kics icon indicating copy to clipboard operation
kics copied to clipboard

Published 20 hours ago verified publisher icon Checkmarx

Update "COPY '--from' Without FROM Alias Defined Previously" query for Docker, allow external images

Open malte-laukoetter opened this issue 2 years ago • 1 comments

Platform

Docker

Query

68a51e22-ae5a-4d48-8e87-b01a323605c9

Description

Currently, this query detects an issue when a COPY instruction references another docker image using --from and this image is not defined in the same Dockerfile as part of a multi-step build. The --from flag of the COPY instruction can also be used to reference external Docker images (https://docs.docker.com/develop/develop-images/multistage-build/#use-an-external-image-as-a-stage). This query should not raise an issue in this case.

Source

Some Dockerfiles for the official nats image uses this to copy files between the different versions of their docker images and kics reports that this query fails: https://github.com/nats-io/nats-docker/blob/9095670eefc7c5af2ba6400a42ff88097b018c70/2.7.4/scratch/Dockerfile

malte-laukoetter avatar Apr 02 '22 11:04 malte-laukoetter

Hello Lergin, thank you for being so attentive! I have refactored the query in question in this PR, thank you for your time!

cxAndreFelicidade avatar May 02 '22 14:05 cxAndreFelicidade