Fix bug number (AST-127598)

[cx-margarita-levitm]

Updates dockerfilePattern and dockerComposePattern to allow the following files to be recognized as valid Docker-related files for scanning:

myapp-docker-compose.dev.yml
docker-compose.yml
Dockerfile
dockerfile
Dotnet-Restore-Dockerfile
FunctionApp.Dockerfile
dotnet-restore-dockerfile
functionapp.dockerfile

[cx-shaked-karta]

Checkmarx One – Scan Summary & Details – 1b2279a1-4d07-4599-bc8e-34bd4d3bf8f9

New Issues (37)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CVE-2024-36621	Go-github.com/docker/docker-v24.0.9	details Recommended version: v25.0.13+incompatible Description: Moby prior to version 26.0.0-rc1 is affected by a Race Condition in 'builder/builder-next/adapters/snapshot/layer.go'. The vulnerability could be u... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
2		CVE-2024-36621	Go-github.com/docker/docker-v24.0.7	details Recommended version: v25.0.13+incompatible Description: Moby prior to version 26.0.0-rc1 is affected by a Race Condition in 'builder/builder-next/adapters/snapshot/layer.go'. The vulnerability could be u... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
3		CVE-2024-36623	Go-github.com/docker/docker-v24.0.9	details Recommended version: v25.0.13+incompatible Description: Moby version prior to 26.0.0-rc1 has a Race Condition vulnerability in the streamformatter package, which can be used to trigger multiple concurren... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4		CVE-2024-36623	Go-github.com/docker/docker-v24.0.7	details Recommended version: v25.0.13+incompatible Description: Moby version prior to 26.0.0-rc1 has a Race Condition vulnerability in the streamformatter package, which can be used to trigger multiple concurren... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
5		CVE-2024-41110	Go-github.com/docker/docker-v24.0.7	details Recommended version: v25.0.13+incompatible Description: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of t... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
6		CVE-2024-41110	Go-github.com/docker/docker-v24.0.9	details Recommended version: v25.0.13+incompatible Description: Moby is an open-source project created by Docker for software containerization. A security vulnerability has been detected in certain versions of t... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
7		CVE-2024-45337	Go-golang.org/x/crypto-v0.16.0	details Recommended version: v0.16.1-0.20231127172605-b8ffc16e1006 Description: Applications and libraries that misuse the 'ServerConfig.PublicKeyCallback' callback may be susceptible to an authorization bypass. The documentati... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
8		CVE-2024-45337	Go-golang.org/x/crypto-v0.18.0	details Recommended version: v0.23.1-0.20240507220409-477a5b4c327a Description: Applications and libraries that misuse the 'ServerConfig.PublicKeyCallback' callback may be susceptible to an authorization bypass. The documentati... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
9		CVE-2023-45288	Go-golang.org/x/net-v0.19.0	details Recommended version: v0.25.1-0.20251013234738-63d1a5100f82 Description: As part of a class of vulnerabilities known as "HTTP/2 CONTINUATION Flood," an attacker can exploit the HTTP/2 protocol's CONTINUATION frame handli... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
10		CVE-2023-45288	Go-golang.org/x/net-v0.20.0	details Recommended version: v0.25.1-0.20251013234738-63d1a5100f82 Description: As part of a class of vulnerabilities known as "HTTP/2 CONTINUATION Flood," an attacker can exploit the HTTP/2 protocol's CONTINUATION frame handli... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
11		CVE-2024-21626	Go-github.com/opencontainers/runc-v1.1.5	details Recommended version: v1.2.8 Description: The runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.0.0-rc93 through 1.1.11, due to a... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
12		CVE-2024-24557	Go-github.com/docker/docker-v24.0.7	details Recommended version: v25.0.13+incompatible Description: Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning ... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
13		CVE-2024-24786	Go-google.golang.org/protobuf-v1.32.0	details Recommended version: v1.32.1-0.20240220091814-8f6a6615d61f Description: In the package google.golang.org/protobuf versions prior to 1.33.0, the "protojson.Unmarshal" function can enter an infinite loop when unmarshaling... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
14		CVE-2024-25621	Go-github.com/containerd/containerd-v1.7.11	details Recommended version: v1.7.29 Description: Containerd is an open-source container runtime. Versions from 0.1.0 through 1.7.28, 2.0.x through 2.0.6, 2.1.x through 2.1.4 and 2.2.x through 2.2.... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
15		CVE-2024-25621	Go-github.com/containerd/containerd-v1.7.6	details Recommended version: v1.7.29 Description: Containerd is an open-source container runtime. Versions from 0.1.0 through 1.7.28, 2.0.x through 2.0.6, 2.1.x through 2.1.4 and 2.2.x through 2.2.... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
16		CVE-2024-28110	Go-github.com/cloudevents/sdk-go/v2-v2.13.0	details Recommended version: v2.15.2 Description: Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents using cloudevents withRoundTripper to create a cl... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
17		CVE-2024-40635	Go-github.com/containerd/containerd-v1.7.6	details Recommended version: v1.7.29 Description: containerd is an open-source container runtime. A bug was found in containerd prior to versions prior to 1.6.38, 1.7.x prior to 1.7.27 and 2.0.x pr... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
18		CVE-2024-40635	Go-github.com/containerd/containerd-v1.7.11	details Recommended version: v1.7.29 Description: containerd is an open-source container runtime. A bug was found in containerd prior to versions prior to 1.6.38, 1.7.x prior to 1.7.27 and 2.0.x pr... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
19		CVE-2024-45338	Go-golang.org/x/net-v0.20.0	details Recommended version: v0.25.1-0.20251013234738-63d1a5100f82 Description: An attacker can craft an input to the "Parse" function, that will be processed non-linearly with respect to its length, resulting in extremely slow... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
20		CVE-2024-45338	Go-golang.org/x/net-v0.19.0	details Recommended version: v0.25.1-0.20251013234738-63d1a5100f82 Description: An attacker can craft an input to the "Parse" function, that will be processed non-linearly with respect to its length, resulting in extremely slow... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
21		CVE-2024-45339	Go-github.com/golang/glog-v1.1.2	details Recommended version: v1.2.4 Description: When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and p... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
22		CVE-2025-22868	Go-golang.org/x/oauth2-v0.15.0	details Recommended version: v0.27.0 Description: An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. This issue affects golang.org/x/oaut... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
23		CVE-2025-22869	Go-golang.org/x/crypto-v0.18.0	details Recommended version: v0.23.1-0.20240507220409-477a5b4c327a Description: SSH servers which implement file transfer protocols are vulnerable to a Denial of Service (DoS) attack from clients which complete the key exchange... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
24		CVE-2025-22869	Go-golang.org/x/crypto-v0.16.0	details Recommended version: v0.16.1-0.20231127172605-b8ffc16e1006 Description: SSH servers which implement file transfer protocols are vulnerable to a Denial of Service (DoS) attack from clients which complete the key exchange... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
25		CVE-2025-30204	Go-github.com/golang-jwt/jwt-v3.2.2	details Recommended version: v4.5.2 Description: The package golang-jwt is a Go implementation of JSON Web Tokens. The function `parse.ParseUnverified` splits (via a call to `strings.Split`) its a... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
26		CVE-2025-31133	Go-github.com/opencontainers/runc-v1.1.5	details Recommended version: v1.2.8 Description: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions through 1.2.7, 1.3.0-rc.1 through 1.3.2, 1.4... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
27		CVE-2025-52565	Go-github.com/opencontainers/runc-v1.1.5	details Recommended version: v1.2.8 Description: runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through ... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
28		CVE-2023-48795	Go-golang.org/x/crypto-v0.16.0	details Recommended version: v0.16.1-0.20231127172605-b8ffc16e1006 Description: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integ... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
29		CVE-2025-22872	Go-golang.org/x/net-v0.19.0	details Recommended version: v0.25.1-0.20251013234738-63d1a5100f82 Description: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (`/`) as self-closing. When directly usi... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
30		CVE-2025-22872	Go-golang.org/x/net-v0.20.0	details Recommended version: v0.25.1-0.20251013234738-63d1a5100f82 Description: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (`/`) as self-closing. When directly usi... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
31		CVE-2025-64329	Go-github.com/containerd/containerd-v1.7.11	details Recommended version: v1.7.29 Description: Containerd is an open-source container runtime. Versions through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 t... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
32		CVE-2025-64329	Go-github.com/containerd/containerd-v1.7.6	details Recommended version: v1.7.29 Description: Containerd is an open-source container runtime. Versions through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 t... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
33		Cx68162182-3f7b	Go-github.com/containerd/containerd-v1.7.6	details Recommended version: v1.7.29 Description: In github.com/containerd/containerd package, versions prior to 1.6.26, 1.7.x prior to 1.7.11, and 2.0.0-beta.0 allows RAPL (Running Average Power L... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
34		CVE-2024-45310	Go-github.com/opencontainers/runc-v1.1.5	details Recommended version: v1.2.8 Description: The runc is a CLI tool for spawning and running containers according to the OCI specification. In runc, it can be tricked into creating empty files... Attack Vector: LOCAL Attack Complexity: LOW Vulnerable Package
35		CVE-2024-51744	Go-github.com/golang-jwt/jwt-v3.2.2	details Recommended version: v4.5.2 Description: The golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situations w... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
36		CVE-2025-54410	Go-github.com/docker/docker-v24.0.9	details Recommended version: v25.0.13+incompatible Description: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various o... Attack Vector: LOCAL Attack Complexity: HIGH Vulnerable Package
37		CVE-2025-54410	Go-github.com/docker/docker-v24.0.7	details Recommended version: v25.0.13+incompatible Description: Moby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various o... Attack Vector: LOCAL Attack Complexity: HIGH Vulnerable Package

---

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR