Checkmarx · cx-andre-pereira · Mar 11, 2026 · Mar 11, 2026 · Mar 11, 2026 · Mar 12, 2026
@@ -4,7 +4,7 @@ package testcases
 // should perform the scan successfully detect ansible and return result 40
 func init() { //nolint
 	testSample := TestCase{
-		Name: "should perform a valid scan and and detect ansible [E2E-CLI-075]",
+		Name: "should perform a valid scan and detect ansible [E2E-CLI-075]",
 		Args: args{
 			Args: []cmdArgs{
 				[]string{"scan", "-o", "/path/e2e/output",

@@ -0,0 +1,31 @@
+package testcases
+
+// E2E-CLI-106 - KICS  scan
+// should perform the scan successfully detect all valid dockerfile documents and return result 50
+func init() { //nolint
+	testSample := TestCase{
+		Name: "should perform a valid scan with all dockerfile documents parsed [E2E-CLI-106]",
+		Args: args{
+			Args: []cmdArgs{
+				[]string{"scan", "-o", "/path/e2e/output",
+					"--output-name", "E2E_CLI_106_RESULT",
+					"-p", "/path/test/fixtures/dockerfile",
+					"-p", "/path/test/fixtures/negative_dockerfile",
+					"--payload-path", "/path/e2e/output/E2E_CLI_106_PAYLOAD.json",
+				},
+			},
+			ExpectedResult: []ResultsValidation{
+				{
+					ResultsFile:    "E2E_CLI_106_RESULT",
+					ResultsFormats: []string{"json"},
+				},
+			},
+			ExpectedPayload: []string{
+				"E2E_CLI_106_PAYLOAD.json",
+			},
+		},
+		WantStatus: []int{50},
+	}
+
+	Tests = append(Tests, testSample)
+}
@@ -98,22 +98,20 @@ var (
 	listKeywordsGoogleDeployment = []string{"resources"}
 	armRegexTypes                = []string{"blueprint", "templateArtifact", "roleAssignmentArtifact", "policyAssignmentArtifact"}
 	possibleFileTypes            = map[string]bool{
-		".yml":               true,
-		".yaml":              true,
-		".json":              true,
-		".dockerfile":        true,
-		"Dockerfile":         true,
-		"possibleDockerfile": true,
-		".debian":            true,
-		".ubi8":              true,
-		".tf":                true,
-		"tfvars":             true,
-		".proto":             true,
-		".sh":                true,
-		".cfg":               true,
-		".conf":              true,
-		".ini":               true,
-		".bicep":             true,
+		".yml":        true,
+		".yaml":       true,
+		".json":       true,
+		".dockerfile": true,
+		".debian":     true,
+		".ubi8":       true,
+		".tf":         true,
+		"tfvars":      true,
+		".proto":      true,
+		".sh":         true,
+		".cfg":        true,
+		".conf":       true,
+		".ini":        true,
+		".bicep":      true,
 	}
 	supportedRegexes = map[string][]string{
 		"azureresourcemanager": append(armRegexTypes, arm),
@@ -430,26 +428,18 @@ func (a *analyzerInfo) worker( //nolint: gocyclo
 	}()
 
 	ext, errExt := utils.GetExtension(a.filePath)
+
 	if errExt == nil {
 		linesCount, _ := utils.LineCounter(a.filePath, a.fallbackMinifiedFileLOC)
 
 		switch ext {
-		// Dockerfile (direct identification)
-		case ".dockerfile", "Dockerfile":
+		// Dockerfile
+		case ".dockerfile":
 			if a.isAvailableType(dockerfile) {
 				results <- dockerfile
 				locCount <- linesCount
 				fileInfo <- fileTypeInfo{filePath: a.filePath, fileType: dockerfile, locCount: linesCount}
 			}
-		// Dockerfile (indirect identification)
-		case "possibleDockerfile", ".ubi8", ".debian":
-			if a.isAvailableType(dockerfile) && isDockerfile(a.filePath) {
-				results <- dockerfile
-				locCount <- linesCount
-				fileInfo <- fileTypeInfo{filePath: a.filePath, fileType: dockerfile, locCount: linesCount}
-			} else {
-				unwanted <- a.filePath
-			}
 		// Terraform
 		case ".tf", "tfvars":
 			if a.isAvailableType(terraform) {
@@ -487,30 +477,6 @@ func (a *analyzerInfo) worker( //nolint: gocyclo
 	}
 }
 
-func isDockerfile(path string) bool {
-	content, err := os.ReadFile(filepath.Clean(path))
-	if err != nil {
-		log.Error().Msgf("failed to analyze file: %s", err)
-		return false
-	}
-
-	regexes := []*regexp.Regexp{
-		regexp.MustCompile(`\s*FROM\s*`),
-		regexp.MustCompile(`\s*RUN\s*`),
-	}
-
-	check := true
-
-	for _, regex := range regexes {
-		if !regex.Match(content) {
-			check = false
-			break
-		}
-	}
-
-	return check
-}
-
 // overrides k8s match when all regexes pass for azureresourcemanager key and extension is set to json
 func needsOverride(check bool, returnType, key, ext string) bool {
 	if check && returnType == kubernetes && key == arm && ext == json {

@@ -151,7 +151,6 @@ func TestAnalyzer_Analyze(t *testing.T) {
 			wantExclude: []string{
 				filepath.FromSlash("../../test/fixtures/gitignore/positive.dockerfile"),
 				filepath.FromSlash("../../test/fixtures/gitignore/secrets.tf"),
-				filepath.FromSlash("../../test/fixtures/gitignore/gitignore"),
 			},
 			typesFromFlag:        []string{""},
 			excludeTypesFromFlag: []string{""},
@@ -167,7 +166,7 @@ func TestAnalyzer_Analyze(t *testing.T) {
 				filepath.FromSlash("../../test/fixtures/gitignore"),
 			},
 			wantTypes:            []string{"dockerfile", "kubernetes", "terraform"},
-			wantExclude:          []string{filepath.FromSlash("../../test/fixtures/gitignore/gitignore")},
+			wantExclude:          []string{},
 			typesFromFlag:        []string{""},
 			excludeTypesFromFlag: []string{""},
 			wantLOC:              42,

@@ -59,7 +59,7 @@ func (p *Parser) Parse(_ string, fileContent []byte) ([]model.Document, []int, e
 	for _, child := range parsed.AST.Children {
 		child.Value = strings.ToLower(child.Value)
 		if child.Value == "from" {
-			fromValue = strings.TrimPrefix(child.Original, "FROM ")
+			fromValue = child.Original[5:]
 		}
 
 		if ignoreStruct.getIgnoreComments(child) {
@@ -133,7 +133,7 @@ func (p *Parser) GetKind() model.FileKind {
 
 // SupportedExtensions returns Dockerfile extensions
 func (p *Parser) SupportedExtensions() []string {
-	return []string{"Dockerfile", ".dockerfile", ".ubi8", ".debian", "possibleDockerfile"}
+	return []string{".dockerfile", ".ubi8", ".debian"}
 }
 
 // SupportedTypes returns types supported by this parser, which are dockerfile

@@ -17,7 +17,7 @@ func TestParser_GetKind(t *testing.T) {
 // TestParser_SupportedExtensions tests the functions [SupportedExtensions()] and all the methods called by them
 func TestParser_SupportedExtensions(t *testing.T) {
 	p := &Parser{}
-	require.Equal(t, []string{"Dockerfile", ".dockerfile", ".ubi8", ".debian", "possibleDockerfile"}, p.SupportedExtensions())
+	require.Equal(t, []string{".dockerfile", ".ubi8", ".debian"}, p.SupportedExtensions())
 }
 
 // TestParser_SupportedExtensions tests the functions [SupportedTypes()] and all the methods called by them
@@ -235,3 +235,46 @@ func TestParser_GetResolvedFiles(t *testing.T) {
 		})
 	}
 }
+
+// TestParser_Parse_CaseInsensitive tests that the parser handles Dockerfile commands
+// in a case-insensitive manner
+func TestParser_Parse_CaseInsensitive(t *testing.T) {
+	p := &Parser{}
+	// baseline sample
+	upper := `
+FROM alpine:3.18
+RUN echo "hello"
+`
+	lower := `
+from alpine:3.18
+run echo "hello"
+`
+	mixed := `
+fRoM alpine:3.18
+rUn echo "hello"
+`
+
+	docUpper, _, err := p.Parse("Dockerfile", []byte(upper))
+	require.NoError(t, err)
+	require.Len(t, docUpper, 1)
+	cmdsUpper := docUpper[0]["command"].(map[string]interface{})["alpine:3.18"].([]interface{})
+
+	docLower, _, err := p.Parse("Dockerfile", []byte(lower))
+	require.NoError(t, err)
+	require.Len(t, docLower, 1)
+	cmdsLower := docLower[0]["command"].(map[string]interface{})["alpine:3.18"].([]interface{})
+	require.Len(t, cmdsUpper, len(cmdsLower))
+
+	docMixed, _, err := p.Parse("Dockerfile", []byte(mixed))
+	require.NoError(t, err)
+	require.Len(t, docMixed, 1)
+	cmdsMixed := docMixed[0]["command"].(map[string]interface{})["alpine:3.18"].([]interface{})
+	require.Len(t, cmdsUpper, len(cmdsMixed))
+
+	for i := range cmdsUpper {
+		require.Equal(t, cmdsUpper[i].(map[string]interface{})["Cmd"], cmdsMixed[i].(map[string]interface{})["Cmd"])
+		require.Equal(t, cmdsUpper[i].(map[string]interface{})["Value"], cmdsMixed[i].(map[string]interface{})["Value"])
+		require.Equal(t, cmdsUpper[i].(map[string]interface{})["Cmd"], cmdsLower[i].(map[string]interface{})["Cmd"])
+		require.Equal(t, cmdsUpper[i].(map[string]interface{})["Value"], cmdsLower[i].(map[string]interface{})["Value"])
+	}
+}
@@ -94,7 +94,6 @@ func TestParser_SupportedExtensions(t *testing.T) {
 	require.Contains(t, extensions, ".tf")
 	require.Contains(t, extensions, ".yaml")
 	require.Contains(t, extensions, ".dockerfile")
-	require.Contains(t, extensions, "Dockerfile")
 }
 
 func initilizeBuilder() []*Parser {

@@ -95,7 +95,7 @@ func getPayload(filePath string, content []byte, openAPIResolveReferences bool,
 	var err error
 
 	switch ext {
-	case ".dockerfile", "Dockerfile", "possibleDockerfile", ".ubi8", ".debian":
+	case ".dockerfile", ".ubi8", ".debian":
 		p, err = parser.NewBuilder().Add(&dockerParser.Parser{}).Build([]string{""}, []string{""})
 
 	case terraformExtension:

@@ -14,9 +14,7 @@ import (
 
 // GetExtension gets the extension of a file path
 func GetExtension(path string) (string, error) {
-	targets := []string{"Dockerfile", "tfvars"}
-
-	// Get file information
+	extDockerfile := ".dockerfile"
 	fileInfo, err := os.Stat(path)
 	if err != nil {
 		return "", fmt.Errorf("file %s not found", path)
@@ -26,35 +24,54 @@ func GetExtension(path string) (string, error) {
 		return "", fmt.Errorf("the path %s is a directory", path)
 	}
 
+	if ext, ok := isDockerfileExtension(path, extDockerfile); ok {
+		return ext, nil
+	}
+
 	ext := filepath.Ext(path)
-	if ext == "" {
-		base := filepath.Base(path)
+	switch ext {
+	case ".ubi8", ".debian":
+		if readPossibleDockerFile(path) {
+			return extDockerfile, nil
+		}
+	case "":
+		if filepath.Base(path) == "tfvars" {
+			return ".tfvars", nil
+		}
+		isText, err := isTextFile(path)
+		if err != nil {
+			return "", err
+		}
+		if isText && readPossibleDockerFile(path) {
+			return extDockerfile, nil
+		}
+	}
+	return ext, nil
+}
 
-		if Contains(base, targets) {
-			ext = base
-		} else {
-			isText, err := isTextFile(path)
+func isDockerfileExtension(path, extDockerfile string) (string, bool) {
+	base := filepath.Base(path)
+	d := "dockerfile"
 
-			if err != nil {
-				return "", err
-			}
+	lower := strings.ToLower(base)
+	if lower == d || strings.HasPrefix(lower, "dockerfile.") {
+		return extDockerfile, true
+	}
 
-			if isText {
-				if readPossibleDockerFile(path) {
-					ext = "possibleDockerfile"
-				}
-			}
-		}
+	if strings.EqualFold(filepath.Ext(path), extDockerfile) {
+		return extDockerfile, true
 	}
 
-	return ext, nil
+	dir := strings.ToLower(filepath.Base(filepath.Dir(path)))
+	if (dir == "docker" || dir == d || dir == "dockerfiles") && readPossibleDockerFile(path) {
+		return extDockerfile, true
+	}
+
+	return "", false
 }
 
 func readPossibleDockerFile(path string) bool {
 	path = filepath.Clean(path)
-	if strings.HasSuffix(path, "gitignore") {
-		return true
-	}
 	file, err := os.Open(path)
 	if err != nil {
 		return false
@@ -68,12 +85,14 @@ func readPossibleDockerFile(path string) bool {
 	scanner := bufio.NewScanner(file)
 	// Read lines from the file
 	for scanner.Scan() {
-		if strings.HasPrefix(scanner.Text(), "FROM") {
-			return true
-		} else if strings.HasPrefix(scanner.Text(), "#") {
+		if strings.HasPrefix(scanner.Text(), "#") || strings.HasPrefix(strings.ToLower(scanner.Text()), "arg") || scanner.Text() == "" {
 			continue
 		} else {
-			return false
+			if strings.HasPrefix(strings.ToLower(scanner.Text()), "from ") {
+				return true
+			} else {
+				return false
+			}
 		}
 	}
 	return false