Skip to content

fix(query): fix fn in password and secrets Dockerfile ENV variable cases #7503

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jun 30, 2025
Merged

fix(query): fix fn in password and secrets Dockerfile ENV variable cases #7503

merged 6 commits into from
Jun 30, 2025

Conversation

cx-eduardo-semanas
Copy link
Contributor

Reason for Proposed Changes

  • The query currently only catches hardcoded passwords with "=" or ":" between key and value.
  • However, in Dockerfiles is possible to define environment variables with the "=" omitted (ex., ENV PASSWORD testPassword).

Proposed Changes

  • Added new Passwords and Secrets query for Dockerfile ENV hardcoded password with omitted equals cases

I submit this contribution under the Apache-2.0 license.

@cx-eduardo-semanas
Added ne Passwords and Secrets query for Dockerfile ENV hardcoded pas…
b4ba934 
…sword with omitted equals cases, and corresponding negative and positive test cases
@cx-eduardo-semanas cx-eduardo-semanas requested a review from a team as a code owner June 23, 2025 16:00
@github-actions github-actions bot added query New query feature dockerfile labels Jun 23, 2025
@github-actions GitHub Actions
Copy link
Contributor

kics-logo

KICS version: v2.1.7

Category Results
CRITICAL CRITICAL 0
HIGH HIGH 0
MEDIUM MEDIUM 0
LOW LOW 0
INFO INFO 0
TRACE TRACE 0
TOTAL TOTAL 0
Metric Values
Files scanned placeholder 1
Files parsed placeholder 1
Files failed to scan placeholder 0
Total executed queries placeholder 47
Queries failed to execute placeholder 0
Execution time placeholder 0

cx-artur-ribeiro
cx-artur-ribeiro approved these changes Jun 25, 2025
View reviewed changes
Copy link
Contributor

@cx-artur-ribeiro cx-artur-ribeiro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cx-miguel-silva cx-miguel-silva merged commit 430c444 into master Jun 30, 2025
31 of 36 checks passed
@cx-miguel-silva cx-miguel-silva deleted the ast-82101 branch June 30, 2025 16:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cx-miguel-silva cx-miguel-silva cx-miguel-silva approved these changes

@cx-artur-ribeiro cx-artur-ribeiro cx-artur-ribeiro approved these changes

Assignees

@cx-eduardo-semanas cx-eduardo-semanas

Labels
dockerfile query New query feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cx-eduardo-semanas @cx-miguel-silva @cx-artur-ribeiro