generic.dockerfile.correctness.invalid-port.invalid-port

Verifed by r2c

Community Favorite

returntocorp

Author

126,601

Download Count*

LGPL Commons Clause

License

Detected an invalid port number. Valid ports are 0 through 65535.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: invalid-port
    message: Detected an invalid port number. Valid ports are 0 through 65535.
    severity: ERROR
    languages:
      - generic
    metadata:
      source-rule-url: https://github.com/hadolint/hadolint/wiki/DL3011
      references:
        - https://github.com/hadolint/hadolint/wiki/DL3011
      category: correctness
      technology:
        - dockerfile
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]
    paths:
      include:
        - "*dockerfile*"
        - "*Dockerfile*"
    pattern-either:
      - patterns:
          - pattern: EXPOSE $PORT
          - metavariable-comparison:
              metavariable: $PORT
              comparison: $PORT > 65535
      - pattern: EXPOSE -$PORT

Examples

invalid-port.dockerfile

# cf. https://github.com/hadolint/hadolint/wiki/DL3011

FROM busybox

# ok: invalid-port
EXPOSE 65535

# ruleid: invalid-port
EXPOSE 65536

# ok: invalid-port
EXPOSE 0

# ruleid: invalid-port
EXPOSE -1

Short Link: https://sg.run/9o9R