Sonar-scanner-cli cannot parse Dockerfile

gjed · March 10, 2023, 9:38am

Hi everyone,
I got these errors while scanning dockerfiles in a repo with the sonar-scanner-cli:

ERROR: Cannot parse ‘debian/Dockerfile’: Parse error at line 3 column 26:
2: ARG sha=sha256:171530d298096f0697da36b3324182e872db77c66452b85783ea893680cc1b62
3: FROM debian:bullseye-slim@${sha}
^

26: ENV JAVA_OPTS_APPEND "
27: -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled
^
28: -Dkeycloak.profile.feature.account_api=enabled \

Not sure if this is the right place to post it but the github repo doesn’t seem to have an issue section.
Thanks!

rudy.regazzoni · March 23, 2023, 8:47am

Hello @gjed,

Welcome to the community !

Could you please provide a reproducer file ? I would like to investigate your issue further.

Thanks.
Best regards,
Rudy

gjed · March 23, 2023, 10:29am

Hi Rudy, thanks for answering!
Here are the files from the previous errors:
1)

# hub.mycompany.it/debian
ARG sha=sha256:171530d298096f0697da36b3324182e872db77c66452b85783ea893680cc1b62
FROM debian:bullseye-slim@${sha}

ARG hguser hgversion
LABEL it.mycompany.debian.maintainer="${hguser}" \
      it.mycompany.debian.version="${hgversion}" \
      it.mycompany.debian.parent="${sha}"

SHELL ["/bin/bash", "-c"]

COPY "./etc/" "/etc/"

#  && apt-get upgrade -y \
RUN apt-get update \
 && apt-get install -y --no-install-recommends \
            bash \
            ca-certificates \
 && apt-get update \
 && apt-get install -y --no-install-recommends \
            curl \
            iputils-ping \
            less \
            libaio1 \
            netcat-openbsd \
            procps \
            sudo \
            vim \
            whois \
 && apt-get clean \
 && rm -fr /var/lib/apt/lists/* \
 && rm -fr /usr/share/doc /usr/share/locale /usr/share/i18n \
 && mkdir -p /usr/share/man/man1/

CMD [ "/bin/bash" ]

# hub.mycompany.it/keycloak
FROM jboss/keycloak:16.1.1

ARG hguser
ARG hgversion

LABEL maintainer="${hguser}"
LABEL version="${hgversion}"

ENV PROXY_ADDRESS_FORWARDING=true
ENV KEYCLOAK_STATISTICS=db,http,jgroups
ENV KEYCLOAK_FRONTEND_URL https://auth.mycompany.it/auth

ENV DB_VENDOR postgres
ENV DB_ADDR pgsql:5432
ENV DB_DATABASE keycloak
ENV DB_USER thisshoulbbeauser
ENV DB_PASSWORD thisshoulbbeapassword

COPY --chown=1000 ./mycompany.sh /etc/profile.d/
USER root
RUN microdnf update -y && microdnf install -y ncurses jq \
  && ln -s /etc/profile.d/mycompany.sh /opt/jboss/.bashrc
USER 1000

ENV JAVA_OPTS_APPEND " \
  -Dkeycloak.profile.feature.admin_fine_grained_authz=enabled \
  -Dkeycloak.profile.feature.account_api=enabled \
  -Dkeycloak.profile.feature.account2=enabled \
  -Dkeycloak.profile.feature.declarative_user_profile=enabled \
  "
COPY --chown=1000 ./themes /opt/jboss/keycloak/themes/

rudy.regazzoni · March 23, 2023, 4:11pm

Thanks for the reproducers.

Indeed the current version of the Docker analyzer has some flaw, triggering parsing errors in several cases.
We are working on this internally and brought a lot of improvements, also introducing more rules.
I tried both the files you provided, in our internal last version they are getting parsed successfully.

This new version of the Docker analyzer will be shipped in SonarQube 10.0, which should be coming soon.

Best,
Rudy

gjed · March 23, 2023, 9:35pm

Perfect! Thanks for the help!!

system · April 6, 2023, 1:00pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.