Docker: Support ARG FROM

dependabot · Jan 6, 2022 · b93ae98 · b93ae98
1 parent b7ad648
commit b93ae98
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 3 deletions.
diff --git a/docker/lib/dependabot/docker/file_parser.rb b/docker/lib/dependabot/docker/file_parser.rb
@@ -16,15 +16,16 @@ class FileParser < Dependabot::FileParsers::Base
       # Details of Docker regular expressions is at
       # https://github.com/docker/distribution/blob/master/reference/regexp.go
       DOMAIN_COMPONENT =
-        /(?:[[:alnum:]]|[[:alnum:]][[[:alnum:]]-]*[[:alnum:]])/.freeze
+        /[[:alnum:]]|[[:alnum:]][[:alnum:]-]*[[:alnum:]]/.freeze
       DOMAIN = /(?:#{DOMAIN_COMPONENT}(?:\.#{DOMAIN_COMPONENT})+)/.freeze
       REGISTRY = /(?<registry>#{DOMAIN}(?::\d+)?)/.freeze
 
-      NAME_COMPONENT = /(?:[a-z\d]+(?:(?:[._]|__|[-]*)[a-z\d]+)*)/.freeze
+      NAME_COMPONENT = /[a-z\d]+(?:(?:[._]|__|[-]*)[a-z\d]+)*/.freeze
       IMAGE = %r{(?<image>#{NAME_COMPONENT}(?:/#{NAME_COMPONENT})*)}.freeze
 
+      ARG = /ARG/i.freeze
       FROM = /FROM/i.freeze
-      PLATFORM = /--platform\=(?<platform>\S+)/.freeze
+      PLATFORM = /--platform=(?<platform>\S+)/.freeze
       TAG = /:(?<tag>[\w][\w.-]{0,127})/.freeze
       DIGEST = /@(?<digest>[^\s]+)/.freeze
       NAME = /\s+AS\s+(?<name>[\w-]+)/.freeze
@@ -38,7 +39,14 @@ def parse
         dependency_set = DependencySet.new
 
         dockerfiles.each do |dockerfile|
+          args = {}
           dockerfile.content.each_line do |line|
+            if ARG.match(line)
+              key_value = line.delete_prefix("ARG ").split("=")
+              args[key_value[0]] = key_value[1].delete_suffix("\n")
+              next
+            end
+            line = replace_args(line, args)
             next unless FROM_LINE.match?(line)
 
             parsed_from_line = FROM_LINE.match(line).named_captures
@@ -66,6 +74,13 @@ def parse
 
       private
 
+      def replace_args(line, args)
+        line.gsub(/\${?\w+}?/) do |s|
+          escaped = s.delete_prefix("$").delete_prefix("{").delete_suffix("}")
+          args[escaped]
+        end
+      end
+
       def dockerfiles
         # The Docker file fetcher only fetches Dockerfiles, so no need to
         # filter here

diff --git a/docker/spec/dependabot/docker/file_parser_spec.rb b/docker/spec/dependabot/docker/file_parser_spec.rb
@@ -124,6 +124,32 @@
       end
     end
 
+    context "arg from" do
+      let(:dockerfile_fixture_name) { "arg_from" }
+
+      describe "no curls" do
+        subject(:dependency) { dependencies.first }
+
+        it "can solve the dependency" do
+          expect(dependency).to be_a(Dependabot::Dependency)
+          expect(dependency.name).to eq("docker")
+        end
+      end
+    end
+
+    context "arg from" do
+      let(:dockerfile_fixture_name) { "arg_from_curls" }
+
+      describe "with curls" do
+        subject(:dependency) { dependencies.first }
+
+        it "can solve the dependency" do
+          expect(dependency).to be_a(Dependabot::Dependency)
+          expect(dependency.name).to eq("docker")
+        end
+      end
+    end
+
     context "with a non-numeric version" do
       let(:dockerfile_body) { "FROM ubuntu:artful" }
 

diff --git a/docker/spec/fixtures/docker/dockerfiles/arg_from b/docker/spec/fixtures/docker/dockerfiles/arg_from
@@ -0,0 +1,2 @@
+ARG HUB=docker.io
+FROM $HUB/docker:20.10.7-dind
diff --git a/docker/spec/fixtures/docker/dockerfiles/arg_from_curls b/docker/spec/fixtures/docker/dockerfiles/arg_from_curls
@@ -0,0 +1,2 @@
+ARG HUB=docker.io
+FROM ${HUB}/docker:20.10.7-dind
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		ARG HUB=docker.io
		FROM $HUB/docker:20.10.7-dind
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		ARG HUB=docker.io
		FROM ${HUB}/docker:20.10.7-dind