make appsec requested changes

Checkmarx · Sep 26, 2022 · ffc68a7 · ffc68a7
1 parent bd52af4
commit ffc68a7
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/assets/queries/dockerfile/changing_default_shell_using_run_command/query.rego b/assets/queries/dockerfile/changing_default_shell_using_run_command/query.rego
@@ -2,11 +2,26 @@ package Cx
 
 import data.generic.common as common_lib
 
+shell_possibilities := {
+	"/bin/bash",
+	"/bin/tcsh",
+	"/bin/ksh",
+	"/bin/csh",
+	"/bin/dash",
+	"etc/shells",
+	"/bin/zsh",
+	"/bin/fish",
+	"/bin/tmux",
+	"/bin/rbash",
+	"/bin/sh",
+	"/usr/bin/zsh",
+}
+
 CxPolicy[result] {
 	resource := input.document[i].command[name][_]
 	resource.Cmd == "run"
     value := resource.Value
-	shell_possibilities := {"/bin/bash", "/bin/tcsh", " /bin/ksh", "/bin/csh", "/bin/dash" , "etc/shells", "/zsh", "/bin/fish", "/bin/tmux", "/bin/rbash"}
+
 	contains(value[v], shell_possibilities[p])
 	run_values := split(value[v], " ")
 	command := run_values[0]

diff --git a/assets/queries/dockerfile/using_unnamed_build_stages/metadata.json b/assets/queries/dockerfile/using_unnamed_build_stages/metadata.json
@@ -1,7 +1,7 @@
 {
   "id": "68a51e22-ae5a-4d48-8e87-b01a323605c9",
   "queryName": "Using Unnamed Build Stages",
-  "severity": "MEDIUM",
+  "severity": "LOW",
   "category": "Build Process",
   "descriptionText": " This query is used to ensure that build stages are named. This way even if the Dockerfile is re-ordered, the COPY instruction doesn’t break.",
   "descriptionUrl": "https://docs.docker.com/develop/develop-images/multistage-build/",

diff --git a/assets/queries/dockerfile/using_unnamed_build_stages/test/positive_expected_result.json b/assets/queries/dockerfile/using_unnamed_build_stages/test/positive_expected_result.json
@@ -1,7 +1,7 @@
 [
 	{
 		"queryName": "Using Unnamed Build Stages",
-		"severity": "MEDIUM",
+		"severity": "LOW",
 		"line": 10,
 		"filename": "positive1.dockerfile"
 	}