@opensip-cli/checks-universal 0.1.10 → 0.1.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -2
- package/dist/__tests__/all-checks-execute.test.d.ts.map +1 -1
- package/dist/__tests__/all-checks-execute.test.js +0 -1
- package/dist/__tests__/all-checks-execute.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-10.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-10.test.js +0 -1
- package/dist/__tests__/behavior-fixtures-10.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-11.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-11.test.js +0 -1
- package/dist/__tests__/behavior-fixtures-11.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-12.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-12.test.js +0 -1
- package/dist/__tests__/behavior-fixtures-12.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-2.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-2.test.js +0 -1
- package/dist/__tests__/behavior-fixtures-2.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-3.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-3.test.js +0 -1
- package/dist/__tests__/behavior-fixtures-3.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-4.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-4.test.js +0 -1
- package/dist/__tests__/behavior-fixtures-4.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-5.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-5.test.js +0 -1
- package/dist/__tests__/behavior-fixtures-5.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-6.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-6.test.js +0 -1
- package/dist/__tests__/behavior-fixtures-6.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-7.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-7.test.js +0 -1
- package/dist/__tests__/behavior-fixtures-7.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-8.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-8.test.js +2 -3
- package/dist/__tests__/behavior-fixtures-8.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures-9.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures-9.test.js +0 -1
- package/dist/__tests__/behavior-fixtures-9.test.js.map +1 -1
- package/dist/__tests__/behavior-fixtures.test.d.ts.map +1 -1
- package/dist/__tests__/behavior-fixtures.test.js +10 -9
- package/dist/__tests__/behavior-fixtures.test.js.map +1 -1
- package/dist/__tests__/file-length-limit.test.js +12 -1
- package/dist/__tests__/file-length-limit.test.js.map +1 -1
- package/dist/__tests__/resilience-fp.test.js +42 -0
- package/dist/__tests__/resilience-fp.test.js.map +1 -1
- package/dist/checks/architecture/__tests__/tool-identity-single-source.test.d.ts +2 -0
- package/dist/checks/architecture/__tests__/tool-identity-single-source.test.d.ts.map +1 -0
- package/dist/checks/architecture/__tests__/tool-identity-single-source.test.js +61 -0
- package/dist/checks/architecture/__tests__/tool-identity-single-source.test.js.map +1 -0
- package/dist/checks/architecture/dependencies/no-duplicate-packages.d.ts.map +1 -1
- package/dist/checks/architecture/dependencies/no-duplicate-packages.js +0 -2
- package/dist/checks/architecture/dependencies/no-duplicate-packages.js.map +1 -1
- package/dist/checks/architecture/docker-best-practices-analyze.d.ts +7 -0
- package/dist/checks/architecture/docker-best-practices-analyze.d.ts.map +1 -0
- package/dist/checks/architecture/docker-best-practices-analyze.js +301 -0
- package/dist/checks/architecture/docker-best-practices-analyze.js.map +1 -0
- package/dist/checks/architecture/docker-best-practices-patterns.d.ts +50 -0
- package/dist/checks/architecture/docker-best-practices-patterns.d.ts.map +1 -0
- package/dist/checks/architecture/docker-best-practices-patterns.js +51 -0
- package/dist/checks/architecture/docker-best-practices-patterns.js.map +1 -0
- package/dist/checks/architecture/docker-best-practices.d.ts.map +1 -1
- package/dist/checks/architecture/docker-best-practices.js +1 -367
- package/dist/checks/architecture/docker-best-practices.js.map +1 -1
- package/dist/checks/architecture/docker-ignore-validation.d.ts.map +1 -1
- package/dist/checks/architecture/docker-ignore-validation.js +0 -1
- package/dist/checks/architecture/docker-ignore-validation.js.map +1 -1
- package/dist/checks/architecture/docker-version-sync.d.ts.map +1 -1
- package/dist/checks/architecture/docker-version-sync.js +0 -1
- package/dist/checks/architecture/docker-version-sync.js.map +1 -1
- package/dist/checks/architecture/heavy-import-detection.d.ts.map +1 -1
- package/dist/checks/architecture/heavy-import-detection.js +1 -0
- package/dist/checks/architecture/heavy-import-detection.js.map +1 -1
- package/dist/checks/architecture/index.d.ts +1 -0
- package/dist/checks/architecture/index.d.ts.map +1 -1
- package/dist/checks/architecture/index.js +1 -0
- package/dist/checks/architecture/index.js.map +1 -1
- package/dist/checks/architecture/modules/empty-package-detection.d.ts.map +1 -1
- package/dist/checks/architecture/modules/empty-package-detection.js +0 -3
- package/dist/checks/architecture/modules/empty-package-detection.js.map +1 -1
- package/dist/checks/architecture/modules/interface-implementation-consistency-constants.d.ts +16 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency-constants.d.ts.map +1 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency-constants.js +182 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency-constants.js.map +1 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency-parse.d.ts +23 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency-parse.d.ts.map +1 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency-parse.js +235 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency-parse.js.map +1 -0
- package/dist/checks/architecture/modules/interface-implementation-consistency.d.ts.map +1 -1
- package/dist/checks/architecture/modules/interface-implementation-consistency.js +4 -462
- package/dist/checks/architecture/modules/interface-implementation-consistency.js.map +1 -1
- package/dist/checks/architecture/node-version-consistency.d.ts.map +1 -1
- package/dist/checks/architecture/node-version-consistency.js +0 -2
- package/dist/checks/architecture/node-version-consistency.js.map +1 -1
- package/dist/checks/architecture/project-readme-existence.d.ts.map +1 -1
- package/dist/checks/architecture/project-readme-existence.js +0 -1
- package/dist/checks/architecture/project-readme-existence.js.map +1 -1
- package/dist/checks/architecture/stale-build-artifacts.d.ts.map +1 -1
- package/dist/checks/architecture/stale-build-artifacts.js +0 -1
- package/dist/checks/architecture/stale-build-artifacts.js.map +1 -1
- package/dist/checks/architecture/tool-has-manifest.d.ts.map +1 -1
- package/dist/checks/architecture/tool-has-manifest.js +0 -1
- package/dist/checks/architecture/tool-has-manifest.js.map +1 -1
- package/dist/checks/architecture/tool-identity-single-source.d.ts +23 -0
- package/dist/checks/architecture/tool-identity-single-source.d.ts.map +1 -0
- package/dist/checks/architecture/tool-identity-single-source.js +126 -0
- package/dist/checks/architecture/tool-identity-single-source.js.map +1 -0
- package/dist/checks/architecture/vitest-config-required-with-tests.d.ts.map +1 -1
- package/dist/checks/architecture/vitest-config-required-with-tests.js +0 -1
- package/dist/checks/architecture/vitest-config-required-with-tests.js.map +1 -1
- package/dist/checks/documentation/_directives/fitness.d.ts.map +1 -1
- package/dist/checks/documentation/_directives/fitness.js +7 -52
- package/dist/checks/documentation/_directives/fitness.js.map +1 -1
- package/dist/checks/documentation/_directives/graph.d.ts.map +1 -1
- package/dist/checks/documentation/_directives/graph.js +7 -52
- package/dist/checks/documentation/_directives/graph.js.map +1 -1
- package/dist/checks/documentation/_directives/semgrep.d.ts.map +1 -1
- package/dist/checks/documentation/_directives/semgrep.js +2 -12
- package/dist/checks/documentation/_directives/semgrep.js.map +1 -1
- package/dist/checks/documentation/_directives/shared.d.ts +9 -0
- package/dist/checks/documentation/_directives/shared.d.ts.map +1 -0
- package/dist/checks/documentation/_directives/shared.js +53 -0
- package/dist/checks/documentation/_directives/shared.js.map +1 -0
- package/dist/checks/documentation/_public-api-graph.d.ts +3 -26
- package/dist/checks/documentation/_public-api-graph.d.ts.map +1 -1
- package/dist/checks/documentation/_public-api-graph.js +3 -300
- package/dist/checks/documentation/_public-api-graph.js.map +1 -1
- package/dist/checks/documentation/directive-audit.d.ts.map +1 -1
- package/dist/checks/documentation/directive-audit.js +0 -1
- package/dist/checks/documentation/directive-audit.js.map +1 -1
- package/dist/checks/file-length-limit.d.ts +7 -0
- package/dist/checks/file-length-limit.d.ts.map +1 -1
- package/dist/checks/file-length-limit.js +14 -2
- package/dist/checks/file-length-limit.js.map +1 -1
- package/dist/checks/quality/code-structure/dead-code.d.ts.map +1 -1
- package/dist/checks/quality/code-structure/dead-code.js +0 -1
- package/dist/checks/quality/code-structure/dead-code.js.map +1 -1
- package/dist/checks/quality/dependency-version-consistency.d.ts.map +1 -1
- package/dist/checks/quality/dependency-version-consistency.js +0 -3
- package/dist/checks/quality/dependency-version-consistency.js.map +1 -1
- package/dist/checks/quality/frontend/navigation-typing.d.ts.map +1 -1
- package/dist/checks/quality/frontend/navigation-typing.js +0 -1
- package/dist/checks/quality/frontend/navigation-typing.js.map +1 -1
- package/dist/checks/quality/index.d.ts +1 -0
- package/dist/checks/quality/index.d.ts.map +1 -1
- package/dist/checks/quality/index.js +1 -0
- package/dist/checks/quality/index.js.map +1 -1
- package/dist/checks/quality/linting/eslint-justifications.d.ts.map +1 -1
- package/dist/checks/quality/linting/eslint-justifications.js +1 -1
- package/dist/checks/quality/linting/eslint-justifications.js.map +1 -1
- package/dist/checks/quality/no-raw-regex-on-code.d.ts.map +1 -1
- package/dist/checks/quality/no-raw-regex-on-code.js +2 -3
- package/dist/checks/quality/no-raw-regex-on-code.js.map +1 -1
- package/dist/checks/quality/patterns/__tests__/performance-anti-patterns-fp.test.d.ts +5 -0
- package/dist/checks/quality/patterns/__tests__/performance-anti-patterns-fp.test.d.ts.map +1 -0
- package/dist/checks/quality/patterns/__tests__/performance-anti-patterns-fp.test.js +66 -0
- package/dist/checks/quality/patterns/__tests__/performance-anti-patterns-fp.test.js.map +1 -0
- package/dist/checks/quality/patterns/performance-anti-patterns.d.ts +3 -0
- package/dist/checks/quality/patterns/performance-anti-patterns.d.ts.map +1 -1
- package/dist/checks/quality/patterns/performance-anti-patterns.js +47 -30
- package/dist/checks/quality/patterns/performance-anti-patterns.js.map +1 -1
- package/dist/checks/quality/yagni-ignore-hygiene.d.ts +10 -0
- package/dist/checks/quality/yagni-ignore-hygiene.d.ts.map +1 -0
- package/dist/checks/quality/yagni-ignore-hygiene.js +87 -0
- package/dist/checks/quality/yagni-ignore-hygiene.js.map +1 -0
- package/dist/checks/quality/yagni-ignore-hygiene.test.d.ts +5 -0
- package/dist/checks/quality/yagni-ignore-hygiene.test.d.ts.map +1 -0
- package/dist/checks/quality/yagni-ignore-hygiene.test.js +37 -0
- package/dist/checks/quality/yagni-ignore-hygiene.test.js.map +1 -0
- package/dist/checks/resilience/batch-operation-limits.d.ts +13 -0
- package/dist/checks/resilience/batch-operation-limits.d.ts.map +1 -0
- package/dist/checks/resilience/batch-operation-limits.js +214 -0
- package/dist/checks/resilience/batch-operation-limits.js.map +1 -0
- package/dist/checks/resilience/batch-operations.d.ts +2 -21
- package/dist/checks/resilience/batch-operations.d.ts.map +1 -1
- package/dist/checks/resilience/batch-operations.js +2 -420
- package/dist/checks/resilience/batch-operations.js.map +1 -1
- package/dist/checks/resilience/dangerous-config-defaults.d.ts.map +1 -1
- package/dist/checks/resilience/dangerous-config-defaults.js +0 -1
- package/dist/checks/resilience/dangerous-config-defaults.js.map +1 -1
- package/dist/checks/resilience/exit-code-correctness.d.ts.map +1 -1
- package/dist/checks/resilience/exit-code-correctness.js +0 -1
- package/dist/checks/resilience/exit-code-correctness.js.map +1 -1
- package/dist/checks/resilience/no-process-exit-in-finally.d.ts.map +1 -1
- package/dist/checks/resilience/no-process-exit-in-finally.js +0 -1
- package/dist/checks/resilience/no-process-exit-in-finally.js.map +1 -1
- package/dist/checks/resilience/readline-cleanup.d.ts.map +1 -1
- package/dist/checks/resilience/readline-cleanup.js +0 -1
- package/dist/checks/resilience/readline-cleanup.js.map +1 -1
- package/dist/checks/resilience/reentrancy-guard.d.ts.map +1 -1
- package/dist/checks/resilience/reentrancy-guard.js +0 -1
- package/dist/checks/resilience/reentrancy-guard.js.map +1 -1
- package/dist/checks/resilience/sentry/_helpers/sentry.d.ts +10 -0
- package/dist/checks/resilience/sentry/_helpers/sentry.d.ts.map +1 -1
- package/dist/checks/resilience/sentry/_helpers/sentry.js +21 -0
- package/dist/checks/resilience/sentry/_helpers/sentry.js.map +1 -1
- package/dist/checks/resilience/sentry/sentry-dsn-configured.d.ts.map +1 -1
- package/dist/checks/resilience/sentry/sentry-dsn-configured.js +8 -23
- package/dist/checks/resilience/sentry/sentry-dsn-configured.js.map +1 -1
- package/dist/checks/resilience/sentry/sentry-environment-set.d.ts.map +1 -1
- package/dist/checks/resilience/sentry/sentry-environment-set.js +8 -20
- package/dist/checks/resilience/sentry/sentry-environment-set.js.map +1 -1
- package/dist/checks/resilience/sentry/sentry-release-set.d.ts.map +1 -1
- package/dist/checks/resilience/sentry/sentry-release-set.js +8 -20
- package/dist/checks/resilience/sentry/sentry-release-set.js.map +1 -1
- package/dist/checks/resilience/service-patterns.d.ts.map +1 -1
- package/dist/checks/resilience/service-patterns.js +0 -1
- package/dist/checks/resilience/service-patterns.js.map +1 -1
- package/dist/checks/resilience/unbounded-memory.d.ts +13 -0
- package/dist/checks/resilience/unbounded-memory.d.ts.map +1 -0
- package/dist/checks/resilience/unbounded-memory.js +274 -0
- package/dist/checks/resilience/unbounded-memory.js.map +1 -0
- package/dist/checks/security/csp-headers.d.ts.map +1 -1
- package/dist/checks/security/csp-headers.js +0 -1
- package/dist/checks/security/csp-headers.js.map +1 -1
- package/dist/checks/security/hasura-production-config.d.ts.map +1 -1
- package/dist/checks/security/hasura-production-config.js +0 -1
- package/dist/checks/security/hasura-production-config.js.map +1 -1
- package/dist/checks/security/jwt-validation.d.ts.map +1 -1
- package/dist/checks/security/jwt-validation.js +0 -2
- package/dist/checks/security/jwt-validation.js.map +1 -1
- package/dist/checks/security/package-supply-chain-policy.d.ts.map +1 -1
- package/dist/checks/security/package-supply-chain-policy.js +9 -16
- package/dist/checks/security/package-supply-chain-policy.js.map +1 -1
- package/dist/checks/security/semgrep-scan.d.ts.map +1 -1
- package/dist/checks/security/semgrep-scan.js +0 -1
- package/dist/checks/security/semgrep-scan.js.map +1 -1
- package/dist/checks/security/use-centralized-crypto.d.ts.map +1 -1
- package/dist/checks/security/use-centralized-crypto.js +2 -3
- package/dist/checks/security/use-centralized-crypto.js.map +1 -1
- package/dist/checks/testing/test-convention-consistency.d.ts.map +1 -1
- package/dist/checks/testing/test-convention-consistency.js +0 -2
- package/dist/checks/testing/test-convention-consistency.js.map +1 -1
- package/dist/checks/testing/test-file-naming.d.ts.map +1 -1
- package/dist/checks/testing/test-file-naming.js +0 -1
- package/dist/checks/testing/test-file-naming.js.map +1 -1
- package/dist/checks/testing/test-file-pairing.d.ts.map +1 -1
- package/dist/checks/testing/test-file-pairing.js +3 -7
- package/dist/checks/testing/test-file-pairing.js.map +1 -1
- package/dist/display/architecture.d.ts.map +1 -1
- package/dist/display/architecture.js +1 -0
- package/dist/display/architecture.js.map +1 -1
- package/dist/display/quality.d.ts.map +1 -1
- package/dist/display/quality.js +1 -0
- package/dist/display/quality.js.map +1 -1
- package/dist/display/types.d.ts.map +1 -1
- package/dist/display/types.js +0 -1
- package/dist/display/types.js.map +1 -1
- package/package.json +4 -4
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"no-duplicate-packages.js","sourceRoot":"","sources":["../../../../src/checks/architecture/dependencies/no-duplicate-packages.ts"],"names":[],"mappings":"AAAA,0HAA0H;AAC1H
|
|
1
|
+
{"version":3,"file":"no-duplicate-packages.js","sourceRoot":"","sources":["../../../../src/checks/architecture/dependencies/no-duplicate-packages.ts"],"names":[],"mappings":"AAAA,0HAA0H;AAC1H;;GAEG;AAEH,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,WAAW,EAA0C,MAAM,sBAAsB,CAAC;AAuB3F,MAAM,kBAAkB,GAAuB;IAC7C;QACE,QAAQ,EAAE,iBAAiB;QAC3B,YAAY,EAAE,CAAC,aAAa,EAAE,SAAS,EAAE,gBAAgB,EAAE,gBAAgB,CAAC;QAC5E,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,mDAAmD;KAC5D;IACD;QACE,QAAQ,EAAE,WAAW;QACrB,YAAY,EAAE,CAAC,SAAS,EAAE,WAAW,EAAE,SAAS,EAAE,SAAS,CAAC;QAC5D,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,8DAA8D;KACvE;IACD;QACE,QAAQ,EAAE,YAAY;QACtB,YAAY,EAAE,CAAC,aAAa,EAAE,cAAc,EAAE,UAAU,CAAC;QACzD,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,iEAAiE;KAC1E;IACD;QACE,QAAQ,EAAE,QAAQ;QAClB,YAAY,EAAE,CAAC,SAAS,EAAE,gBAAgB,EAAE,WAAW,CAAC;QACxD,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,2DAA2D;KACpE;IACD;QACE,QAAQ,EAAE,SAAS;QACnB,YAAY,EAAE,CAAC,SAAS,EAAE,UAAU,EAAE,MAAM,CAAC;QAC7C,aAAa,EAAE,CAAC;QAChB,WAAW,EAAE,CAAC;QACd,MAAM,EAAE,4DAA4D;KACrE;CACF,CAAC;AAEF,MAAM,iBAAiB,GAAG,CAAC,cAAc,EAAE,WAAW,EAAE,YAAY,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;AAE1F,SAAS,cAAc,CAAC,eAAuB,EAAE,WAAmB;IAClE,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAA2C,CAAC;QAC1E,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC;QACjD,MAAM,YAAY,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;QAE5D,IAAI,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,IAAI,EAAE,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC;YAC3C,IAAI,EAAE,YAAY;YAClB,QAAQ,EAAE,GAAG,CAAC,QAAQ;SACvB,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC;QACP,gEAAgE;QAChE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,cAAc,CAAC,GAAgB,EAAE,QAAkB;IAC1D,iEAAiE;IACjE,2BAA2B;IAC3B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,4FAA4F;IAC5F,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC;IACvD,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACxD,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;QACjB,KAAK,MAAM,OAAO,IAAI,GAAG,CAAC,QAAQ,EAAE,CAAC;YACnC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;gBAAE,OAAO,IAAI,CAAC;QACzD,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,gHAAgH;AAChH,SAAS,qBAAqB,CAAC,QAAuB;IACpD,MAAM,IAAI,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC5C,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,4FAA4F;QAC5F,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC,IAAI,CAAC;QACvD,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC1B,CAAC;IACH,CAAC;IACD,OAAO,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;AAC5B,CAAC;AAED,SAAS,gBAAgB,CAAC,QAAuB;IAC/C,iEAAiE;IACjE,2BAA2B;IAC3B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,OAAO,EAAE,CAAC;IACZ,CAAC;IAED,MAAM,MAAM,GAAqB,EAAE,CAAC;IAEpC,KAAK,MAAM,OAAO,IAAI,kBAAkB,EAAE,CAAC;QACzC,MAAM,QAAQ,GAAG,qBAAqB,CACpC,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,cAAc,CAAC,GAAG,EAAE,OAAO,CAAC,YAAY,CAAC,CAAC,CACpE,CAAC;QACF,IAAI,QAAQ,CAAC,MAAM,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC;gBACV,QAAQ,EAAE,OAAO,CAAC,QAAQ;gBAC1B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,QAAQ,CAAC,MAAM,IAAI,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS;aACvE,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAG,WAAW,CAAC;IAC7C,EAAE,EAAE,sCAAsC;IAC1C,IAAI,EAAE,uBAAuB;IAC7B,IAAI,EAAE,CAAC,cAAc,CAAC;IACtB,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,MAAM,EAAE,YAAY,EAAE,MAAM,CAAC,EAAE,QAAQ,EAAE,CAAC,QAAQ,CAAC,EAAE;IAC1E,aAAa,EAAE,eAAe;IAE9B,UAAU,EAAE,QAAQ;IACpB,WAAW,EAAE,8CAA8C;IAC3D,eAAe,EAAE;;;;;;;;mGAQgF;IACjG,SAAS,EAAE,CAAC,MAAM,CAAC;IAEnB,4JAA4J;IAC5J,KAAK,CAAC,UAAU,CAAC,KAAmB;QAClC,uCAAuC;QACvC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;QAE5F,MAAM,QAAQ,GAAkB,EAAE,CAAC;QAEnC,KAAK,MAAM,eAAe,IAAI,KAAK,CAAC,KAAK,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,cAAc,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC;YAClD,IAAI,IAAI;gBAAE,QAAQ,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC;QAED,MAAM,eAAe,GAAG,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACnD,MAAM,UAAU,GAAqB,EAAE,CAAC;QAExC,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;YACpC,MAAM,YAAY,GAAG,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YACvD,MAAM,SAAS,GAAG,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,IAAI,IAAI,UAAU,CAAC;YAExD,UAAU,CAAC,IAAI,CAAC;gBACd,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,SAAS,EAAE,cAAc,CAAC;gBACnD,IAAI,EAAE,CAAC;gBACP,OAAO,EAAE,aAAa,KAAK,CAAC,QAAQ,cAAc,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,KAAK,CAAC,MAAM,EAAE;gBAC5F,QAAQ,EAAE,KAAK,CAAC,QAAQ;gBACxB,UAAU,EAAE,eAAe,KAAK,CAAC,QAAQ,qHAAqH;gBAC9J,KAAK,EAAE,KAAK,CAAC,QAAQ;gBACrB,IAAI,EAAE,mBAAmB;aAC1B,CAAC,CAAC;QACL,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;CACF,CAAC,CAAC"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Dockerfile analysis logic for docker-best-practices.
|
|
3
|
+
*/
|
|
4
|
+
import { type DockerfileViolation } from './docker-best-practices-patterns.js';
|
|
5
|
+
/** Analyze a Dockerfile for best-practice violations. */
|
|
6
|
+
export declare function analyzeDockerfile(content: string, filePath: string, file: string): DockerfileViolation[];
|
|
7
|
+
//# sourceMappingURL=docker-best-practices-analyze.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"docker-best-practices-analyze.d.ts","sourceRoot":"","sources":["../../../src/checks/architecture/docker-best-practices-analyze.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAgBL,KAAK,mBAAmB,EACzB,MAAM,qCAAqC,CAAC;AA+W7C,yDAAyD;AACzD,wBAAgB,iBAAiB,CAC/B,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,GACX,mBAAmB,EAAE,CAqCvB"}
|
|
@@ -0,0 +1,301 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Dockerfile analysis logic for docker-best-practices.
|
|
3
|
+
*/
|
|
4
|
+
import { APT_UPGRADE_PATTERN, COPY_PATTERN, FROM_IMAGE_PATTERN, FROM_STAGE_PATTERN, NODE_ENV_PROD_PATTERN, NODE_MODULES_FROM_STAGE_PATTERN, PACKAGE_FILE_COPY_PATTERN, PACKAGE_MANAGER_PATTERNS, PKG_INSTALL_PATTERN, PROD_DEPS_FLAG_PATTERN, isRunnerStageName, SECRET_PATTERNS, USER_PATTERN, safeDockerLine, } from './docker-best-practices-patterns.js';
|
|
5
|
+
function checkForSecrets(line, lineNum, file, filePath) {
|
|
6
|
+
const safeLine = safeDockerLine(line);
|
|
7
|
+
for (const pattern of SECRET_PATTERNS) {
|
|
8
|
+
if (pattern.test(safeLine)) {
|
|
9
|
+
return {
|
|
10
|
+
file,
|
|
11
|
+
filePath,
|
|
12
|
+
line: lineNum,
|
|
13
|
+
rule: 'no-hardcoded-secrets',
|
|
14
|
+
message: 'Hardcoded secret detected in Dockerfile',
|
|
15
|
+
severity: 'error',
|
|
16
|
+
suggestion: 'Use build arguments, runtime environment variables, or a secrets manager instead',
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
return null;
|
|
21
|
+
}
|
|
22
|
+
function checkRunCommand(line, lineNum, file, filePath) {
|
|
23
|
+
const violations = [];
|
|
24
|
+
let hasFrozenLockfileViolation = false;
|
|
25
|
+
const safeLine = safeDockerLine(line);
|
|
26
|
+
for (const { pattern, manager, fix } of PACKAGE_MANAGER_PATTERNS) {
|
|
27
|
+
if (pattern.test(safeLine)) {
|
|
28
|
+
hasFrozenLockfileViolation = true;
|
|
29
|
+
violations.push({
|
|
30
|
+
file,
|
|
31
|
+
filePath,
|
|
32
|
+
line: lineNum,
|
|
33
|
+
rule: 'frozen-lockfile',
|
|
34
|
+
message: `${manager} install without frozen lockfile flag`,
|
|
35
|
+
severity: 'error',
|
|
36
|
+
suggestion: `Add ${fix} to ensure reproducible builds`,
|
|
37
|
+
});
|
|
38
|
+
}
|
|
39
|
+
}
|
|
40
|
+
if (APT_UPGRADE_PATTERN.test(safeLine)) {
|
|
41
|
+
violations.push({
|
|
42
|
+
file,
|
|
43
|
+
filePath,
|
|
44
|
+
line: lineNum,
|
|
45
|
+
rule: 'no-apt-upgrade',
|
|
46
|
+
message: 'apt-get upgrade makes builds non-reproducible',
|
|
47
|
+
severity: 'warning',
|
|
48
|
+
suggestion: 'Pin specific package versions instead of upgrading all packages',
|
|
49
|
+
});
|
|
50
|
+
}
|
|
51
|
+
return { violations, hasFrozenLockfileViolation };
|
|
52
|
+
}
|
|
53
|
+
function checkCopyOrder(options) {
|
|
54
|
+
const { line, lineNum, file, filePath, lines, lastFromLine, lineIndex } = options;
|
|
55
|
+
/* v8 ignore next 4 */
|
|
56
|
+
if (!Array.isArray(lines)) {
|
|
57
|
+
return null;
|
|
58
|
+
}
|
|
59
|
+
const safeLine = safeDockerLine(line);
|
|
60
|
+
const copyMatch = COPY_PATTERN.exec(safeLine);
|
|
61
|
+
if (copyMatch?.[1] !== '.' && copyMatch?.[1] !== './')
|
|
62
|
+
return null;
|
|
63
|
+
if (safeLine.includes('--from='))
|
|
64
|
+
return null;
|
|
65
|
+
const stageLines = lines.slice(lastFromLine, lineIndex);
|
|
66
|
+
const hasPackageFileCopy = stageLines.some((l) => PACKAGE_FILE_COPY_PATTERN.test(safeDockerLine(l)));
|
|
67
|
+
const hasNodeModulesFromStage = stageLines.some((l) => NODE_MODULES_FROM_STAGE_PATTERN.test(safeDockerLine(l)));
|
|
68
|
+
if (!hasPackageFileCopy && !hasNodeModulesFromStage) {
|
|
69
|
+
return {
|
|
70
|
+
file,
|
|
71
|
+
filePath,
|
|
72
|
+
line: lineNum,
|
|
73
|
+
rule: 'copy-order',
|
|
74
|
+
message: 'COPY . before copying dependency files',
|
|
75
|
+
severity: 'warning',
|
|
76
|
+
suggestion: 'Copy package.json and lockfile first, run install, then copy source for better layer caching',
|
|
77
|
+
};
|
|
78
|
+
}
|
|
79
|
+
return null;
|
|
80
|
+
}
|
|
81
|
+
function checkCacheMount(line, lineNum, file, filePath) {
|
|
82
|
+
const safeLine = safeDockerLine(line);
|
|
83
|
+
if (PKG_INSTALL_PATTERN.test(safeLine) && !safeLine.includes('--mount=type=cache')) {
|
|
84
|
+
return {
|
|
85
|
+
file,
|
|
86
|
+
filePath,
|
|
87
|
+
line: lineNum,
|
|
88
|
+
rule: 'cache-mount',
|
|
89
|
+
message: 'Package install without BuildKit cache mount',
|
|
90
|
+
severity: 'warning',
|
|
91
|
+
suggestion: 'Add --mount=type=cache,id=pnpm,target=/root/.local/share/pnpm/store to cache the package store across builds',
|
|
92
|
+
};
|
|
93
|
+
}
|
|
94
|
+
return null;
|
|
95
|
+
}
|
|
96
|
+
/* v8 ignore start */
|
|
97
|
+
function processFromLine(line, lineNum, state) {
|
|
98
|
+
state.fromCount++;
|
|
99
|
+
state.lastFromLine = lineNum;
|
|
100
|
+
const safeLine = safeDockerLine(line);
|
|
101
|
+
const match = FROM_IMAGE_PATTERN.exec(safeLine);
|
|
102
|
+
const baseImage = match?.[1] ?? null;
|
|
103
|
+
if (baseImage)
|
|
104
|
+
state.baseImages.push(baseImage);
|
|
105
|
+
const stageMatch = FROM_STAGE_PATTERN.exec(safeLine);
|
|
106
|
+
const stageName = stageMatch?.[1]?.toLowerCase() ?? null;
|
|
107
|
+
if (stageName) {
|
|
108
|
+
state.isInRunnerStage = isRunnerStageName(stageName);
|
|
109
|
+
}
|
|
110
|
+
else if (state.fromCount > 1) {
|
|
111
|
+
state.isInRunnerStage = true;
|
|
112
|
+
}
|
|
113
|
+
if (state.isInRunnerStage) {
|
|
114
|
+
state.runnerStageBaseImage = baseImage;
|
|
115
|
+
state.runnerFromLine = lineNum;
|
|
116
|
+
if (baseImage) {
|
|
117
|
+
const baseImageLower = baseImage.toLowerCase();
|
|
118
|
+
state.runnerInheritsBuildStage = state.stageNames.includes(baseImageLower);
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
if (stageName) {
|
|
122
|
+
state.stageNames.push(stageName);
|
|
123
|
+
}
|
|
124
|
+
}
|
|
125
|
+
function addMissingBestPracticeViolations(file, filePath, lineCount, state) {
|
|
126
|
+
const violations = [];
|
|
127
|
+
const hasMultiStage = state.fromCount >= 2;
|
|
128
|
+
if (!hasMultiStage && state.fromCount > 0) {
|
|
129
|
+
violations.push({
|
|
130
|
+
file,
|
|
131
|
+
filePath,
|
|
132
|
+
line: 1,
|
|
133
|
+
rule: 'multi-stage-build',
|
|
134
|
+
message: 'Dockerfile does not use multi-stage build',
|
|
135
|
+
severity: 'error',
|
|
136
|
+
suggestion: 'Use separate stages for building and running to reduce image size and attack surface',
|
|
137
|
+
});
|
|
138
|
+
}
|
|
139
|
+
if (!state.hasNonRootUser && state.fromCount > 0) {
|
|
140
|
+
violations.push({
|
|
141
|
+
file,
|
|
142
|
+
filePath,
|
|
143
|
+
line: lineCount,
|
|
144
|
+
rule: 'non-root-user',
|
|
145
|
+
message: 'Dockerfile does not specify a non-root user',
|
|
146
|
+
severity: 'error',
|
|
147
|
+
suggestion: String.raw `Add USER directive with a non-root user: RUN addgroup --system app && adduser --system --ingroup app app\nUSER app`,
|
|
148
|
+
});
|
|
149
|
+
}
|
|
150
|
+
if (!state.hasHealthcheck && state.fromCount > 0) {
|
|
151
|
+
violations.push({
|
|
152
|
+
file,
|
|
153
|
+
filePath,
|
|
154
|
+
line: lineCount,
|
|
155
|
+
rule: 'healthcheck',
|
|
156
|
+
message: 'Dockerfile does not include a HEALTHCHECK instruction',
|
|
157
|
+
severity: 'warning',
|
|
158
|
+
suggestion: 'Add HEALTHCHECK to help orchestrators verify container health',
|
|
159
|
+
});
|
|
160
|
+
}
|
|
161
|
+
const runnerUsesNode = state.runnerStageBaseImage?.includes('node') ?? false;
|
|
162
|
+
if (runnerUsesNode && !state.hasNodeEnvProduction) {
|
|
163
|
+
violations.push({
|
|
164
|
+
file,
|
|
165
|
+
filePath,
|
|
166
|
+
line: lineCount,
|
|
167
|
+
rule: 'node-env-production',
|
|
168
|
+
message: 'NODE_ENV=production not set in runtime stage',
|
|
169
|
+
severity: 'warning',
|
|
170
|
+
suggestion: 'Add ENV NODE_ENV=production in the runner stage for Node.js optimizations',
|
|
171
|
+
});
|
|
172
|
+
}
|
|
173
|
+
if (state.runnerCopiesNodeModules && !state.hasProductionDepsFlag) {
|
|
174
|
+
violations.push({
|
|
175
|
+
file,
|
|
176
|
+
filePath,
|
|
177
|
+
line: state.runnerNodeModulesLine,
|
|
178
|
+
rule: 'production-dependencies',
|
|
179
|
+
message: 'Runtime image copies node_modules without production-only dependency resolution',
|
|
180
|
+
severity: 'error',
|
|
181
|
+
suggestion: 'Use "pnpm deploy --prod" to create a production bundle, or add --prod to install command to exclude devDependencies from the runtime image',
|
|
182
|
+
});
|
|
183
|
+
}
|
|
184
|
+
if (state.runnerInheritsBuildStage) {
|
|
185
|
+
violations.push({
|
|
186
|
+
file,
|
|
187
|
+
filePath,
|
|
188
|
+
line: state.runnerFromLine,
|
|
189
|
+
rule: 'no-build-tools-in-runner',
|
|
190
|
+
message: 'Runtime stage inherits from a build stage that may include build tools (pnpm, corepack, etc.)',
|
|
191
|
+
severity: 'warning',
|
|
192
|
+
suggestion: 'Use a clean base image (e.g., node:20-alpine) for the runtime stage instead of inheriting from a build stage',
|
|
193
|
+
});
|
|
194
|
+
}
|
|
195
|
+
return violations;
|
|
196
|
+
}
|
|
197
|
+
/* v8 ignore stop */
|
|
198
|
+
function processUserLine(trimmedLine, state) {
|
|
199
|
+
const safeLine = safeDockerLine(trimmedLine);
|
|
200
|
+
const userMatch = USER_PATTERN.exec(safeLine);
|
|
201
|
+
if (userMatch?.[1] && userMatch[1] !== 'root') {
|
|
202
|
+
state.hasNonRootUser = true;
|
|
203
|
+
}
|
|
204
|
+
}
|
|
205
|
+
function processRunLine(options) {
|
|
206
|
+
const { trimmedLine, lineNum, file, filePath, state, violations } = options;
|
|
207
|
+
const runResult = checkRunCommand(trimmedLine, lineNum, file, filePath);
|
|
208
|
+
violations.push(...runResult.violations);
|
|
209
|
+
if (runResult.hasFrozenLockfileViolation)
|
|
210
|
+
state.hasFrozenLockfile = false;
|
|
211
|
+
const cacheMountViolation = checkCacheMount(trimmedLine, lineNum, file, filePath);
|
|
212
|
+
if (cacheMountViolation)
|
|
213
|
+
violations.push(cacheMountViolation);
|
|
214
|
+
if (PROD_DEPS_FLAG_PATTERN.test(safeDockerLine(trimmedLine))) {
|
|
215
|
+
state.hasProductionDepsFlag = true;
|
|
216
|
+
}
|
|
217
|
+
}
|
|
218
|
+
function processCopyLine(options) {
|
|
219
|
+
const { trimmedLine, lineNum, index, lines, file, filePath, state, violations } = options;
|
|
220
|
+
const copyViolation = checkCopyOrder({
|
|
221
|
+
line: trimmedLine,
|
|
222
|
+
lineNum,
|
|
223
|
+
file,
|
|
224
|
+
filePath,
|
|
225
|
+
lines,
|
|
226
|
+
lastFromLine: state.lastFromLine,
|
|
227
|
+
lineIndex: index,
|
|
228
|
+
});
|
|
229
|
+
if (copyViolation)
|
|
230
|
+
violations.push(copyViolation);
|
|
231
|
+
if (state.isInRunnerStage && NODE_MODULES_FROM_STAGE_PATTERN.test(safeDockerLine(trimmedLine))) {
|
|
232
|
+
state.runnerCopiesNodeModules = true;
|
|
233
|
+
state.runnerNodeModulesLine = lineNum;
|
|
234
|
+
}
|
|
235
|
+
}
|
|
236
|
+
function processDockerfileLine(options) {
|
|
237
|
+
const { line, index, lines, state, violations, file, filePath } = options;
|
|
238
|
+
/* v8 ignore next */
|
|
239
|
+
const trimmedLine = line?.trim() ?? '';
|
|
240
|
+
if (!trimmedLine || trimmedLine.startsWith('#'))
|
|
241
|
+
return;
|
|
242
|
+
const upperLine = trimmedLine.toUpperCase();
|
|
243
|
+
const lineNum = index + 1;
|
|
244
|
+
if (upperLine.startsWith('FROM ')) {
|
|
245
|
+
processFromLine(trimmedLine, lineNum, state);
|
|
246
|
+
}
|
|
247
|
+
if (upperLine.startsWith('USER ')) {
|
|
248
|
+
processUserLine(trimmedLine, state);
|
|
249
|
+
}
|
|
250
|
+
if (upperLine.startsWith('HEALTHCHECK ')) {
|
|
251
|
+
state.hasHealthcheck = true;
|
|
252
|
+
}
|
|
253
|
+
if (NODE_ENV_PROD_PATTERN.test(safeDockerLine(trimmedLine))) {
|
|
254
|
+
state.hasNodeEnvProduction = true;
|
|
255
|
+
}
|
|
256
|
+
const secretViolation = checkForSecrets(trimmedLine, lineNum, file, filePath);
|
|
257
|
+
if (secretViolation)
|
|
258
|
+
violations.push(secretViolation);
|
|
259
|
+
if (upperLine.startsWith('RUN ')) {
|
|
260
|
+
processRunLine({ trimmedLine, lineNum, file, filePath, state, violations });
|
|
261
|
+
}
|
|
262
|
+
if (upperLine.startsWith('COPY ')) {
|
|
263
|
+
processCopyLine({ trimmedLine, lineNum, index, lines, file, filePath, state, violations });
|
|
264
|
+
}
|
|
265
|
+
}
|
|
266
|
+
/** Analyze a Dockerfile for best-practice violations. */
|
|
267
|
+
export function analyzeDockerfile(content, filePath, file) {
|
|
268
|
+
const lines = content.split('\n');
|
|
269
|
+
const violations = [];
|
|
270
|
+
const state = {
|
|
271
|
+
hasNonRootUser: false,
|
|
272
|
+
hasHealthcheck: false,
|
|
273
|
+
hasFrozenLockfile: true,
|
|
274
|
+
hasNodeEnvProduction: false,
|
|
275
|
+
hasProductionDepsFlag: false,
|
|
276
|
+
baseImages: [],
|
|
277
|
+
fromCount: 0,
|
|
278
|
+
isInRunnerStage: false,
|
|
279
|
+
runnerStageBaseImage: null,
|
|
280
|
+
lastFromLine: 0,
|
|
281
|
+
stageNames: [],
|
|
282
|
+
runnerCopiesNodeModules: false,
|
|
283
|
+
runnerNodeModulesLine: 0,
|
|
284
|
+
runnerInheritsBuildStage: false,
|
|
285
|
+
runnerFromLine: 0,
|
|
286
|
+
};
|
|
287
|
+
for (let i = 0; i < lines.length; i++) {
|
|
288
|
+
processDockerfileLine({
|
|
289
|
+
line: lines[i],
|
|
290
|
+
index: i,
|
|
291
|
+
lines,
|
|
292
|
+
state,
|
|
293
|
+
violations,
|
|
294
|
+
file,
|
|
295
|
+
filePath,
|
|
296
|
+
});
|
|
297
|
+
}
|
|
298
|
+
violations.push(...addMissingBestPracticeViolations(file, filePath, lines.length, state));
|
|
299
|
+
return violations;
|
|
300
|
+
}
|
|
301
|
+
//# sourceMappingURL=docker-best-practices-analyze.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"docker-best-practices-analyze.js","sourceRoot":"","sources":["../../../src/checks/architecture/docker-best-practices-analyze.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EACL,mBAAmB,EACnB,YAAY,EACZ,kBAAkB,EAClB,kBAAkB,EAClB,qBAAqB,EACrB,+BAA+B,EAC/B,yBAAyB,EACzB,wBAAwB,EACxB,mBAAmB,EACnB,sBAAsB,EACtB,iBAAiB,EACjB,eAAe,EACf,YAAY,EACZ,cAAc,GAGf,MAAM,qCAAqC,CAAC;AAE7C,SAAS,eAAe,CACtB,IAAY,EACZ,OAAe,EACf,IAAY,EACZ,QAAgB;IAEhB,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,KAAK,MAAM,OAAO,IAAI,eAAe,EAAE,CAAC;QACtC,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,OAAO;gBACL,IAAI;gBACJ,QAAQ;gBACR,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,sBAAsB;gBAC5B,OAAO,EAAE,yCAAyC;gBAClD,QAAQ,EAAE,OAAO;gBACjB,UAAU,EACR,kFAAkF;aACrF,CAAC;QACJ,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CACtB,IAAY,EACZ,OAAe,EACf,IAAY,EACZ,QAAgB;IAEhB,MAAM,UAAU,GAA0B,EAAE,CAAC;IAC7C,IAAI,0BAA0B,GAAG,KAAK,CAAC;IACvC,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IAEtC,KAAK,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,IAAI,wBAAwB,EAAE,CAAC;QACjE,IAAI,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3B,0BAA0B,GAAG,IAAI,CAAC;YAClC,UAAU,CAAC,IAAI,CAAC;gBACd,IAAI;gBACJ,QAAQ;gBACR,IAAI,EAAE,OAAO;gBACb,IAAI,EAAE,iBAAiB;gBACvB,OAAO,EAAE,GAAG,OAAO,uCAAuC;gBAC1D,QAAQ,EAAE,OAAO;gBACjB,UAAU,EAAE,OAAO,GAAG,gCAAgC;aACvD,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,IAAI,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvC,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,gBAAgB;YACtB,OAAO,EAAE,+CAA+C;YACxD,QAAQ,EAAE,SAAS;YACnB,UAAU,EAAE,iEAAiE;SAC9E,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,0BAA0B,EAAE,CAAC;AACpD,CAAC;AAYD,SAAS,cAAc,CAAC,OAA8B;IACpD,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC;IAElF,sBAAsB;IACtB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,KAAK,GAAG,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,KAAK,IAAI;QAAE,OAAO,IAAI,CAAC;IACnE,IAAI,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,IAAI,CAAC;IAE9C,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;IAExD,MAAM,kBAAkB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC/C,yBAAyB,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAClD,CAAC;IAEF,MAAM,uBAAuB,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CACpD,+BAA+B,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CACxD,CAAC;IAEF,IAAI,CAAC,kBAAkB,IAAI,CAAC,uBAAuB,EAAE,CAAC;QACpD,OAAO;YACL,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,wCAAwC;YACjD,QAAQ,EAAE,SAAS;YACnB,UAAU,EACR,8FAA8F;SACjG,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CACtB,IAAY,EACZ,OAAe,EACf,IAAY,EACZ,QAAgB;IAEhB,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,oBAAoB,CAAC,EAAE,CAAC;QACnF,OAAO;YACL,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,8CAA8C;YACvD,QAAQ,EAAE,SAAS;YACnB,UAAU,EACR,8GAA8G;SACjH,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,qBAAqB;AACrB,SAAS,eAAe,CAAC,IAAY,EAAE,OAAe,EAAE,KAAoB;IAC1E,KAAK,CAAC,SAAS,EAAE,CAAC;IAClB,KAAK,CAAC,YAAY,GAAG,OAAO,CAAC;IAC7B,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,KAAK,GAAG,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAChD,MAAM,SAAS,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IACrC,IAAI,SAAS;QAAE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAEhD,MAAM,UAAU,GAAG,kBAAkB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACrD,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,IAAI,IAAI,CAAC;IAEzD,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,CAAC,eAAe,GAAG,iBAAiB,CAAC,SAAS,CAAC,CAAC;IACvD,CAAC;SAAM,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,CAAC,eAAe,GAAG,IAAI,CAAC;IAC/B,CAAC;IAED,IAAI,KAAK,CAAC,eAAe,EAAE,CAAC;QAC1B,KAAK,CAAC,oBAAoB,GAAG,SAAS,CAAC;QACvC,KAAK,CAAC,cAAc,GAAG,OAAO,CAAC;QAE/B,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,cAAc,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;YAC/C,KAAK,CAAC,wBAAwB,GAAG,KAAK,CAAC,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAED,IAAI,SAAS,EAAE,CAAC;QACd,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IACnC,CAAC;AACH,CAAC;AAED,SAAS,gCAAgC,CACvC,IAAY,EACZ,QAAgB,EAChB,SAAiB,EACjB,KAAoB;IAEpB,MAAM,UAAU,GAA0B,EAAE,CAAC;IAC7C,MAAM,aAAa,GAAG,KAAK,CAAC,SAAS,IAAI,CAAC,CAAC;IAE3C,IAAI,CAAC,aAAa,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;QAC1C,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,CAAC;YACP,IAAI,EAAE,mBAAmB;YACzB,OAAO,EAAE,2CAA2C;YACpD,QAAQ,EAAE,OAAO;YACjB,UAAU,EACR,sFAAsF;SACzF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;QACjD,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,eAAe;YACrB,OAAO,EAAE,6CAA6C;YACtD,QAAQ,EAAE,OAAO;YACjB,UAAU,EAAE,MAAM,CAAC,GAAG,CAAA,oHAAoH;SAC3I,CAAC,CAAC;IACL,CAAC;IAED,IAAI,CAAC,KAAK,CAAC,cAAc,IAAI,KAAK,CAAC,SAAS,GAAG,CAAC,EAAE,CAAC;QACjD,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,aAAa;YACnB,OAAO,EAAE,uDAAuD;YAChE,QAAQ,EAAE,SAAS;YACnB,UAAU,EAAE,+DAA+D;SAC5E,CAAC,CAAC;IACL,CAAC;IAED,MAAM,cAAc,GAAG,KAAK,CAAC,oBAAoB,EAAE,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC;IAC7E,IAAI,cAAc,IAAI,CAAC,KAAK,CAAC,oBAAoB,EAAE,CAAC;QAClD,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,SAAS;YACf,IAAI,EAAE,qBAAqB;YAC3B,OAAO,EAAE,8CAA8C;YACvD,QAAQ,EAAE,SAAS;YACnB,UAAU,EAAE,2EAA2E;SACxF,CAAC,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,uBAAuB,IAAI,CAAC,KAAK,CAAC,qBAAqB,EAAE,CAAC;QAClE,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,KAAK,CAAC,qBAAqB;YACjC,IAAI,EAAE,yBAAyB;YAC/B,OAAO,EAAE,iFAAiF;YAC1F,QAAQ,EAAE,OAAO;YACjB,UAAU,EACR,4IAA4I;SAC/I,CAAC,CAAC;IACL,CAAC;IAED,IAAI,KAAK,CAAC,wBAAwB,EAAE,CAAC;QACnC,UAAU,CAAC,IAAI,CAAC;YACd,IAAI;YACJ,QAAQ;YACR,IAAI,EAAE,KAAK,CAAC,cAAc;YAC1B,IAAI,EAAE,0BAA0B;YAChC,OAAO,EACL,+FAA+F;YACjG,QAAQ,EAAE,SAAS;YACnB,UAAU,EACR,8GAA8G;SACjH,CAAC,CAAC;IACL,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AACD,oBAAoB;AAEpB,SAAS,eAAe,CAAC,WAAmB,EAAE,KAAoB;IAChE,MAAM,QAAQ,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;IAC7C,MAAM,SAAS,GAAG,YAAY,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC9C,IAAI,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;QAC9C,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC;IAC9B,CAAC;AACH,CAAC;AAWD,SAAS,cAAc,CAAC,OAA8B;IACpD,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAC5E,MAAM,SAAS,GAAG,eAAe,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IACxE,UAAU,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC;IACzC,IAAI,SAAS,CAAC,0BAA0B;QAAE,KAAK,CAAC,iBAAiB,GAAG,KAAK,CAAC;IAE1E,MAAM,mBAAmB,GAAG,eAAe,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAClF,IAAI,mBAAmB;QAAE,UAAU,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAE9D,IAAI,sBAAsB,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QAC7D,KAAK,CAAC,qBAAqB,GAAG,IAAI,CAAC;IACrC,CAAC;AACH,CAAC;AAaD,SAAS,eAAe,CAAC,OAA+B;IACtD,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC;IAC1F,MAAM,aAAa,GAAG,cAAc,CAAC;QACnC,IAAI,EAAE,WAAW;QACjB,OAAO;QACP,IAAI;QACJ,QAAQ;QACR,KAAK;QACL,YAAY,EAAE,KAAK,CAAC,YAAY;QAChC,SAAS,EAAE,KAAK;KACjB,CAAC,CAAC;IACH,IAAI,aAAa;QAAE,UAAU,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAElD,IAAI,KAAK,CAAC,eAAe,IAAI,+BAA+B,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QAC/F,KAAK,CAAC,uBAAuB,GAAG,IAAI,CAAC;QACrC,KAAK,CAAC,qBAAqB,GAAG,OAAO,CAAC;IACxC,CAAC;AACH,CAAC;AAYD,SAAS,qBAAqB,CAAC,OAAqC;IAClE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAC1E,oBAAoB;IACpB,MAAM,WAAW,GAAG,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC;IACvC,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO;IAExD,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAC5C,MAAM,OAAO,GAAG,KAAK,GAAG,CAAC,CAAC;IAE1B,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,eAAe,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IAC/C,CAAC;IAED,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,eAAe,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;IACtC,CAAC;IAED,IAAI,SAAS,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QACzC,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC;IAC9B,CAAC;IAED,IAAI,qBAAqB,CAAC,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC,EAAE,CAAC;QAC5D,KAAK,CAAC,oBAAoB,GAAG,IAAI,CAAC;IACpC,CAAC;IAED,MAAM,eAAe,GAAG,eAAe,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC9E,IAAI,eAAe;QAAE,UAAU,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAEtD,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;QACjC,cAAc,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,eAAe,CAAC,EAAE,WAAW,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC;IAC7F,CAAC;AACH,CAAC;AAED,yDAAyD;AACzD,MAAM,UAAU,iBAAiB,CAC/B,OAAe,EACf,QAAgB,EAChB,IAAY;IAEZ,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAClC,MAAM,UAAU,GAA0B,EAAE,CAAC;IAE7C,MAAM,KAAK,GAAkB;QAC3B,cAAc,EAAE,KAAK;QACrB,cAAc,EAAE,KAAK;QACrB,iBAAiB,EAAE,IAAI;QACvB,oBAAoB,EAAE,KAAK;QAC3B,qBAAqB,EAAE,KAAK;QAC5B,UAAU,EAAE,EAAE;QACd,SAAS,EAAE,CAAC;QACZ,eAAe,EAAE,KAAK;QACtB,oBAAoB,EAAE,IAAI;QAC1B,YAAY,EAAE,CAAC;QACf,UAAU,EAAE,EAAE;QACd,uBAAuB,EAAE,KAAK;QAC9B,qBAAqB,EAAE,CAAC;QACxB,wBAAwB,EAAE,KAAK;QAC/B,cAAc,EAAE,CAAC;KAClB,CAAC;IAEF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,qBAAqB,CAAC;YACpB,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;YACd,KAAK,EAAE,CAAC;YACR,KAAK;YACL,KAAK;YACL,UAAU;YACV,IAAI;YACJ,QAAQ;SACT,CAAC,CAAC;IACL,CAAC;IAED,UAAU,CAAC,IAAI,CAAC,GAAG,gCAAgC,CAAC,IAAI,EAAE,QAAQ,EAAE,KAAK,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;IAE1F,OAAO,UAAU,CAAC;AACpB,CAAC"}
|
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pre-compiled regex patterns and state types for docker-best-practices.
|
|
3
|
+
*/
|
|
4
|
+
export interface DockerfileViolation {
|
|
5
|
+
file: string;
|
|
6
|
+
filePath: string;
|
|
7
|
+
line: number;
|
|
8
|
+
rule: string;
|
|
9
|
+
message: string;
|
|
10
|
+
severity: 'error' | 'warning';
|
|
11
|
+
suggestion?: string;
|
|
12
|
+
}
|
|
13
|
+
export interface AnalysisState {
|
|
14
|
+
hasNonRootUser: boolean;
|
|
15
|
+
hasHealthcheck: boolean;
|
|
16
|
+
hasFrozenLockfile: boolean;
|
|
17
|
+
hasNodeEnvProduction: boolean;
|
|
18
|
+
hasProductionDepsFlag: boolean;
|
|
19
|
+
baseImages: string[];
|
|
20
|
+
fromCount: number;
|
|
21
|
+
isInRunnerStage: boolean;
|
|
22
|
+
runnerStageBaseImage: string | null;
|
|
23
|
+
lastFromLine: number;
|
|
24
|
+
stageNames: string[];
|
|
25
|
+
runnerCopiesNodeModules: boolean;
|
|
26
|
+
runnerNodeModulesLine: number;
|
|
27
|
+
runnerInheritsBuildStage: boolean;
|
|
28
|
+
runnerFromLine: number;
|
|
29
|
+
}
|
|
30
|
+
export declare function safeDockerLine(line: string): string;
|
|
31
|
+
export declare const SECRET_PATTERNS: RegExp[];
|
|
32
|
+
interface PackageManagerPattern {
|
|
33
|
+
pattern: RegExp;
|
|
34
|
+
manager: string;
|
|
35
|
+
fix: string;
|
|
36
|
+
}
|
|
37
|
+
export declare const PACKAGE_MANAGER_PATTERNS: PackageManagerPattern[];
|
|
38
|
+
export declare const PKG_INSTALL_PATTERN: RegExp;
|
|
39
|
+
export declare const PROD_DEPS_FLAG_PATTERN: RegExp;
|
|
40
|
+
export declare const APT_UPGRADE_PATTERN: RegExp;
|
|
41
|
+
export declare const COPY_PATTERN: RegExp;
|
|
42
|
+
export declare const PACKAGE_FILE_COPY_PATTERN: RegExp;
|
|
43
|
+
export declare const NODE_MODULES_FROM_STAGE_PATTERN: RegExp;
|
|
44
|
+
export declare const FROM_IMAGE_PATTERN: RegExp;
|
|
45
|
+
export declare const FROM_STAGE_PATTERN: RegExp;
|
|
46
|
+
export declare const USER_PATTERN: RegExp;
|
|
47
|
+
export declare const NODE_ENV_PROD_PATTERN: RegExp;
|
|
48
|
+
export declare function isRunnerStageName(stageName: string): boolean;
|
|
49
|
+
export {};
|
|
50
|
+
//# sourceMappingURL=docker-best-practices-patterns.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"docker-best-practices-patterns.d.ts","sourceRoot":"","sources":["../../../src/checks/architecture/docker-best-practices-patterns.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,OAAO,GAAG,SAAS,CAAC;IAC9B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,cAAc,EAAE,OAAO,CAAC;IACxB,cAAc,EAAE,OAAO,CAAC;IACxB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,oBAAoB,EAAE,OAAO,CAAC;IAC9B,qBAAqB,EAAE,OAAO,CAAC;IAC/B,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,eAAe,EAAE,OAAO,CAAC;IACzB,oBAAoB,EAAE,MAAM,GAAG,IAAI,CAAC;IACpC,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,uBAAuB,EAAE,OAAO,CAAC;IACjC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,wBAAwB,EAAE,OAAO,CAAC;IAClC,cAAc,EAAE,MAAM,CAAC;CACxB;AAID,wBAAgB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAKnD;AAaD,eAAO,MAAM,eAAe,UAO3B,CAAC;AAQF,UAAU,qBAAqB;IAC7B,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,eAAO,MAAM,wBAAwB,EAAE,qBAAqB,EAQ3D,CAAC;AAEF,eAAO,MAAM,mBAAmB,QACsC,CAAC;AAEvE,eAAO,MAAM,sBAAsB,QAAgC,CAAC;AAEpE,eAAO,MAAM,mBAAmB,QAA4B,CAAC;AAC7D,eAAO,MAAM,YAAY,QAA0D,CAAC;AACpF,eAAO,MAAM,yBAAyB,QAC0C,CAAC;AACjF,eAAO,MAAM,+BAA+B,QACa,CAAC;AAC1D,eAAO,MAAM,kBAAkB,QAA6B,CAAC;AAC7D,eAAO,MAAM,kBAAkB,QAA6B,CAAC;AAC7D,eAAO,MAAM,YAAY,QAA6B,CAAC;AACvD,eAAO,MAAM,qBAAqB,QAAyC,CAAC;AAI5E,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAE5D"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Pre-compiled regex patterns and state types for docker-best-practices.
|
|
3
|
+
*/
|
|
4
|
+
const MAX_DOCKERFILE_LINE_LENGTH = 2000;
|
|
5
|
+
export function safeDockerLine(line) {
|
|
6
|
+
/* v8 ignore next */
|
|
7
|
+
return line.length > MAX_DOCKERFILE_LINE_LENGTH
|
|
8
|
+
? line.slice(0, MAX_DOCKERFILE_LINE_LENGTH)
|
|
9
|
+
: line;
|
|
10
|
+
}
|
|
11
|
+
const SECRET_API_KEY_PATTERN = /(?:API_KEY|APIKEY|API_SECRET|SECRET_KEY|AUTH_TOKEN|ACCESS_TOKEN)\s{0,10}=\s{0,10}['"]?[\w-]{16,200}/i;
|
|
12
|
+
const SECRET_AWS_PATTERN = /(?:AWS_ACCESS_KEY_ID|AWS_SECRET_ACCESS_KEY)\s{0,10}=\s{0,10}['"]?[\w/+=]{20,200}/i;
|
|
13
|
+
const SECRET_DB_URL_PATTERN = /(?:DATABASE_URL|DB_URL|MONGO_URL|REDIS_URL)\s{0,10}=\s{0,10}['"]?[a-z]{1,20}:\/\/[^:]{1,100}:[^@]{1,100}@/i;
|
|
14
|
+
const SECRET_PASSWORD_PATTERN = /(?:PASSWORD|PASSWD|DB_PASSWORD|ADMIN_PASSWORD)\s{0,10}=\s{0,10}['"]?[^\s'"]{8,200}/i;
|
|
15
|
+
const SECRET_PRIVATE_KEY_PATTERN = /-----BEGIN\s{1,10}(?:RSA\s{1,10})?PRIVATE\s{1,10}KEY-----/;
|
|
16
|
+
const SECRET_JWT_PATTERN = /JWT_SECRET\s{0,10}=\s{0,10}['"]?[\w-]{32,500}/i;
|
|
17
|
+
export const SECRET_PATTERNS = [
|
|
18
|
+
SECRET_API_KEY_PATTERN,
|
|
19
|
+
SECRET_AWS_PATTERN,
|
|
20
|
+
SECRET_DB_URL_PATTERN,
|
|
21
|
+
SECRET_PASSWORD_PATTERN,
|
|
22
|
+
SECRET_PRIVATE_KEY_PATTERN,
|
|
23
|
+
SECRET_JWT_PATTERN,
|
|
24
|
+
];
|
|
25
|
+
const PNPM_INSTALL_PATTERN = /pnpm\s{1,10}install(?!\s{1,10}--frozen-lockfile)/;
|
|
26
|
+
const NPM_INSTALL_PATTERN = /npm\s{1,10}(?:install|ci)(?!\s{1,10}-g)(?!\s{1,10}--global)(?!\s{1,10}--ci)(?!\s{1,10}--frozen-lockfile)/;
|
|
27
|
+
const YARN_INSTALL_PATTERN = /yarn\s{1,10}install(?!\s{1,10}--frozen-lockfile)(?!\s{1,10}--immutable)/;
|
|
28
|
+
export const PACKAGE_MANAGER_PATTERNS = [
|
|
29
|
+
{ pattern: PNPM_INSTALL_PATTERN, manager: 'pnpm', fix: '--frozen-lockfile' },
|
|
30
|
+
{ pattern: NPM_INSTALL_PATTERN, manager: 'npm', fix: '--ci or npm ci' },
|
|
31
|
+
{
|
|
32
|
+
pattern: YARN_INSTALL_PATTERN,
|
|
33
|
+
manager: 'yarn',
|
|
34
|
+
fix: '--frozen-lockfile or --immutable',
|
|
35
|
+
},
|
|
36
|
+
];
|
|
37
|
+
export const PKG_INSTALL_PATTERN = /(?:pnpm|npm|yarn)\s{1,10}install(?!\s{1,10}-g)(?!\s{1,10}--global)/;
|
|
38
|
+
export const PROD_DEPS_FLAG_PATTERN = /(?:--prod\b|--production\b)/;
|
|
39
|
+
export const APT_UPGRADE_PATTERN = /apt-get\s{1,10}upgrade/i;
|
|
40
|
+
export const COPY_PATTERN = /COPY\s{1,10}(?:--from=\S{1,100}\s{1,10})?(\S{1,500})/i;
|
|
41
|
+
export const PACKAGE_FILE_COPY_PATTERN = /COPY\s{1,10}[^\n]{0,500}(?:package\.json|pnpm-lock|yarn\.lock|package-lock)/i;
|
|
42
|
+
export const NODE_MODULES_FROM_STAGE_PATTERN = /COPY\s{1,10}--from=\S{1,100}[^\n]{0,500}node_modules/i;
|
|
43
|
+
export const FROM_IMAGE_PATTERN = /FROM\s{1,10}(\S{1,200})/i;
|
|
44
|
+
export const FROM_STAGE_PATTERN = /\bAS\s{1,10}(\w{1,100})/i;
|
|
45
|
+
export const USER_PATTERN = /USER\s{1,10}(\S{1,100})/i;
|
|
46
|
+
export const NODE_ENV_PROD_PATTERN = /NODE_ENV\s{0,10}=\s{0,10}production/i;
|
|
47
|
+
const RUNNER_STAGE_NAMES = ['runner', 'production', 'prod', 'final', 'runtime'];
|
|
48
|
+
export function isRunnerStageName(stageName) {
|
|
49
|
+
return RUNNER_STAGE_NAMES.includes(stageName);
|
|
50
|
+
}
|
|
51
|
+
//# sourceMappingURL=docker-best-practices-patterns.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"docker-best-practices-patterns.js","sourceRoot":"","sources":["../../../src/checks/architecture/docker-best-practices-patterns.ts"],"names":[],"mappings":"AAAA;;GAEG;AA8BH,MAAM,0BAA0B,GAAG,IAAI,CAAC;AAExC,MAAM,UAAU,cAAc,CAAC,IAAY;IACzC,oBAAoB;IACpB,OAAO,IAAI,CAAC,MAAM,GAAG,0BAA0B;QAC7C,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,0BAA0B,CAAC;QAC3C,CAAC,CAAC,IAAI,CAAC;AACX,CAAC;AAED,MAAM,sBAAsB,GAC1B,sGAAsG,CAAC;AACzG,MAAM,kBAAkB,GACtB,mFAAmF,CAAC;AACtF,MAAM,qBAAqB,GACzB,4GAA4G,CAAC;AAC/G,MAAM,uBAAuB,GAC3B,qFAAqF,CAAC;AACxF,MAAM,0BAA0B,GAAG,2DAA2D,CAAC;AAC/F,MAAM,kBAAkB,GAAG,gDAAgD,CAAC;AAE5E,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,sBAAsB;IACtB,kBAAkB;IAClB,qBAAqB;IACrB,uBAAuB;IACvB,0BAA0B;IAC1B,kBAAkB;CACnB,CAAC;AAEF,MAAM,oBAAoB,GAAG,kDAAkD,CAAC;AAChF,MAAM,mBAAmB,GACvB,0GAA0G,CAAC;AAC7G,MAAM,oBAAoB,GACxB,yEAAyE,CAAC;AAQ5E,MAAM,CAAC,MAAM,wBAAwB,GAA4B;IAC/D,EAAE,OAAO,EAAE,oBAAoB,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,EAAE,mBAAmB,EAAE;IAC5E,EAAE,OAAO,EAAE,mBAAmB,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,gBAAgB,EAAE;IACvE;QACE,OAAO,EAAE,oBAAoB;QAC7B,OAAO,EAAE,MAAM;QACf,GAAG,EAAE,kCAAkC;KACxC;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,mBAAmB,GAC9B,oEAAoE,CAAC;AAEvE,MAAM,CAAC,MAAM,sBAAsB,GAAG,6BAA6B,CAAC;AAEpE,MAAM,CAAC,MAAM,mBAAmB,GAAG,yBAAyB,CAAC;AAC7D,MAAM,CAAC,MAAM,YAAY,GAAG,uDAAuD,CAAC;AACpF,MAAM,CAAC,MAAM,yBAAyB,GACpC,8EAA8E,CAAC;AACjF,MAAM,CAAC,MAAM,+BAA+B,GAC1C,uDAAuD,CAAC;AAC1D,MAAM,CAAC,MAAM,kBAAkB,GAAG,0BAA0B,CAAC;AAC7D,MAAM,CAAC,MAAM,kBAAkB,GAAG,0BAA0B,CAAC;AAC7D,MAAM,CAAC,MAAM,YAAY,GAAG,0BAA0B,CAAC;AACvD,MAAM,CAAC,MAAM,qBAAqB,GAAG,sCAAsC,CAAC;AAE5E,MAAM,kBAAkB,GAAG,CAAC,QAAQ,EAAE,YAAY,EAAE,MAAM,EAAE,OAAO,EAAE,SAAS,CAAU,CAAC;AAEzF,MAAM,UAAU,iBAAiB,CAAC,SAAiB;IACjD,OAAQ,kBAAwC,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;AACvE,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"docker-best-practices.d.ts","sourceRoot":"","sources":["../../../src/checks/architecture/docker-best-practices.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"docker-best-practices.d.ts","sourceRoot":"","sources":["../../../src/checks/architecture/docker-best-practices.ts"],"names":[],"mappings":"AACA;;;;;;GAMG;AAQH;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,mBAAmB,sCAqC9B,CAAC"}
|