github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/docker/lib/docker.rego (about) 1 # METADATA 2 # custom: 3 # input: 4 # selector: 5 # - type: dockerfile 6 package lib.docker 7 8 from[instruction] { 9 instruction := input.Stages[_].Commands[_] 10 instruction.Cmd == "from" 11 } 12 13 add[instruction] { 14 instruction := input.Stages[_].Commands[_] 15 instruction.Cmd == "add" 16 } 17 18 run[instruction] { 19 instruction := input.Stages[_].Commands[_] 20 instruction.Cmd == "run" 21 } 22 23 copy[instruction] { 24 instruction := input.Stages[_].Commands[_] 25 instruction.Cmd == "copy" 26 } 27 28 stage_copies[stage] = copies { 29 stage := input.Stages[_] 30 copies := [copy | copy := stage.Commands[_]; copy.Cmd == "copy"] 31 } 32 33 entrypoint[instruction] { 34 instruction := input.Stages[_].Commands[_] 35 instruction.Cmd == "entrypoint" 36 } 37 38 stage_entrypoints[stage] = entrypoints { 39 stage := input.Stages[_] 40 entrypoints := [entrypoint | entrypoint := stage.Commands[_]; entrypoint.Cmd == "entrypoint"] 41 } 42 43 stage_cmd[stage] = cmds { 44 stage := input.Stages[_] 45 cmds := [cmd | cmd := stage.Commands[_]; cmd.Cmd == "cmd"] 46 } 47 48 stage_healthcheck[stage] = hlthchecks { 49 stage := input.Stages[_] 50 hlthchecks := [hlthcheck | hlthcheck := stage.Commands[_]; hlthcheck.Cmd == "healthcheck"] 51 } 52 53 stage_user[stage] = users { 54 stage := input.Stages[_] 55 users := [cmd | cmd := stage.Commands[_]; cmd.Cmd == "user"] 56 } 57 58 expose[instruction] { 59 instruction := input.Stages[_].Commands[_] 60 instruction.Cmd == "expose" 61 } 62 63 user[instruction] { 64 instruction := input.Stages[_].Commands[_] 65 instruction.Cmd == "user" 66 } 67 68 workdir[instruction] { 69 instruction := input.Stages[_].Commands[_] 70 instruction.Cmd == "workdir" 71 } 72 73 healthcheck[instruction] { 74 instruction := input.Stages[_].Commands[_] 75 instruction.Cmd == "healthcheck" 76 }