gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity

fix: Fix example dockerfile rego policy (#2460)

Browse Source
This commit is contained in:
Liam Galvin
2022-07-05 15:46:27 +01:00
committed by GitHub
parent e778ac3e21
commit e77cfd6487
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
examples/misconf/custom-policy/dockerfile/policy/from.rego
View File

@@ -11,7 +11,7 @@ __rego_metadata__ := {
__rego_input__ := {"selector": [{"type": "dockerfile"}]}
deny[res] {
add := input.stages[_][_]
add := input.Stages[_].Commands[_]
add.Cmd == "add"
startswith(add.Value[0], "http://")

8
examples/misconf/custom-policy/dockerfile/policy/from_test.rego
View File

@@ -1,21 +1,21 @@
package user.dockerfile.ID002
test_http_denied {
r := deny with input as {"stages": {"alpine:3.13": [
r := deny with input as {"Stages": [{"Name": "alpine:3.31", "Commands": [
{"Cmd": "from", "Value": ["alpine:3.13"]},
{"Cmd": "add", "Value": ["http://example.com/big.tar.xz", "/usr/src/things/"]},
{"Cmd": "run", "Value": ["tar -xJf /usr/src/things/big.tar.xz -C /usr/src/things"]},
]}}
]}]}
count(r) == 1
r[_] == "HTTP not allowed: 'http://example.com/big.tar.xz'"
}
test_http_allowed {
r := deny with input as {"stages": {"alpine:3.13": [
r := deny with input as {"Stages": [{"Name": "alpine:3.31", "Commands": [
{"Cmd": "from", "Value": ["alpine:3.13"]},
{"Cmd": "add", "Value": ["https://example.com/big.tar.xz", "/usr/src/things/"]},
]}}
]}]}
count(r) == 0
}