diff --git a/frontend/dockerfile/dockerfile2llb/convert.go b/frontend/dockerfile/dockerfile2llb/convert.go index a914625387e16..abfeebf75dff1 100644 --- a/frontend/dockerfile/dockerfile2llb/convert.go +++ b/frontend/dockerfile/dockerfile2llb/convert.go @@ -2363,7 +2363,7 @@ func validateNoSecretKey(key string, location []parser.Range, lint *linter.Linte "secret", "token", } - pattern := `(?i)(?:_|^)(?:`+strings.Join(secretTokens, "|")+`)(?:_|$)` + pattern := `(?i)(?:_|^)(?:` + strings.Join(secretTokens, "|") + `)(?:_|$)` if matched, _ := regexp.MatchString(pattern, key); matched { msg := linter.RuleSecretsUsedInArgOrEnv.Format(key) lint.Run(&linter.RuleSecretsUsedInArgOrEnv, location, msg) diff --git a/frontend/dockerfile/dockerfile_lint_test.go b/frontend/dockerfile/dockerfile_lint_test.go index 1ca9c438e4f0f..f08f2f1a92053 100644 --- a/frontend/dockerfile/dockerfile_lint_test.go +++ b/frontend/dockerfile/dockerfile_lint_test.go @@ -61,6 +61,7 @@ ENV git_key= RuleName: "SecretsUsedInArgOrEnv", Description: "Potentially sensitive data should not be used in the ARG or ENV commands", Detail: `Secrets should not be used in the ARG or ENV commands (key named "SECRET_PASSPHRASE")`, + URL: "https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/", Level: 1, Line: 3, }, @@ -68,6 +69,7 @@ ENV git_key= RuleName: "SecretsUsedInArgOrEnv", Description: "Potentially sensitive data should not be used in the ARG or ENV commands", Detail: `Secrets should not be used in the ARG or ENV commands (key named "SUPER_Secret")`, + URL: "https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/", Level: 1, Line: 4, }, @@ -75,6 +77,7 @@ ENV git_key= RuleName: "SecretsUsedInArgOrEnv", Description: "Potentially sensitive data should not be used in the ARG or ENV commands", Detail: `Secrets should not be used in the ARG or ENV commands (key named "password")`, + URL: "https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/", Level: 1, Line: 5, }, @@ -82,6 +85,7 @@ ENV git_key= RuleName: "SecretsUsedInArgOrEnv", Description: "Potentially sensitive data should not be used in the ARG or ENV commands", Detail: `Secrets should not be used in the ARG or ENV commands (key named "secret")`, + URL: "https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/", Level: 1, Line: 5, }, @@ -89,6 +93,7 @@ ENV git_key= RuleName: "SecretsUsedInArgOrEnv", Description: "Potentially sensitive data should not be used in the ARG or ENV commands", Detail: `Secrets should not be used in the ARG or ENV commands (key named "super_duper_secret_token")`, + URL: "https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/", Level: 1, Line: 6, }, @@ -96,6 +101,7 @@ ENV git_key= RuleName: "SecretsUsedInArgOrEnv", Description: "Potentially sensitive data should not be used in the ARG or ENV commands", Detail: `Secrets should not be used in the ARG or ENV commands (key named "auth")`, + URL: "https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/", Level: 1, Line: 6, }, @@ -103,6 +109,7 @@ ENV git_key= RuleName: "SecretsUsedInArgOrEnv", Description: "Potentially sensitive data should not be used in the ARG or ENV commands", Detail: `Secrets should not be used in the ARG or ENV commands (key named "apikey")`, + URL: "https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/", Level: 1, Line: 7, }, @@ -110,6 +117,7 @@ ENV git_key= RuleName: "SecretsUsedInArgOrEnv", Description: "Potentially sensitive data should not be used in the ARG or ENV commands", Detail: `Secrets should not be used in the ARG or ENV commands (key named "git_key")`, + URL: "https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/", Level: 1, Line: 8, }, diff --git a/frontend/dockerfile/docs/rules/_index.md b/frontend/dockerfile/docs/rules/_index.md index 7e7bb9a8d2392..8e1266602b5e0 100644 --- a/frontend/dockerfile/docs/rules/_index.md +++ b/frontend/dockerfile/docs/rules/_index.md @@ -84,5 +84,9 @@ $ docker build --check .