a7faa476110", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/any_name/random_name", + "similarity_id": "ee3531797486eec98e3dd28ec8cc5f7f6f00743d1cf79cd47f6859df87026f59", + "line": 3, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/test_folder_names_case/Dockerfile/any_file.txt", + "similarity_id": "47d6f707c904f56fe3ca1cc7bce1d2e0ae41d421da983110a5c15fc7e48105df", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/case_insensitive_tests/any_name.ubi8", + "similarity_id": "ce95928798897e3f22c2677202d38812030cc2dfb5cf0470d397d7baaf8c1de1", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 as builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/case_insensitive_tests/dockerFILE", + "similarity_id": "9977ed3614740afd406ca0a86f0df4da5e8680efbb6e9e66ff71ae1dc2d9025f", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 as builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/case_insensitive_tests/any_name.debian", + "similarity_id": "c949a1c23fe7c61dea7daac22ce6a13ffb8dec65b4bcbeacc76bf295518e72ef", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 as builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/any_name/file_2.DOCKERfile", + "similarity_id": "29858cfa69a98973cc1ae10f84e66267240bd630126eba2ba15e58a7aa2dd54d", + "line": 4, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/case_insensitive_tests/Dockerfile.something", + "similarity_id": "2b1d191f474528c93b66c1f5f891efd3763834725ed4008cbd216702f576ef20", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 as builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/any_name/any_name.debian", + "similarity_id": "ef335c394fbaebc802c99ba59b1b3ec830043ac020b711efc7cf497752b73429", + "line": 4, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/Dockerfile-example", + "similarity_id": "aeaf42752011d846797cea09ce1a0eb5457673c67b0fb16914a0c639a253e5c7", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{openjdk:10-jdk}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/case_insensitive_tests/file_2.DOCKERfile", + "similarity_id": "b0694a2913d293ea034d0fe62bd549aed2dd316a81fb82b611a7ab901e32b1b6", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/any_name/Dockerfile.something", + "similarity_id": "b41a39fe06c21fc69fbd6e8f7b3e2c44e8d0d7a8e2b0e0c251f5d6a174e031ee", + "line": 4, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/any_name/dockerFILE", + "similarity_id": "e97a5ec241eb063c5757aed13a666c8126e4375ac9aed300cdc72d4ae883dfdc", + "line": 6, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/test_folder_names/docker/any_file.txt", + "similarity_id": "9d78b93c92fe63c29dec006a12993b74dc6c6fbf29ae295ff7c6e19136657e2d", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/test_folder_names_case/Dockerfiles/any_file.txt", + "similarity_id": "b58c4c4ed6c88b82fdf62608154342a31a2de95eaae39716ff4f6ccf1a5bcdda", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/any_name/DOCKERfile.txt", + "similarity_id": "5663f110b46dbc0378ff0540fc4a54700c80197a1ced862564f987d4f2e7116d", + "line": 13, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + }, + { + "file_name": "path/test/fixtures/dockerfile/any_name/any_name.ubi8", + "similarity_id": "4d64348b27180d867de9cf04a51db582786ea6622adb94fb54fdbac03b284769", + "line": 4, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:3.19 AS builder}}", + "search_line": -1, + "search_value": "", + "expected_value": "The 'Dockerfile' should contain the 'USER' instruction", + "actual_value": "The 'Dockerfile' does not contain any 'USER' instruction" + } + ] + }, + { + "query_name": "Add Instead of Copy", + "query_id": "9513a694-aa0d-41d8-be61-3271e056f36b", + "query_url": "https://docs.docker.com/engine/reference/builder/#add", + "severity": "MEDIUM", + "platform": "Dockerfile", + "cwe": "610", + "risk_score": "5.2", + "category": "Supply-Chain", + "experimental": false, + "description": "Using ADD to load external installation scripts could lead to an evil web server leveraging this and loading a malicious script.", + "description_id": "0aedd324", + "files": [ + { + "file_name": "path/test/fixtures/dockerfile/Dockerfile-example", + "similarity_id": "9d6bb1f4ca1093d79890b1b24b00dbb2e8fa60ca0df6b2ba391db348256eec6f", + "line": 6, + "issue_type": "IncorrectValue", + "search_key": "FROM={{openjdk:10-jdk}}.{{ADD ${JAR_FILE} app.jar}}", + "search_line": -1, + "search_value": "", + "expected_value": "'COPY' ${JAR_FILE}", + "actual_value": "'ADD' ${JAR_FILE}" + } + ] + }, + { + "query_name": "Image Version Using 'latest'", + "query_id": "f45ea400-6bbe-4501-9fc7-1c3d75c32067", + "query_url": "https://docs.docker.com/develop/dev-best-practices/", + "severity": "MEDIUM", + "platform": "Dockerfile", + "cwe": "1357", + "risk_score": "5.1", + "category": "Best Practices", + "experimental": false, + "description": "When building images, always tag them with useful tags which codify version information, intended destination (prod or test, for instance), stability, or other information that is useful when deploying the application in different environments. Do not rely on the automatically-created latest tag", + "description_id": "22f535ec", + "files": [ + { + "file_name": "path/test/fixtures/dockerfile/corrupted_dockerfile", + "similarity_id": "b8c6f58c6b52c4155b70475008be34bcf7ca39a15378ca1828e657a75ba907f3", + "line": 1, + "issue_type": "IncorrectValue", + "search_key": "FROM={{alpine:latest}}", + "search_line": -1, + "search_value": "", + "expected_value": "FROM alpine:latest:'version' where version should not be 'latest'", + "actual_value": "FROM alpine:latest'" + } + ] + }, + { + "query_name": "Curl or Wget Instead of Add", + "query_id": "4b410d24-1cbe-4430-a632-62c9a931cf1c", + "query_url": "https://docs.docker.com/develop/develop-images/dockerfile_best-practices/", + "severity": "LOW", + "platform": "Dockerfile", + "cwe": "610", + "risk_score": "2.8", + "category": "Best Practices", + "experimental": false, + "description": "Use of Curl or Wget should be done instead of Add to fetch packages from remote URLs due to the use of Add being strongly discouraged", + "description_id": "29e8216b", + "files": [ + { + "file_name": "path/test/fixtures/dockerfile/Dockerfile-example", + "similarity_id": "37ebb20d72a17217823809f4bbf670db1167d627157c42c0b4dd9b063e30b5bd", + "line": 3, + "issue_type": "IncorrectValue", + "search_key": "FROM={{openjdk:10-jdk}}.{{ADD http://source.file/package.file.tar.gz /temp}}", + "search_line": -1, + "search_value": "", + "expected_value": "Should use 'curl' or 'wget' to download http://source.file/package.file.tar.gz", + "actual_value": "'ADD' http://source.file/package.file.tar.gz" + } + ] + }, + { + "query_name": "Healthcheck Instruction Missing", + "query_id": "b03a748a-542d-44f4-bb86-9199ab4fd2d5", + "query_url": "https://docs.docker.com/engine/reference/builder/#healthcheck", + "severity": "LOW", + "platform": "Dockerfile", + "cwe": "710", + "risk_score": "3.6", + "category": "Insecure Configurations", + "experimental": false, + "description": "Ensure that HEALTHCHECK is being used. The HEALTHCHECK instruction tells Docker how to test a container to check that it is still working", + "description_id": "426121ee", + "files": [ + { + "file_name": "path/test/fixtures/dockerfile/Dockerfile-example", + "similarity_id": "4d0420e48f4c7d991ed6694980266d5b7313da8abb2e29b2dd777ce7c6f6251d", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{openjdk:10-jdk}}", + "search_line": -1, + "search_value": "", + "expected_value": "Dockerfile should contain instruction 'HEALTHCHECK'", + "actual_value": "Dockerfile doesn't contain instruction 'HEALTHCHECK'" + }, + { + "file_name": "path/test/fixtures/dockerfile/corrupted_dockerfile", + "similarity_id": "ae470ca681b82da606c6080acf7ea93906066db785bf47e2372ef7b342f43f7e", + "line": 1, + "issue_type": "MissingAttribute", + "search_key": "FROM={{alpine:latest}}", + "search_line": -1, + "search_value": "", + "expected_value": "Dockerfile should contain instruction 'HEALTHCHECK'", + "actual_value": "Dockerfile doesn't contain instruction 'HEALTHCHECK'" + } + ] + } + ] } diff --git a/e2e/testcases/e2e-cli-105_valid_dockerfile_detected.go b/e2e/testcases/e2e-cli-105_valid_dockerfile_detected.go index c58e47a07f5..fdc5b87ecbb 100644 --- a/e2e/testcases/e2e-cli-105_valid_dockerfile_detected.go +++ b/e2e/testcases/e2e-cli-105_valid_dockerfile_detected.go @@ -9,8 +9,8 @@ func init() { //nolint Args: []cmdArgs{ []string{"scan", "-o", "/path/e2e/output", "--output-name", "E2E_CLI_105_RESULT", - "-p", "\"/path/test/fixtures/dockerfile\"", - "-p", "\"/path/test/fixtures/negative_dockerfile\"", + "-p", "/path/test/fixtures/dockerfile", + "-p", "/path/test/fixtures/negative_dockerfile", "--payload-path", "/path/e2e/output/E2E_CLI_105_PAYLOAD.json", }, }, diff --git a/test/fixtures/dockerfile/Dockerfile-example b/test/fixtures/dockerfile/Dockerfile-example index e41733e34fe..d7d7935b60b 100644 --- a/test/fixtures/dockerfile/Dockerfile-example +++ b/test/fixtures/dockerfile/Dockerfile-example @@ -1,7 +1,7 @@ -from openjdk:10-jdk -volume /tmp -add http://source.file/package.file.tar.gz /temp -run tar -xjf /temp/package.file.tar.gz -arg JAR_FILE -add ${JAR_FILE} app.jar -entrypoint ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"] +FROM openjdk:10-jdk +VOLUME /tmp +ADD http://source.file/package.file.tar.gz /temp +RUN tar -xjf /temp/package.file.tar.gz +ARG JAR_FILE +ADD ${JAR_FILE} app.jar +ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"] From 1c599741c2bb22b1914df5b57b837ab401eb9b8d Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Sun, 15 Mar 2026 12:06:06 +0000 Subject: [PATCH 13/29] Changed relevant functions to always treat/set the extension of valid dockerfiles as '.dockerfile' --- pkg/analyzer/analyzer.go | 1 - pkg/parser/docker/parser.go | 2 +- pkg/parser/docker/parser_test.go | 2 +- pkg/parser/parser_test.go | 2 -- pkg/remediation/scan.go | 2 +- 5 files changed, 3 insertions(+), 6 deletions(-) diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index dafa3b11551..c3e4da6373a 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -102,7 +102,6 @@ var ( ".yaml": true, ".json": true, ".dockerfile": true, - "dockerfile": true, ".debian": true, ".ubi8": true, ".tf": true, diff --git a/pkg/parser/docker/parser.go b/pkg/parser/docker/parser.go index fc507ef3d88..8d36af3e9fa 100644 --- a/pkg/parser/docker/parser.go +++ b/pkg/parser/docker/parser.go @@ -135,7 +135,7 @@ func (p *Parser) GetKind() model.FileKind { // SupportedExtensions returns Dockerfile extensions func (p *Parser) SupportedExtensions() []string { - return []string{"Dockerfile", ".dockerfile", "dockerfile", ".ubi8", ".debian"} + return []string{".dockerfile", ".ubi8", ".debian"} } // SupportedTypes returns types supported by this parser, which are dockerfile diff --git a/pkg/parser/docker/parser_test.go b/pkg/parser/docker/parser_test.go index 5ca430dbbc1..2ba37077bdb 100644 --- a/pkg/parser/docker/parser_test.go +++ b/pkg/parser/docker/parser_test.go @@ -17,7 +17,7 @@ func TestParser_GetKind(t *testing.T) { // TestParser_SupportedExtensions tests the functions [SupportedExtensions()] and all the methods called by them func TestParser_SupportedExtensions(t *testing.T) { p := &Parser{} - require.Equal(t, []string{"Dockerfile", ".dockerfile", "dockerfile", ".ubi8", ".debian"}, p.SupportedExtensions()) + require.Equal(t, []string{".dockerfile", ".ubi8", ".debian"}, p.SupportedExtensions()) } // TestParser_SupportedExtensions tests the functions [SupportedTypes()] and all the methods called by them diff --git a/pkg/parser/parser_test.go b/pkg/parser/parser_test.go index bbc45a089c5..0eff1ce94ea 100644 --- a/pkg/parser/parser_test.go +++ b/pkg/parser/parser_test.go @@ -94,8 +94,6 @@ func TestParser_SupportedExtensions(t *testing.T) { require.Contains(t, extensions, ".tf") require.Contains(t, extensions, ".yaml") require.Contains(t, extensions, ".dockerfile") - require.Contains(t, extensions, "dockerfile") - require.Contains(t, extensions, "Dockerfile") } func initilizeBuilder() []*Parser { diff --git a/pkg/remediation/scan.go b/pkg/remediation/scan.go index 112295cd2c6..a9adddf0ee7 100644 --- a/pkg/remediation/scan.go +++ b/pkg/remediation/scan.go @@ -95,7 +95,7 @@ func getPayload(filePath string, content []byte, openAPIResolveReferences bool, var err error switch ext { - case ".dockerfile", "Dockerfile", "gitignore", ".ubi8", ".debian": + case ".dockerfile", "gitignore", ".ubi8", ".debian": p, err = parser.NewBuilder().Add(&dockerParser.Parser{}).Build([]string{""}, []string{""}) case terraformExtension: From 51b5a521ce816c9baddf6a99d49acec502ca6344 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Mon, 16 Mar 2026 10:55:15 +0000 Subject: [PATCH 14/29] Removed last mention of 'dockerfile' without dot notation --- pkg/analyzer/analyzer.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index c3e4da6373a..b968805dc01 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -437,7 +437,7 @@ func (a *analyzerInfo) worker( //nolint: gocyclo case "gitignore": unwanted <- a.filePath // Dockerfile - case ".dockerfile", "dockerfile": + case ".dockerfile": if a.isAvailableType(dockerfile) { results <- dockerfile locCount <- linesCount From 122bd04146082742254e281030a0efe653d22b8e Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Mon, 16 Mar 2026 11:18:20 +0000 Subject: [PATCH 15/29] Changed 'gitignore' check for better check order in 'GetExtension' function --- pkg/utils/get_extension.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/pkg/utils/get_extension.go b/pkg/utils/get_extension.go index b496cd7c31f..9c7c6a9862e 100644 --- a/pkg/utils/get_extension.go +++ b/pkg/utils/get_extension.go @@ -24,10 +24,6 @@ func GetExtension(path string) (string, error) { return "", fmt.Errorf("the path %s is a directory", path) } - if strings.HasSuffix(filepath.Clean(path), "gitignore") { - return "gitignore", nil - } - if ext, ok := isDockerfileExtension(path, extDockerfile); ok { return ext, nil } @@ -39,6 +35,9 @@ func GetExtension(path string) (string, error) { return extDockerfile, nil } case "": + if strings.HasSuffix(filepath.Clean(path), "gitignore") { + return "gitignore", nil + } if filepath.Base(path) == "tfvars" { return ".tfvars", nil } From 2da32f613f2fc7e5664c64275655eafbfcf46240 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Mon, 16 Mar 2026 12:15:39 +0000 Subject: [PATCH 16/29] Slightly more restrictive check to FROM command to ensure it has a trailing whitespace --- pkg/utils/get_extension.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/utils/get_extension.go b/pkg/utils/get_extension.go index 9c7c6a9862e..7e9994c3f62 100644 --- a/pkg/utils/get_extension.go +++ b/pkg/utils/get_extension.go @@ -91,7 +91,7 @@ func readPossibleDockerFile(path string) bool { if strings.HasPrefix(scanner.Text(), "#") || strings.HasPrefix(strings.ToLower(scanner.Text()), "arg") || scanner.Text() == "" { continue } else { - if strings.HasPrefix(strings.ToLower(scanner.Text()), "from") { + if strings.HasPrefix(strings.ToLower(scanner.Text()), "from ") { return true } else { return false From 1bfe1264d25b5006fba5f389e6c0c680259a3354 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Tue, 17 Mar 2026 10:47:39 +0000 Subject: [PATCH 17/29] Updates to functions, removed unnecessary if statement on scan.go and unnecessary 'gitignore' case in analyzer's workers --- pkg/analyzer/analyzer.go | 3 --- pkg/parser/docker/parser.go | 4 +--- pkg/remediation/scan.go | 2 +- pkg/utils/get_extension.go | 13 +++++-------- 4 files changed, 7 insertions(+), 15 deletions(-) diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index b968805dc01..f5fc6804ac8 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -112,7 +112,6 @@ var ( ".conf": true, ".ini": true, ".bicep": true, - "gitignore": true, } supportedRegexes = map[string][]string{ "azureresourcemanager": append(armRegexTypes, arm), @@ -434,8 +433,6 @@ func (a *analyzerInfo) worker( //nolint: gocyclo linesCount, _ := utils.LineCounter(a.filePath, a.fallbackMinifiedFileLOC) switch ext { - case "gitignore": - unwanted <- a.filePath // Dockerfile case ".dockerfile": if a.isAvailableType(dockerfile) { diff --git a/pkg/parser/docker/parser.go b/pkg/parser/docker/parser.go index 8d36af3e9fa..a676b1cfee7 100644 --- a/pkg/parser/docker/parser.go +++ b/pkg/parser/docker/parser.go @@ -59,9 +59,7 @@ func (p *Parser) Parse(_ string, fileContent []byte) ([]model.Document, []int, e for _, child := range parsed.AST.Children { child.Value = strings.ToLower(child.Value) if child.Value == "from" { - if strings.HasPrefix(strings.ToUpper(child.Original), "FROM ") { - fromValue = child.Original[5:] - } + fromValue = child.Original[5:] } if ignoreStruct.getIgnoreComments(child) { diff --git a/pkg/remediation/scan.go b/pkg/remediation/scan.go index a9adddf0ee7..b95ebfb65b2 100644 --- a/pkg/remediation/scan.go +++ b/pkg/remediation/scan.go @@ -95,7 +95,7 @@ func getPayload(filePath string, content []byte, openAPIResolveReferences bool, var err error switch ext { - case ".dockerfile", "gitignore", ".ubi8", ".debian": + case ".dockerfile", ".ubi8", ".debian": p, err = parser.NewBuilder().Add(&dockerParser.Parser{}).Build([]string{""}, []string{""}) case terraformExtension: diff --git a/pkg/utils/get_extension.go b/pkg/utils/get_extension.go index 7e9994c3f62..45073ecb2a0 100644 --- a/pkg/utils/get_extension.go +++ b/pkg/utils/get_extension.go @@ -16,6 +16,7 @@ import ( func GetExtension(path string) (string, error) { extDockerfile := ".dockerfile" fileInfo, err := os.Stat(path) + if err != nil { return "", fmt.Errorf("file %s not found", path) } @@ -36,7 +37,7 @@ func GetExtension(path string) (string, error) { } case "": if strings.HasSuffix(filepath.Clean(path), "gitignore") { - return "gitignore", nil + return "", nil } if filepath.Base(path) == "tfvars" { return ".tfvars", nil @@ -88,15 +89,11 @@ func readPossibleDockerFile(path string) bool { scanner := bufio.NewScanner(file) // Read lines from the file for scanner.Scan() { - if strings.HasPrefix(scanner.Text(), "#") || strings.HasPrefix(strings.ToLower(scanner.Text()), "arg") || scanner.Text() == "" { + line := strings.TrimSpace(scanner.Text()) + if line == "" || line[0] == '#' || strings.HasPrefix(strings.ToLower(line), "arg") { continue - } else { - if strings.HasPrefix(strings.ToLower(scanner.Text()), "from ") { - return true - } else { - return false - } } + return strings.HasPrefix(strings.ToLower(line), "from ") } return false } From 944a70f835ecec250bddd4ef9f590277a938ebe6 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Tue, 17 Mar 2026 12:45:11 +0000 Subject: [PATCH 18/29] fix previous commit --- pkg/utils/get_extension.go | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/pkg/utils/get_extension.go b/pkg/utils/get_extension.go index 45073ecb2a0..fa189d37746 100644 --- a/pkg/utils/get_extension.go +++ b/pkg/utils/get_extension.go @@ -16,7 +16,6 @@ import ( func GetExtension(path string) (string, error) { extDockerfile := ".dockerfile" fileInfo, err := os.Stat(path) - if err != nil { return "", fmt.Errorf("file %s not found", path) } @@ -89,11 +88,15 @@ func readPossibleDockerFile(path string) bool { scanner := bufio.NewScanner(file) // Read lines from the file for scanner.Scan() { - line := strings.TrimSpace(scanner.Text()) - if line == "" || line[0] == '#' || strings.HasPrefix(strings.ToLower(line), "arg") { + if strings.HasPrefix(scanner.Text(), "#") || strings.HasPrefix(strings.ToLower(scanner.Text()), "arg") || scanner.Text() == "" { continue + } else { + if strings.HasPrefix(strings.ToLower(scanner.Text()), "from ") { + return true + } else { + return false + } } - return strings.HasPrefix(strings.ToLower(line), "from ") } return false } From 3d5c2c91521bf0a124a99453d65875eafb74ff01 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Tue, 17 Mar 2026 13:02:13 +0000 Subject: [PATCH 19/29] fix analyzer uni tests --- pkg/analyzer/analyzer.go | 4 +++- pkg/utils/get_extension.go | 3 --- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index f5fc6804ac8..6e21776fbb5 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -840,7 +840,9 @@ func (a *Analyzer) checkIgnore(fileSize int64, hasGitIgnoreFile bool, fullPath string, trimmedPath string, ignoreFiles []string) []string { exceededFileSize := a.MaxFileSize >= 0 && float64(fileSize)/float64(sizeMb) > float64(a.MaxFileSize) - if (hasGitIgnoreFile && gitIgnore.MatchesPath(trimmedPath)) || isDeadSymlink(fullPath) || exceededFileSize { + isGitIgnoreFile := filepath.Base(fullPath) == ".gitignore" || filepath.Base(fullPath) == "gitignore" + + if (isGitIgnoreFile || hasGitIgnoreFile && gitIgnore.MatchesPath(trimmedPath)) || isDeadSymlink(fullPath) || exceededFileSize { ignoreFiles = append(ignoreFiles, fullPath) a.Exc = append(a.Exc, fullPath) diff --git a/pkg/utils/get_extension.go b/pkg/utils/get_extension.go index fa189d37746..ec1f300cb28 100644 --- a/pkg/utils/get_extension.go +++ b/pkg/utils/get_extension.go @@ -35,9 +35,6 @@ func GetExtension(path string) (string, error) { return extDockerfile, nil } case "": - if strings.HasSuffix(filepath.Clean(path), "gitignore") { - return "", nil - } if filepath.Base(path) == "tfvars" { return ".tfvars", nil } From 6da5da5f34575f46b98e8c177d990cf32d68b8c9 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Tue, 17 Mar 2026 13:17:11 +0000 Subject: [PATCH 20/29] simplified new if condition --- pkg/analyzer/analyzer.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index 6e21776fbb5..511f346281f 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -840,9 +840,7 @@ func (a *Analyzer) checkIgnore(fileSize int64, hasGitIgnoreFile bool, fullPath string, trimmedPath string, ignoreFiles []string) []string { exceededFileSize := a.MaxFileSize >= 0 && float64(fileSize)/float64(sizeMb) > float64(a.MaxFileSize) - isGitIgnoreFile := filepath.Base(fullPath) == ".gitignore" || filepath.Base(fullPath) == "gitignore" - - if (isGitIgnoreFile || hasGitIgnoreFile && gitIgnore.MatchesPath(trimmedPath)) || isDeadSymlink(fullPath) || exceededFileSize { + if (strings.HasSuffix(filepath.Clean(fullPath), "gitignore") || hasGitIgnoreFile && gitIgnore.MatchesPath(trimmedPath)) || isDeadSymlink(fullPath) || exceededFileSize { ignoreFiles = append(ignoreFiles, fullPath) a.Exc = append(a.Exc, fullPath) From c3c0968ebdbbdce1e255f076f72924140ddbba3a Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Tue, 17 Mar 2026 13:45:17 +0000 Subject: [PATCH 21/29] lint fix --- pkg/analyzer/analyzer.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index 511f346281f..13ccc12aceb 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -840,7 +840,8 @@ func (a *Analyzer) checkIgnore(fileSize int64, hasGitIgnoreFile bool, fullPath string, trimmedPath string, ignoreFiles []string) []string { exceededFileSize := a.MaxFileSize >= 0 && float64(fileSize)/float64(sizeMb) > float64(a.MaxFileSize) - if (strings.HasSuffix(filepath.Clean(fullPath), "gitignore") || hasGitIgnoreFile && gitIgnore.MatchesPath(trimmedPath)) || isDeadSymlink(fullPath) || exceededFileSize { + if (strings.HasSuffix(filepath.Clean(fullPath), "gitignore") || hasGitIgnoreFile && gitIgnore.MatchesPath(trimmedPath)) || + isDeadSymlink(fullPath) || exceededFileSize { ignoreFiles = append(ignoreFiles, fullPath) a.Exc = append(a.Exc, fullPath) From 194c47f08d6ec6f249188f6525ae0c09d3bce386 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Tue, 17 Mar 2026 14:56:04 +0000 Subject: [PATCH 22/29] fixed analyze unit tests, with names ending in 'gitignore' no longer have to be explicitly set as unwanted to allign with '.gitignore' behaviour --- pkg/analyzer/analyzer.go | 3 +-- pkg/analyzer/analyzer_test.go | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/pkg/analyzer/analyzer.go b/pkg/analyzer/analyzer.go index 13ccc12aceb..f5fc6804ac8 100644 --- a/pkg/analyzer/analyzer.go +++ b/pkg/analyzer/analyzer.go @@ -840,8 +840,7 @@ func (a *Analyzer) checkIgnore(fileSize int64, hasGitIgnoreFile bool, fullPath string, trimmedPath string, ignoreFiles []string) []string { exceededFileSize := a.MaxFileSize >= 0 && float64(fileSize)/float64(sizeMb) > float64(a.MaxFileSize) - if (strings.HasSuffix(filepath.Clean(fullPath), "gitignore") || hasGitIgnoreFile && gitIgnore.MatchesPath(trimmedPath)) || - isDeadSymlink(fullPath) || exceededFileSize { + if (hasGitIgnoreFile && gitIgnore.MatchesPath(trimmedPath)) || isDeadSymlink(fullPath) || exceededFileSize { ignoreFiles = append(ignoreFiles, fullPath) a.Exc = append(a.Exc, fullPath) diff --git a/pkg/analyzer/analyzer_test.go b/pkg/analyzer/analyzer_test.go index 0d245d8c1ef..3323db26ac8 100644 --- a/pkg/analyzer/analyzer_test.go +++ b/pkg/analyzer/analyzer_test.go @@ -151,7 +151,6 @@ func TestAnalyzer_Analyze(t *testing.T) { wantExclude: []string{ filepath.FromSlash("../../test/fixtures/gitignore/positive.dockerfile"), filepath.FromSlash("../../test/fixtures/gitignore/secrets.tf"), - filepath.FromSlash("../../test/fixtures/gitignore/gitignore"), }, typesFromFlag: []string{""}, excludeTypesFromFlag: []string{""}, @@ -167,7 +166,7 @@ func TestAnalyzer_Analyze(t *testing.T) { filepath.FromSlash("../../test/fixtures/gitignore"), }, wantTypes: []string{"dockerfile", "kubernetes", "terraform"}, - wantExclude: []string{filepath.FromSlash("../../test/fixtures/gitignore/gitignore")}, + wantExclude: []string{}, typesFromFlag: []string{""}, excludeTypesFromFlag: []string{""}, wantLOC: 42, From fa26908522a1964b8829b81176c17e5fd403ce9d Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Tue, 17 Mar 2026 17:03:02 +0000 Subject: [PATCH 23/29] Case-insensitive unit tests for dockerfile samples --- pkg/parser/docker/parser_test.go | 34 ++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/pkg/parser/docker/parser_test.go b/pkg/parser/docker/parser_test.go index 2ba37077bdb..c8d9565a050 100644 --- a/pkg/parser/docker/parser_test.go +++ b/pkg/parser/docker/parser_test.go @@ -235,3 +235,37 @@ func TestParser_GetResolvedFiles(t *testing.T) { }) } } + +// TestParser_Parse_CaseInsensitive tests that the parser handles Dockerfile commands +// in a case-insensitive manner +func TestParser_Parse_CaseInsensitive(t *testing.T) { + p := &Parser{} + + lower := ` +from alpine:3.18 +run echo "hello" +` + mixed := ` +fRoM alpine:3.18 +rUn echo "hello" +` + + docUpper, _, err := p.Parse("Dockerfile", []byte(lower)) + require.NoError(t, err) + require.Len(t, docUpper, 1) + require.Contains(t, docUpper[0]["command"], "alpine:3.18") + + docMixed, _, err := p.Parse("Dockerfile", []byte(mixed)) + require.NoError(t, err) + require.Len(t, docMixed, 1) + require.Contains(t, docMixed[0]["command"], "alpine:3.18") + + cmdsUpper := docUpper[0]["command"].(map[string]interface{})["alpine:3.18"].([]interface{}) + cmdsMixed := docMixed[0]["command"].(map[string]interface{})["alpine:3.18"].([]interface{}) + + require.Len(t, cmdsUpper, len(cmdsMixed)) + for i := range cmdsUpper { + require.Equal(t, cmdsUpper[i].(map[string]interface{})["Cmd"], cmdsMixed[i].(map[string]interface{})["Cmd"]) + require.Equal(t, cmdsUpper[i].(map[string]interface{})["Value"], cmdsMixed[i].(map[string]interface{})["Value"]) + } +} From 8355e51748231205621fff4b0ff27c2aeaf4cfb7 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Tue, 17 Mar 2026 17:16:45 +0000 Subject: [PATCH 24/29] Slight changes to new test --- pkg/parser/docker/parser_test.go | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/pkg/parser/docker/parser_test.go b/pkg/parser/docker/parser_test.go index c8d9565a050..abe4b47afb1 100644 --- a/pkg/parser/docker/parser_test.go +++ b/pkg/parser/docker/parser_test.go @@ -240,7 +240,11 @@ func TestParser_GetResolvedFiles(t *testing.T) { // in a case-insensitive manner func TestParser_Parse_CaseInsensitive(t *testing.T) { p := &Parser{} - + // baseline sample + upper := ` +FROM alpine:3.18 +RUN echo "hello" +` lower := ` from alpine:3.18 run echo "hello" @@ -250,22 +254,31 @@ fRoM alpine:3.18 rUn echo "hello" ` - docUpper, _, err := p.Parse("Dockerfile", []byte(lower)) + docUpper, _, err := p.Parse("Dockerfile", []byte(upper)) require.NoError(t, err) require.Len(t, docUpper, 1) require.Contains(t, docUpper[0]["command"], "alpine:3.18") + cmdsUpper := docUpper[0]["command"].(map[string]interface{})["alpine:3.18"].([]interface{}) + + docLower, _, err := p.Parse("Dockerfile", []byte(lower)) + require.NoError(t, err) + require.Len(t, docLower, 1) + require.Contains(t, docLower[0]["command"], "alpine:3.18") + cmdsLower := docLower[0]["command"].(map[string]interface{})["alpine:3.18"].([]interface{}) docMixed, _, err := p.Parse("Dockerfile", []byte(mixed)) require.NoError(t, err) require.Len(t, docMixed, 1) require.Contains(t, docMixed[0]["command"], "alpine:3.18") - - cmdsUpper := docUpper[0]["command"].(map[string]interface{})["alpine:3.18"].([]interface{}) cmdsMixed := docMixed[0]["command"].(map[string]interface{})["alpine:3.18"].([]interface{}) + require.Len(t, cmdsUpper, len(cmdsLower)) require.Len(t, cmdsUpper, len(cmdsMixed)) + for i := range cmdsUpper { require.Equal(t, cmdsUpper[i].(map[string]interface{})["Cmd"], cmdsMixed[i].(map[string]interface{})["Cmd"]) require.Equal(t, cmdsUpper[i].(map[string]interface{})["Value"], cmdsMixed[i].(map[string]interface{})["Value"]) + require.Equal(t, cmdsUpper[i].(map[string]interface{})["Cmd"], cmdsLower[i].(map[string]interface{})["Cmd"]) + require.Equal(t, cmdsUpper[i].(map[string]interface{})["Value"], cmdsLower[i].(map[string]interface{})["Value"]) } } From 50980a76a059fdb044495ea2c499aa36cb84b196 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Tue, 17 Mar 2026 17:33:20 +0000 Subject: [PATCH 25/29] Slight simplification of new docker/parser unit test --- pkg/parser/docker/parser_test.go | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/pkg/parser/docker/parser_test.go b/pkg/parser/docker/parser_test.go index abe4b47afb1..e5bc4d14783 100644 --- a/pkg/parser/docker/parser_test.go +++ b/pkg/parser/docker/parser_test.go @@ -257,22 +257,18 @@ rUn echo "hello" docUpper, _, err := p.Parse("Dockerfile", []byte(upper)) require.NoError(t, err) require.Len(t, docUpper, 1) - require.Contains(t, docUpper[0]["command"], "alpine:3.18") cmdsUpper := docUpper[0]["command"].(map[string]interface{})["alpine:3.18"].([]interface{}) docLower, _, err := p.Parse("Dockerfile", []byte(lower)) require.NoError(t, err) require.Len(t, docLower, 1) - require.Contains(t, docLower[0]["command"], "alpine:3.18") cmdsLower := docLower[0]["command"].(map[string]interface{})["alpine:3.18"].([]interface{}) + require.Len(t, cmdsUpper, len(cmdsLower)) docMixed, _, err := p.Parse("Dockerfile", []byte(mixed)) require.NoError(t, err) require.Len(t, docMixed, 1) - require.Contains(t, docMixed[0]["command"], "alpine:3.18") cmdsMixed := docMixed[0]["command"].(map[string]interface{})["alpine:3.18"].([]interface{}) - - require.Len(t, cmdsUpper, len(cmdsLower)) require.Len(t, cmdsUpper, len(cmdsMixed)) for i := range cmdsUpper { From c538a3897b7218e8a8c567eb7147ce30d9f66a9e Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Thu, 19 Mar 2026 16:20:21 +0000 Subject: [PATCH 26/29] Mini fix on insensitive_sample --- test/fixtures/dockerfile/case_insensitive_tests/file.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/fixtures/dockerfile/case_insensitive_tests/file.Dockerfile b/test/fixtures/dockerfile/case_insensitive_tests/file.Dockerfile index 66464c06378..b93539d734f 100644 --- a/test/fixtures/dockerfile/case_insensitive_tests/file.Dockerfile +++ b/test/fixtures/dockerfile/case_insensitive_tests/file.Dockerfile @@ -5,6 +5,6 @@ arg BASE_IMAGE=ubuntu:22.04 from alpine:3.19 as builder -copy . . +copy .. . healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ "executable" ] From 051e791e6a175edea66516dffa82fbce71a75dd1 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Thu, 19 Mar 2026 16:33:28 +0000 Subject: [PATCH 27/29] Changed E2E to 106 to fix merge conflict --- ...CLI_105_PAYLOAD.json => E2E_CLI_106_PAYLOAD.json} | 0 ...E_CLI_105_RESULT.json => E2E_CLI_106_RESULT.json} | 0 ...d.go => e2e-cli-106_valid_dockerfile_detected.go} | 12 ++++++------ 3 files changed, 6 insertions(+), 6 deletions(-) rename e2e/fixtures/{E2E_CLI_105_PAYLOAD.json => E2E_CLI_106_PAYLOAD.json} (100%) rename e2e/fixtures/{E2E_CLI_105_RESULT.json => E2E_CLI_106_RESULT.json} (100%) rename e2e/testcases/{e2e-cli-105_valid_dockerfile_detected.go => e2e-cli-106_valid_dockerfile_detected.go} (72%) diff --git a/e2e/fixtures/E2E_CLI_105_PAYLOAD.json b/e2e/fixtures/E2E_CLI_106_PAYLOAD.json similarity index 100% rename from e2e/fixtures/E2E_CLI_105_PAYLOAD.json rename to e2e/fixtures/E2E_CLI_106_PAYLOAD.json diff --git a/e2e/fixtures/E2E_CLI_105_RESULT.json b/e2e/fixtures/E2E_CLI_106_RESULT.json similarity index 100% rename from e2e/fixtures/E2E_CLI_105_RESULT.json rename to e2e/fixtures/E2E_CLI_106_RESULT.json diff --git a/e2e/testcases/e2e-cli-105_valid_dockerfile_detected.go b/e2e/testcases/e2e-cli-106_valid_dockerfile_detected.go similarity index 72% rename from e2e/testcases/e2e-cli-105_valid_dockerfile_detected.go rename to e2e/testcases/e2e-cli-106_valid_dockerfile_detected.go index fdc5b87ecbb..a7d46870aaa 100644 --- a/e2e/testcases/e2e-cli-105_valid_dockerfile_detected.go +++ b/e2e/testcases/e2e-cli-106_valid_dockerfile_detected.go @@ -1,27 +1,27 @@ package testcases -// E2E-CLI-105 - KICS scan +// E2E-CLI-106 - KICS scan // should perform the scan successfully detect all valid dockerfile documents and return result 50 func init() { //nolint testSample := TestCase{ - Name: "should perform a valid scan with all dockerfile documents parsed [E2E-CLI-105]", + Name: "should perform a valid scan with all dockerfile documents parsed [E2E-CLI-106]", Args: args{ Args: []cmdArgs{ []string{"scan", "-o", "/path/e2e/output", - "--output-name", "E2E_CLI_105_RESULT", + "--output-name", "E2E_CLI_106_RESULT", "-p", "/path/test/fixtures/dockerfile", "-p", "/path/test/fixtures/negative_dockerfile", - "--payload-path", "/path/e2e/output/E2E_CLI_105_PAYLOAD.json", + "--payload-path", "/path/e2e/output/E2E_CLI_106_PAYLOAD.json", }, }, ExpectedResult: []ResultsValidation{ { - ResultsFile: "E2E_CLI_105_RESULT", + ResultsFile: "E2E_CLI_106_RESULT", ResultsFormats: []string{"json"}, }, }, ExpectedPayload: []string{ - "E2E_CLI_105_PAYLOAD.json", + "E2E_CLI_106_PAYLOAD.json", }, }, WantStatus: []int{50}, From 3d9d583d0a4f0b9097febd6bfd3f663c48d90242 Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Thu, 19 Mar 2026 17:16:44 +0000 Subject: [PATCH 28/29] fix E2E tests --- e2e/fixtures/E2E_CLI_106_PAYLOAD.json | 12 ++++++------ test/fixtures/dockerfile/any_name/file.Dockerfile | 2 +- .../case_insensitive_tests/file.Dockerfile | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/e2e/fixtures/E2E_CLI_106_PAYLOAD.json b/e2e/fixtures/E2E_CLI_106_PAYLOAD.json index d48c034cde2..af2b57b0775 100644 --- a/e2e/fixtures/E2E_CLI_106_PAYLOAD.json +++ b/e2e/fixtures/E2E_CLI_106_PAYLOAD.json @@ -437,10 +437,10 @@ "EndLine": 8, "Flags": [], "JSON": false, - "Original": "COPY . .", + "Original": "COPY .. .", "SubCmd": "", "Value": [ - ".", + "..", "." ], "_kics_line": 8 @@ -1008,10 +1008,10 @@ "EndLine": 8, "Flags": [], "JSON": false, - "Original": "copy . .", + "Original": "copy .. .", "SubCmd": "", "Value": [ - ".", + "..", "." ], "_kics_line": 8 @@ -1075,10 +1075,10 @@ "EndLine": 8, "Flags": [], "JSON": false, - "Original": "copy . .", + "Original": "copy .. .", "SubCmd": "", "Value": [ - ".", + "..", "." ], "_kics_line": 8 diff --git a/test/fixtures/dockerfile/any_name/file.Dockerfile b/test/fixtures/dockerfile/any_name/file.Dockerfile index 3a7f648d220..991a057479f 100644 --- a/test/fixtures/dockerfile/any_name/file.Dockerfile +++ b/test/fixtures/dockerfile/any_name/file.Dockerfile @@ -5,6 +5,6 @@ ARG BASE_IMAGE=ubuntu:22.04 FROM alpine:3.19 AS builder -COPY .. . +COPY . . HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ "executable" ] diff --git a/test/fixtures/dockerfile/case_insensitive_tests/file.Dockerfile b/test/fixtures/dockerfile/case_insensitive_tests/file.Dockerfile index b93539d734f..66464c06378 100644 --- a/test/fixtures/dockerfile/case_insensitive_tests/file.Dockerfile +++ b/test/fixtures/dockerfile/case_insensitive_tests/file.Dockerfile @@ -5,6 +5,6 @@ arg BASE_IMAGE=ubuntu:22.04 from alpine:3.19 as builder -copy .. . +copy . . healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ "executable" ] From 1d3bc443fe4cd8f74cb01e898a1c7af91011f7cd Mon Sep 17 00:00:00 2001 From: Andre Pereira <219305055+cx-andre-pereira@users.noreply.github.com> Date: Thu, 19 Mar 2026 17:53:04 +0000 Subject: [PATCH 29/29] Final E2E fix --- ...06_RESULT.json => E2E_CLI_105_RESULT.json} | 0 e2e/fixtures/E2E_CLI_106_PAYLOAD.json | 3496 ++++++++--------- 2 files changed, 1748 insertions(+), 1748 deletions(-) rename e2e/fixtures/{E2E_CLI_106_RESULT.json => E2E_CLI_105_RESULT.json} (100%) diff --git a/e2e/fixtures/E2E_CLI_106_RESULT.json b/e2e/fixtures/E2E_CLI_105_RESULT.json similarity index 100% rename from e2e/fixtures/E2E_CLI_106_RESULT.json rename to e2e/fixtures/E2E_CLI_105_RESULT.json diff --git a/e2e/fixtures/E2E_CLI_106_PAYLOAD.json b/e2e/fixtures/E2E_CLI_106_PAYLOAD.json index af2b57b0775..9587df8b5a4 100644 --- a/e2e/fixtures/E2E_CLI_106_PAYLOAD.json +++ b/e2e/fixtures/E2E_CLI_106_PAYLOAD.json @@ -1,1750 +1,1750 @@ { - "document": [ - { - "args": [], - "command": { - "openjdk:10-jdk": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM openjdk:10-jdk", - "SubCmd": "", - "Value": [ - "openjdk:10-jdk" - ], - "_kics_line": 1 - }, - { - "Cmd": "volume", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "VOLUME /tmp", - "SubCmd": "", - "Value": [ - "/tmp" - ], - "_kics_line": 2 - }, - { - "Cmd": "add", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "ADD http://source.file/package.file.tar.gz /temp", - "SubCmd": "", - "Value": [ - "http://source.file/package.file.tar.gz", - "/temp" - ], - "_kics_line": 3 - }, - { - "Cmd": "run", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "RUN tar -xjf /temp/package.file.tar.gz", - "SubCmd": "", - "Value": [ - "tar -xjf /temp/package.file.tar.gz" - ], - "_kics_line": 4 - }, - { - "Cmd": "arg", - "EndLine": 5, - "Flags": [], - "JSON": false, - "Original": "ARG JAR_FILE", - "SubCmd": "", - "Value": [ - "JAR_FILE" - ], - "_kics_line": 5 - }, - { - "Cmd": "add", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "ADD ${JAR_FILE} app.jar", - "SubCmd": "", - "Value": [ - "${JAR_FILE}", - "app.jar" - ], - "_kics_line": 6 - }, - { - "Cmd": "entrypoint", - "EndLine": 7, - "Flags": [], - "JSON": true, - "Original": "ENTRYPOINT [\"java\",\"-Djava.security.egd=file:/dev/./urandom\",\"-jar\",\"/app.jar\"]", - "SubCmd": "", - "Value": [ - "java", - "-Djava.security.egd=file:/dev/./urandom", - "-jar", - "/app.jar" - ], - "_kics_line": 7 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 13, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 13 - }, - { - "Cmd": "copy", - "EndLine": 15, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 15 - }, - { - "Cmd": "healthcheck", - "EndLine": 17, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 17 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "ARG VERSION=1.0", - "SubCmd": "", - "Value": [ - "VERSION=1.0" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "ARG BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "ARG VERSION=1.0", - "SubCmd": "", - "Value": [ - "VERSION=1.0" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "ARG BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "ARG VERSION=1.0", - "SubCmd": "", - "Value": [ - "VERSION=1.0" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "ARG BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "ARG BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "ARG JAR_FILE", - "SubCmd": "", - "Value": [ - "JAR_FILE" - ], - "_kics_line": 4 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 6 - }, - { - "Cmd": "copy", - "EndLine": 8, - "Flags": [], - "JSON": false, - "Original": "COPY .. .", - "SubCmd": "", - "Value": [ - "..", - "." - ], - "_kics_line": 8 - }, - { - "Cmd": "healthcheck", - "EndLine": 10, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 10 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "ARG BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 6 - }, - { - "Cmd": "copy", - "EndLine": 8, - "Flags": [], - "JSON": false, - "Original": "COPY .. .", - "SubCmd": "", - "Value": [ - "..", - "." - ], - "_kics_line": 8 - }, - { - "Cmd": "healthcheck", - "EndLine": 10, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 10 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "ARG BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 1 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "COPY .. .", - "SubCmd": "", - "Value": [ - "..", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "ARG BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 1 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 3 - }, - { - "Cmd": "copy", - "EndLine": 5, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 5 - }, - { - "Cmd": "healthcheck", - "EndLine": 7, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 7 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 as builder": [ - { - "Cmd": "from", - "EndLine": 13, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 as builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "as", - "builder" - ], - "_kics_line": 13 - }, - { - "Cmd": "copy", - "EndLine": 15, - "Flags": [], - "JSON": false, - "Original": "copy . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 15 - }, - { - "Cmd": "healthcheck", - "EndLine": 17, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 17 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "arg VERSION=1.0", - "SubCmd": "", - "Value": [ - "VERSION=1.0" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "arg BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 as builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 as builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "as", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "copy . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "arg VERSION=1.0", - "SubCmd": "", - "Value": [ - "VERSION=1.0" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "arg BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 as builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 as builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "as", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "copy . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "arg VERSION=1.0", - "SubCmd": "", - "Value": [ - "VERSION=1.0" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "arg BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 as builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 as builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "as", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "copy . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "arg BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 1 - }, - { - "Cmd": "arg", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "arg JAR_FILE", - "SubCmd": "", - "Value": [ - "JAR_FILE" - ], - "_kics_line": 4 - } - ], - "command": { - "alpine:3.19 as builder": [ - { - "Cmd": "from", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 as builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "as", - "builder" - ], - "_kics_line": 6 - }, - { - "Cmd": "copy", - "EndLine": 8, - "Flags": [], - "JSON": false, - "Original": "copy .. .", - "SubCmd": "", - "Value": [ - "..", - "." - ], - "_kics_line": 8 - }, - { - "Cmd": "healthcheck", - "EndLine": 10, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 10 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "arg BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 2 - } - ], - "command": { - "alpine:3.19 as builder": [ - { - "Cmd": "from", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 as builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "as", - "builder" - ], - "_kics_line": 6 - }, - { - "Cmd": "copy", - "EndLine": 8, - "Flags": [], - "JSON": false, - "Original": "copy .. .", - "SubCmd": "", - "Value": [ - "..", - "." - ], - "_kics_line": 8 - }, - { - "Cmd": "healthcheck", - "EndLine": 10, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 10 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "arg BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 1 - } - ], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 4, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 4 - }, - { - "Cmd": "copy", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "copy .. .", - "SubCmd": "", - "Value": [ - "..", - "." - ], - "_kics_line": 6 - }, - { - "Cmd": "healthcheck", - "EndLine": 8, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 8 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "arg", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "arg BASE_IMAGE=ubuntu:22.04", - "SubCmd": "", - "Value": [ - "BASE_IMAGE=ubuntu:22.04" - ], - "_kics_line": 1 - } - ], - "command": { - "alpine:3.19 as builder": [ - { - "Cmd": "from", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "from alpine:3.19 as builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "as", - "builder" - ], - "_kics_line": 3 - }, - { - "Cmd": "copy", - "EndLine": 5, - "Flags": [], - "JSON": false, - "Original": "copy . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 5 - }, - { - "Cmd": "healthcheck", - "EndLine": 7, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "cmd", - "executable" - ], - "_kics_line": 7 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:latest": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:latest", - "SubCmd": "", - "Value": [ - "alpine:latest" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "COPY {{ file_path }} /test", - "SubCmd": "", - "Value": [ - "{{", - "file_path", - "}}", - "/test" - ], - "_kics_line": 3 - }, - { - "Cmd": "run", - "EndLine": 5, - "Flags": [], - "JSON": false, - "Original": "RUN echo \"failure\"", - "SubCmd": "", - "Value": [ - "echo \"failure\"" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 3 - }, - { - "Cmd": "healthcheck", - "EndLine": 5, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 3 - }, - { - "Cmd": "healthcheck", - "EndLine": 5, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 3 - }, - { - "Cmd": "healthcheck", - "EndLine": 5, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 3 - }, - { - "Cmd": "healthcheck", - "EndLine": 5, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 3 - }, - { - "Cmd": "healthcheck", - "EndLine": 5, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [], - "command": { - "alpine:3.19 AS builder": [ - { - "Cmd": "from", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "FROM alpine:3.19 AS builder", - "SubCmd": "", - "Value": [ - "alpine:3.19", - "AS", - "builder" - ], - "_kics_line": 1 - }, - { - "Cmd": "copy", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "COPY . .", - "SubCmd": "", - "Value": [ - ".", - "." - ], - "_kics_line": 3 - }, - { - "Cmd": "healthcheck", - "EndLine": 5, - "Flags": [ - "--interval=30s", - "--timeout=30s", - "--start-period=5s", - "--retries=3" - ], - "JSON": true, - "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", - "SubCmd": "", - "Value": [ - "CMD", - "executable" - ], - "_kics_line": 5 - } - ] - }, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "package", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "package main", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 1 - }, - { - "Cmd": "import", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "import \"fmt\"", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 3 - }, - { - "Cmd": "func", - "EndLine": 5, - "Flags": [], - "JSON": false, - "Original": "func main() {", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 5 - }, - { - "Cmd": "fmt.println(\"hello,", - "EndLine": 6, - "Flags": [], - "JSON": false, - "Original": "fmt.Println(\"Hello, World!\")", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 6 - }, - { - "Cmd": "}", - "EndLine": 7, - "Flags": null, - "JSON": false, - "Original": "}", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 7 - } - ], - "command": {}, - "file": "file", - "id": "0" - }, - { - "args": [ - { - "Cmd": "public", - "EndLine": 1, - "Flags": [], - "JSON": false, - "Original": "public class HelloWorld {", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 1 - }, - { - "Cmd": "public", - "EndLine": 2, - "Flags": [], - "JSON": false, - "Original": "public static void main(String[] args) {", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 2 - }, - { - "Cmd": "system.out.println(\"hello,", - "EndLine": 3, - "Flags": [], - "JSON": false, - "Original": "System.out.println(\"Hello, World!\");", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 3 - }, - { - "Cmd": "}", - "EndLine": 4, - "Flags": null, - "JSON": false, - "Original": "}", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 4 - }, - { - "Cmd": "}", - "EndLine": 5, - "Flags": null, - "JSON": false, - "Original": "}", - "SubCmd": "", - "Value": [ - "" - ], - "_kics_line": 5 - } - ], - "command": {}, - "file": "file", - "id": "0" - } - ] + "document": [ + { + "args": [], + "command": { + "openjdk:10-jdk": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM openjdk:10-jdk", + "SubCmd": "", + "Value": [ + "openjdk:10-jdk" + ], + "_kics_line": 1 + }, + { + "Cmd": "volume", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "VOLUME /tmp", + "SubCmd": "", + "Value": [ + "/tmp" + ], + "_kics_line": 2 + }, + { + "Cmd": "add", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "ADD http://source.file/package.file.tar.gz /temp", + "SubCmd": "", + "Value": [ + "http://source.file/package.file.tar.gz", + "/temp" + ], + "_kics_line": 3 + }, + { + "Cmd": "run", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "RUN tar -xjf /temp/package.file.tar.gz", + "SubCmd": "", + "Value": [ + "tar -xjf /temp/package.file.tar.gz" + ], + "_kics_line": 4 + }, + { + "Cmd": "arg", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "ARG JAR_FILE", + "SubCmd": "", + "Value": [ + "JAR_FILE" + ], + "_kics_line": 5 + }, + { + "Cmd": "add", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "ADD ${JAR_FILE} app.jar", + "SubCmd": "", + "Value": [ + "${JAR_FILE}", + "app.jar" + ], + "_kics_line": 6 + }, + { + "Cmd": "entrypoint", + "EndLine": 7, + "Flags": [], + "JSON": true, + "Original": "ENTRYPOINT [\"java\",\"-Djava.security.egd=file:/dev/./urandom\",\"-jar\",\"/app.jar\"]", + "SubCmd": "", + "Value": [ + "java", + "-Djava.security.egd=file:/dev/./urandom", + "-jar", + "/app.jar" + ], + "_kics_line": 7 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 13, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 13 + }, + { + "Cmd": "copy", + "EndLine": 15, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 15 + }, + { + "Cmd": "healthcheck", + "EndLine": 17, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 17 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "ARG JAR_FILE", + "SubCmd": "", + "Value": [ + "JAR_FILE" + ], + "_kics_line": 4 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 6 + }, + { + "Cmd": "copy", + "EndLine": 8, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 8 + }, + { + "Cmd": "healthcheck", + "EndLine": 10, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 10 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 6 + }, + { + "Cmd": "copy", + "EndLine": 8, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 8 + }, + { + "Cmd": "healthcheck", + "EndLine": 10, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 10 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "COPY .. .", + "SubCmd": "", + "Value": [ + "..", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "ARG BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 3 + }, + { + "Cmd": "copy", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 5 + }, + { + "Cmd": "healthcheck", + "EndLine": 7, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 7 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 13, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 13 + }, + { + "Cmd": "copy", + "EndLine": 15, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 15 + }, + { + "Cmd": "healthcheck", + "EndLine": 17, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 17 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg VERSION=1.0", + "SubCmd": "", + "Value": [ + "VERSION=1.0" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + }, + { + "Cmd": "arg", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "arg JAR_FILE", + "SubCmd": "", + "Value": [ + "JAR_FILE" + ], + "_kics_line": 4 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 6 + }, + { + "Cmd": "copy", + "EndLine": 8, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 8 + }, + { + "Cmd": "healthcheck", + "EndLine": 10, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 10 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 2 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 6 + }, + { + "Cmd": "copy", + "EndLine": 8, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 8 + }, + { + "Cmd": "healthcheck", + "EndLine": 10, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 10 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + } + ], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 4, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 4 + }, + { + "Cmd": "copy", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "copy .. .", + "SubCmd": "", + "Value": [ + "..", + "." + ], + "_kics_line": 6 + }, + { + "Cmd": "healthcheck", + "EndLine": 8, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 8 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "arg", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "arg BASE_IMAGE=ubuntu:22.04", + "SubCmd": "", + "Value": [ + "BASE_IMAGE=ubuntu:22.04" + ], + "_kics_line": 1 + } + ], + "command": { + "alpine:3.19 as builder": [ + { + "Cmd": "from", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "from alpine:3.19 as builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "as", + "builder" + ], + "_kics_line": 3 + }, + { + "Cmd": "copy", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "copy . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 5 + }, + { + "Cmd": "healthcheck", + "EndLine": 7, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "healthcheck --interval=30s --timeout=30s --start-period=5s --retries=3 cmd [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "cmd", + "executable" + ], + "_kics_line": 7 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:latest": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:latest", + "SubCmd": "", + "Value": [ + "alpine:latest" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY {{ file_path }} /test", + "SubCmd": "", + "Value": [ + "{{", + "file_path", + "}}", + "/test" + ], + "_kics_line": 3 + }, + { + "Cmd": "run", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "RUN echo \"failure\"", + "SubCmd": "", + "Value": [ + "echo \"failure\"" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [], + "command": { + "alpine:3.19 AS builder": [ + { + "Cmd": "from", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "FROM alpine:3.19 AS builder", + "SubCmd": "", + "Value": [ + "alpine:3.19", + "AS", + "builder" + ], + "_kics_line": 1 + }, + { + "Cmd": "copy", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "COPY . .", + "SubCmd": "", + "Value": [ + ".", + "." + ], + "_kics_line": 3 + }, + { + "Cmd": "healthcheck", + "EndLine": 5, + "Flags": [ + "--interval=30s", + "--timeout=30s", + "--start-period=5s", + "--retries=3" + ], + "JSON": true, + "Original": "HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 CMD [ \"executable\" ]", + "SubCmd": "", + "Value": [ + "CMD", + "executable" + ], + "_kics_line": 5 + } + ] + }, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "package", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "package main", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 1 + }, + { + "Cmd": "import", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "import \"fmt\"", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 3 + }, + { + "Cmd": "func", + "EndLine": 5, + "Flags": [], + "JSON": false, + "Original": "func main() {", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 5 + }, + { + "Cmd": "fmt.println(\"hello,", + "EndLine": 6, + "Flags": [], + "JSON": false, + "Original": "fmt.Println(\"Hello, World!\")", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 6 + }, + { + "Cmd": "}", + "EndLine": 7, + "Flags": null, + "JSON": false, + "Original": "}", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 7 + } + ], + "command": {}, + "file": "file", + "id": "0" + }, + { + "args": [ + { + "Cmd": "public", + "EndLine": 1, + "Flags": [], + "JSON": false, + "Original": "public class HelloWorld {", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 1 + }, + { + "Cmd": "public", + "EndLine": 2, + "Flags": [], + "JSON": false, + "Original": "public static void main(String[] args) {", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 2 + }, + { + "Cmd": "system.out.println(\"hello,", + "EndLine": 3, + "Flags": [], + "JSON": false, + "Original": "System.out.println(\"Hello, World!\");", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 3 + }, + { + "Cmd": "}", + "EndLine": 4, + "Flags": null, + "JSON": false, + "Original": "}", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 4 + }, + { + "Cmd": "}", + "EndLine": 5, + "Flags": null, + "JSON": false, + "Original": "}", + "SubCmd": "", + "Value": [ + "" + ], + "_kics_line": 5 + } + ], + "command": {}, + "file": "file", + "id": "0" + } + ] }