-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathpatterns.go
More file actions
31 lines (29 loc) · 1.01 KB
/
patterns.go
File metadata and controls
31 lines (29 loc) · 1.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
package container
import (
"regexp"
)
// DefaultPatterns returns the default dangerous patterns to detect in Dockerfiles
func DefaultPatterns() []Pattern {
return []Pattern{
{
Name: "copy_all_to_root",
Pattern: regexp.MustCompile(`(?i)^COPY\s+\./?(\s+/\s*)?$`),
Description: "Copies entire working directory to root - exposes all files including secrets",
},
{
Name: "copy_all_anywhere",
Pattern: regexp.MustCompile(`(?i)^COPY\s+(\./?|\*|\.\/\*|\.\*)(\s+|$)`),
Description: "Copies entire working directory into container - may expose sensitive files",
},
{
Name: "add_all_to_root",
Pattern: regexp.MustCompile(`(?i)^ADD\s+\./?(\s+/\s*)?$`),
Description: "Adds entire working directory to root - exposes all files including secrets",
},
{
Name: "add_all_anywhere",
Pattern: regexp.MustCompile(`(?i)^ADD\s+(\./?|\*|\.\/\*|\.\*)(\s+|$)`),
Description: "Adds entire working directory into container - may expose sensitive files",
},
}
}