github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/docker/policies/same_alias_in_different_froms.rego (about) 1 # METADATA 2 # title: "Duplicate aliases defined in different FROMs" 3 # description: "Different FROMs can't have the same alias defined." 4 # scope: package 5 # schemas: 6 # - input: schema["dockerfile"] 7 # related_resources: 8 # - https://docs.docker.com/develop/develop-images/multistage-build/ 9 # custom: 10 # id: DS012 11 # avd_id: AVD-DS-0012 12 # severity: CRITICAL 13 # short_code: no-duplicate-alias 14 # recommended_action: "Change aliases to make them different" 15 # input: 16 # selector: 17 # - type: dockerfile 18 package builtin.dockerfile.DS012 19 20 import data.lib.docker 21 22 get_duplicate_alias[output] { 23 output1 := get_aliased_name[_] 24 output2 := get_aliased_name[_] 25 output1.arg != output2.arg 26 27 [_, alias1] := regex.split(`\s+as\s+`, output1.arg) 28 [_, alias2] := regex.split(`\s+as\s+`, output2.arg) 29 alias1 == alias2 30 output1.cmd.StartLine < output2.cmd.StartLine # avoid duplicates 31 output := { 32 "alias": alias1, 33 "cmd": output1.cmd, 34 } 35 } 36 37 get_aliased_name[output] { 38 stage := input.Stages[_] 39 name := stage.Name 40 41 cmd := stage.Commands[0] 42 43 arg = lower(name) 44 contains(arg, " as ") 45 output := { 46 "arg": arg, 47 "cmd": cmd, 48 } 49 } 50 51 deny[res] { 52 output := get_duplicate_alias[_] 53 msg := sprintf("Duplicate aliases '%s' are found in different FROMs", [output.alias]) 54 res := result.new(msg, output.cmd) 55 }