SONARIAC-2493 Variables in Docker should not start with a dash (#656)

GitOrigin-RevId: 0b2e6136176dcf5c25151a6c26d2f67c8ba0bb97

Author: petertrr

iac-extensions/docker/src/main/java/org/sonar/iac/docker/parser/grammar/DockerLexicalConstant.java

@@ -30,9 +30,9 @@ public final class DockerLexicalConstant {
   public static final String RBRACKET_END_EXEC_FORM = "\\](?=[" + LexicalConstant.WHITESPACE + "]*+(?:[\r\n]|$))";
 
   // ** IDENTIFIERS **
-  private static final String VAR_IDENTIFIER_START = "[a-zA-Z_\\-0-9]";
+  private static final String VAR_IDENTIFIER_START = "[a-zA-Z_0-9]";
   public static final String VAR_IDENTIFIER = VAR_IDENTIFIER_START + "++";
-  public static final String ENCAPS_VAR_MODIFIER_SEPARATOR = ":(-|\\+)?";
+  public static final String ENCAPS_VAR_MODIFIER_SEPARATOR = "(:[-+=?]?|[-+=?]|[#%/^,@]{1,2}|/#|/%)";
   public static final String ENCAPS_VAR_MODIFIER_GENERIC = "(\\\\}|[^}])+";
   public static final String FLAG_NAME = "[a-z][-a-z]*+";
 

iac-extensions/docker/src/test/java/org/sonar/iac/docker/tree/impl/AddInstructionImplTest.java

@@ -45,12 +45,12 @@ void matchingSimple() {
       .matches("ADD \"src\" \"dest\"")
       .matches("ADD --option= src dest")
       .matches("ADD ${myadd:-test} dest")
+      .matches("ADD ${myadd%%[a-z]+} dest")
 
       .notMatches("ADD--option= src dest")
       .notMatches("ADDD --option= src dest")
       .notMatches("ADD")
       .notMatches("ADD ")
-      .notMatches("ADD ${myadd%%[a-z]+} dest")
       .notMatches("ADD --option=value");
   }
 

iac-extensions/docker/src/test/java/org/sonar/iac/docker/tree/impl/CopyInstructionImplTest.java

@@ -59,14 +59,15 @@ void matchingSimple() {
       .matches("COPY <<-EOT\n  mkdir -p foo/bar\nEOT")
       .matches("COPY <<\"EOT\"\n  mkdir -p foo/bar\nEOT")
       .matches("COPY ${mycopy:-test} dest")
+      .matches("COPY ${mycopy%%[a-z]+} dest")
       .matches("COPY --chmod=755 <<'EOF' file.sh\necho \"Hello, World!\"\nEOF")
+
       .notMatches("COPY <EOT\n  mkdir -p foo/bar\nEOT")
       .notMatches("COPY <<EOT\n  mkdir -p foo/bar\nEOT5")
       .notMatches("COPY--option= src dest")
       .notMatches("COPYY --option= src dest")
       .notMatches("COPY")
       .notMatches("COPY ")
-      .notMatches("COPY ${mycopy%%[a-z]+} dest")
       .notMatches("COPY --option=value");
 
     for (char c : FORBIDDEN_CHARACTERS_AFTER_KEYWORD) {

iac-extensions/docker/src/test/java/org/sonar/iac/docker/tree/impl/EncapsulatedVariableImplTest.java

@@ -37,17 +37,33 @@ void shouldParseEncapsulatedVariable() {
       .matches("${F2}")
       .matches("${foo:-$bar}")
       .matches("${foo:-}")
+      .matches("${foo-bar}")
       .matches("${foo:+$bar}")
       .matches("${foo:+'bar'}")
       .matches("${foo:+\"bar\"}")
       .matches("${foo:+bar}")
+      .matches("${foo+bar}")
       .matches("${foo:+}")
       .matches("${foo:+bar$bar}")
       .matches("${foo:+${bar}}")
       .matches("${foo:+${bar:-'foobar'}}")
       .matches("${foo:+${bar:-${foobar:+'foobar'}}}")
       .matches("${23}")
       .matches("${foo:*$bar}")
+      .matches("${foo?bar}")
+      .matches("${foo:?bar}")
+      .matches("${foo/bar/baz}")
+      .matches("${foo//bar/baz}")
+      .matches("${foo/#bar/baz}")
+      .matches("${foo/%bar/baz}")
+      .matches("${foo#bar}")
+      .matches("${foo##bar}")
+      .matches("${foo%bar}")
+      .matches("${foo%%bar}")
+      .matches("${foo^bar}")
+      .matches("${foo^^bar}")
+      .matches("${foo,bar}")
+      .matches("${foo@U}")
 
       .notMatches("$foo")
       .notMatches("${foo:+bar $bar}")

iac-extensions/docker/src/test/java/org/sonar/iac/docker/tree/impl/RegularVariableImplTest.java

@@ -35,6 +35,7 @@ void shouldParseRegularVariable() {
       .matches("$1")
 
       .notMatches("$foo=")
+      .notMatches("$foo-bar")
       .notMatches("$foo.bar");
   }
 

iac-extensions/docker/src/test/java/org/sonar/iac/docker/tree/impl/ShellFormImplTest.java

@@ -40,11 +40,11 @@ void shouldParseShellForm() {
       .matches(" $var")
       .matches(" ${var}")
       .matches(" ${var:-test}")
+      .matches(" ${var%%[a-z+]}")
       .matches(" [ \"foo\", \"bar\" ] garbage")
       .matches(" [ \"foo\", \"bar\" ]garbage no space and multiple words")
 
       .notMatches(" [ \"/bin/bash”, “-c” ]")
-      .notMatches(" ${var%%[a-z+]}")
       .notMatches("ls -a")
       .notMatches("");
   }

iac-extensions/docker/src/test/java/org/sonar/iac/docker/tree/impl/VolumeInstructionImplTest.java

@@ -41,7 +41,8 @@ void matchingSimple() {
       .matches("VOLUME $myvolume")
       .matches("VOLUME ${myvolume}")
       .matches("VOLUME ${myvolume:-test}")
-      .notMatches("VOLUME ${myvolume%%[a-z]+}")
+      .matches("VOLUME ${myvolume%%[a-z]+}")
+
       .notMatches("VOLUME")
       .notMatches("VOLUME ")
       .notMatches("VOLUMEE 80");

iac-extensions/docker/src/test/resources/checks/ShellFormOverExecFormCheck/dockerfile

@@ -22,6 +22,7 @@ HEALTHCHECK CMD curl --fail http://localhost:8080/healthcheck || exit 1
 # FNs: exec form with explicit shell invocation are not supported
 CMD ["sh", "-c", "echo $message"]
 CMD ["sh", "-c", "echo ${message-default}"]
+CMD ["sh", "-c", "echo ${message:-default}"]
 CMD ["sh", "-c", "echo ${message:=default}"]
 CMD ["sh", "-c", "echo ${message:+var}"]
 CMD ["sh", "-c", "echo ${message:7}"]