From c8a38c91dd469132850bc2054d450722592459de Mon Sep 17 00:00:00 2001 From: Rudy Regazzoni <110470341+rudy-regazzoni-sonarsource@users.noreply.github.com> Date: Mon, 25 Sep 2023 15:04:40 +0200 Subject: [PATCH] Modify rule S6579: apply LaYC format (#3124) ## Review A dedicated reviewer checked the rule description successfully for: - [ ] logical errors and incorrect information - [ ] information gaps and missing content - [ ] text style and tone - [ ] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule) --------- Co-authored-by: Marcin Stachniuk --- rules/S6579/docker/rule.adoc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/rules/S6579/docker/rule.adoc b/rules/S6579/docker/rule.adoc index d9c5bb78c18..31672ec2dd1 100644 --- a/rules/S6579/docker/rule.adoc +++ b/rules/S6579/docker/rule.adoc @@ -4,7 +4,8 @@ It will be evaluated to an empty value. == Why is this an issue? The variables defined by `ARG` instruction have a scope from the definition to the end of the build stage where it was defined. -The variables will be unresolved (it will be empty) which may lead to unintended behaviour. +If it was defined in the beginning of the Dockerfile (outside of any build stage), then its scope is restricted to only `FROM` instructions. +Outside of their scope, variables will be resolved to empty string which may lead to unintended behaviour. == How to fix it @@ -19,7 +20,7 @@ FROM busybox RUN ./run/setup $SETTINGS ---- -In this case the `$SETTINGS` variable will be not evaluated. +In this case the `$SETTINGS` variable will be evaluated to empty string. ==== Compliant solution @@ -41,7 +42,7 @@ FROM busybox RUN ./run/setup $SETTINGS ---- -In this case the `$SETTINGS` variable will be not evaluated, just the text `$SETTINGS` will be passed to `RUN` instruction. +In this case the `$SETTINGS` variable will be evaluated to empty string. ==== Compliant solution @@ -53,7 +54,7 @@ ARG SETTINGS RUN ./run/setup $SETTINGS ---- -In this case the flag `--default-settings` will be passed to `RUN` instruction. +In this case the flag `--default-settings` will be passed to `RUN` instruction (unless another value is provided during build time). === How does this work?