Add support for variables inbase image name

[LvffY]

Context

Because we want to analyse some multistage docker builds or just use variables in the process, we'd like kics to analyse correctly our variables.

Expected Behavior

(Which results are expected from KICS?)

Kics should send an error on the tag latest of the image

Actual Behavior

(Formatted logs and samples helps us to better understand the issue)

With the right variables, kics could miss some warnings on tags of the base image.

Steps to Reproduce the Problem

(Command line arguments and flags used)

1. Have the following dockerfile :

# syntax=docker/dockerfile:1
ARG BASE_IMAGE=alpine
ARG BASE_IMAGE_TAG=latest

FROM ${BASE_IMAGE}:${BASE_IMAGE_TAG} as main

2. Run kics analysis

docker run -t -v "$PWD/kics":/path checkmarx/kics scan -p "/path" -o "/path/"

3. You do not get the following warning Image Version Using 'latest', Severity: MEDIUM

While you get the warning with the following docker file :

# syntax=docker/dockerfile:1
ARG BASE_IMAGE=alpine

FROM ${BASE_IMAGE}:latest as main

[rafaela-soares]

Hello, @LvffY!

Thank you so much for noticing and reporting! We are fixing it in PR #5621 😊

[rafaela-soares]

@LvffY, do you mind if we use your sample for unit test purposes?

[kaplanlior]

@LvffY, do you mind if we use your sample for unit test purposes?

Good idea.... If so, please approve we can use them under Apache 2.0 license.

[LvffY]

@kaplanlior @rafaela-soares No problem for me, you can use it for test purposes under Apache license :)

[rafaela-soares]

Thank you so much, @LvffY!