dockerfile_lint - npm Package Compare versions

sample_rules/security_rules.yaml

48

bin/functions.js

		@@ -5,2 +5,3 @@ /**
		'use strict';
		var builder = require('junit-report-builder');
		var util = require('util');
		@@ -91,4 +92,51 @@

		function makeJunitTestCase(suite, type, entry) {
		var lineContent = "";
		if (entry.lineContent) {
		var line = entry.line ? ("Line " + entry.line + ":") : "Line 0:";
		lineContent = line + " -> " + entry.lineContent + ". ";
		}
		var message = entry.message ? entry.message : " ";
		var ref_url = getRefUrl(entry.reference_url);
		var description = entry.description ? entry.description + " \| " : "";
		description = lineContent + message + ". " + description + "Reference -> " + ref_url;

		suite.testCase()
		.className(type)
		.name(message)
		.failure(description);
		}

		function printJunitResults(results) {
		// Create a test suite
		var suite = builder.testSuite().name('dockerfile_lint');

		// Get test results
		var errors = results.error;
		var warn = results.warn;
		var info = results.info;

		// Convert test results to JUnit test cases
		if (errors && errors.data && errors.data.length > 0) {
		errors.data.forEach(function (entry) {
		makeJunitTestCase(suite, "ERROR", entry);
		});
		}
		if (warn && warn.data && warn.data.length > 0) {
		warn.data.forEach(function (entry) {
		makeJunitTestCase(suite, "INFO", entry);
		});
		}
		if (info && info.data && info.data.length > 0) {
		info.data.forEach(function (entry) {
		makeJunitTestCase(suite, "WARNING", entry);
		});
		}

		console.log(builder.build());
		}

		module.exports.printResults = printResults;
		module.exports.printJsonResults = printJsonResults;
		module.exports.printJunitResults = printJunitResults;
		module.exports.getContent = getContent;

30

lib/parser.js

		@@ -12,2 +12,4 @@ // parser.js
		var TOKEN_COMMENT = RegExp(/^#.*$/);
		// # dockerfile_lint ignore \| # dockerfile_lint - ignore \| # dockerfile_lint = ignore
		var TOKEN_INLINE_IGNORE = RegExp(/^#.dockerfile_lint[ ]\W[ ]ignore.$/);
		var errDockerfileNotStringArray = new Error('When using JSON array syntax, ' + 'arrays must be comprised of strings only.');
		@@ -448,2 +450,3 @@
		var includeComments = options && options['includeComments'];
		var ignoreNextCommand = false;

		@@ -475,6 +478,27 @@ for (i = 0; i < lines.length; i++) {
		parseResult = parseLine(line, lineno);
		if (parseResult.command) {
		if (parseResult.command.name !== 'COMMENT' \|\| includeComments) {
		commands.push(parseResult.command);
		//
		// Implement and inline ignore functionality
		// Add a check to see if the comment contains dockerfile_lint and ignore,
		// if it does, ignore the next command by setting a flag that we check
		// right after calling parseLine().
		//
		if(parseResult.command) {
		if (lines[i].match(TOKEN_INLINE_IGNORE)) {
		ignoreNextCommand = true;
		}
		else {
		if(parseResult.command.name !== 'COMMENT' \|\| includeComments) {
		//
		// If an "ignore the next command comment" (i.e. an inline ignore) was found
		// then skip checking this command and reset the flag.
		//
		if(ignoreNextCommand === false) {
		commands.push(parseResult.command);
		}
		else {
		console.log("IGNORING STATEMENT: " + parseResult.command.raw)
		ignoreNextCommand = false;
		}
		}
		}
		}
		@@ -481,0 +505,0 @@ partialLine = parseResult.partialLine;

8

package.json

		{
		"name": "dockerfile_lint",
		"version": "0.3.3",
		"version": "0.3.4",
		"description": "Utility for linting a docker file against accepted good practices",
		@@ -30,7 +30,9 @@ "main": "index.js",
		"dockerode": "^2.2.9",
		"js-yaml": "~3.2.2",
		"js-yaml": "~3.13.1",
		"junit-report-builder": "^2.1.0",
		"lodash": "^2.4.2",
		"winston": "^2.1.1"
		"winston": "^2.4.5"
		},
		"devDependencies": {
		"fast-xml-parser": "^3.17.4",
		"mocha": "~2.0.1",
		@@ -37,0 +39,0 @@ "pre-commit": "^1.1.2",

24

README.md

		@@ -34,7 +34,7 @@ [![NPM](https://nodei.co/npm/dockerfile_lint.png?downloads=true&downloadRank=true&stars=true)](https://nodei.co/npm/dockerfile_lint/)

		docker run -it --rm --privileged -v $PWD:/root/ \
		docker run -it --rm -v $PWD:/root/ \
		projectatomic/dockerfile-lint \
		dockerfile_lint [-f Dockerfile]

		docker run -it --rm --privileged -v $PWD:/root/ \
		docker run -it --rm -v $PWD:/root/ \
		-v /var/run/docker.sock:/var/run/docker.sock \
		@@ -51,3 +51,3 @@ projectatomic/dockerfile-lint \

		docker run -it --rm --privileged -v $PWD:/root/ \
		docker run -it --rm -v $PWD:/root/ \
		projectatomic/dockerfile-lint \
		@@ -126,2 +126,11 @@ dockerfile_lint -p -f Dockerfile

		## Inline Ignore Instructions
		The user can tell dockerfile_lint to ignore a specific comand line inside a Dockerfile by placing a comment containing the word "dockerfile_lint" followed by the word "ignore", separated by a space, or a space and a dash/equals sign, above the command in the Dockerfile to be ignored.
		```
		# Add is required <for some previously approved reason documented here>
		# dockerfile_lint - ignore
		ADD http://example.com/big.tar.xz /usr/src/things/
		```
		The above inline ignore would cause dockerfile_lint to skip processing the ADD command that follows it. This allows the writing of strict rules in order to catch when best practices are not followed, while still being able to explicitly override the check on a case by case basis if a valid reason exists.

		# Library Usage
		@@ -138,5 +147,5 @@
		var fs = require('fs');
		var rulefile = fs.readFileSync('/path/to/rulefile', 'utf8');
		var rulefile = '/path/to/rulefile';
		var DockerFileValidator = require('dockerfile_lint');
		var validator = new DockeFileValidator(rulefile);
		var validator = new DockerFileValidator(rulefile);
		var result = validator.validate(dockerfile);
		@@ -170,2 +179,7 @@ ```

		To display results as JUnit XML file use the `-u` option:
		```
		dockerfile_lint -u -f /path/to/dockerfile [ -r /path/to/rule/file]
		```

		Command Help:
		@@ -172,0 +186,0 @@ ```

25

test/integration/exec.spec.js

		@@ -9,4 +9,4 @@ 'use strict';
		var binScript = path.join('bin', 'dockerfile_lint')
		var parser = require('fast-xml-parser');


		describe('The dockerfile_lint command', function () {
		@@ -97,2 +97,25 @@

		it('should exit with code 1 and error message when using both --json and --junit options ', function (done) {
		var p = exec('node ' + binScript + ' --junit --json -f test/data/dockerfiles/TestLabels',
		function (err, stdout, stderr) {
		should(stderr).be.equal("ERROR: result format options (\"--json and --junit\") cannot be used together, please choose one only\n")
		});
		p.on('exit', function (code) {
		code.should.eql(1);
		done();
		});
		});

		it('should output valid XML when in --junit mode', function (done) {
		var p = exec('node ' + binScript + ' --junit -f test/data/dockerfiles/TestLabels -p -r test/data/rules/basic.yaml',
		function (err, stdout, stderr) {
		should(parser.validate(stdout)).be.ok;
		});
		p.on('exit', function (code) {
		code.should.eql(0);
		done();
		});
		});


		});

32

test/unit/parser.spec.js

		@@ -53,2 +53,34 @@ 'use strict';

		it('should correctly ignore commands preceeded by an inline ignore', function () {
		var options = {
		includeComments: false
		};
		var contents = 'FROM ubuntu:latest\n'
		+ '#Comment1\n'
		+ '# dockerfile_lint - ignore\n'
		+ 'RUN echo done\n'
		+ "LABEL two=3 'one two'=4 three="
		+ '#Comment2\n'
		+ '#Comment3 \n';
		var commands = parser.parse(contents, options);
		commands.length.should.eql(2);

		});

		it('should not ignore commands preceeded by an comment about the inline ignore functionality', function () {
		var options = {
		includeComments: false
		};
		var contents = 'FROM ubuntu:latest\n'
		+ '#Comment1\n'
		+ '# dockerfile_lint comment about inline ignore\n'
		+ 'RUN echo done\n'
		+ "LABEL two=3 'one two'=4 three="
		+ '#Comment2\n'
		+ '#Comment3 \n';
		var commands = parser.parse(contents, options);
		commands.length.should.eql(3);

		});

		it('should correctly report errors', function () {
		@@ -55,0 +87,0 @@ var options = {

.travis.yml

Sorry, the diff of this file is not supported yet

bin/dockerfile_lint

Sorry, the diff of this file is not supported yet

dockerfile_lint - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes