Containers bugs fixes (AST-124328)

go.mod

@@ -3,7 +3,7 @@ module github.com/checkmarx/ast-cli
 go 1.24.11
 
 require (
-	github.com/Checkmarx/containers-resolver v1.0.27
+	github.com/Checkmarx/containers-resolver v1.0.28
 	github.com/Checkmarx/containers-types v1.0.9
 	github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63
 	github.com/Checkmarx/gen-ai-wrapper v1.0.3
@@ -48,8 +48,8 @@ require (
 	github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect
 	github.com/BobuSumisu/aho-corasick v1.0.3 // indirect
 	github.com/BurntSushi/toml v1.5.0 // indirect
-	github.com/Checkmarx/containers-images-extractor v1.0.20
-	github.com/Checkmarx/containers-syft-packages-extractor v1.0.22 // indirect
+	github.com/Checkmarx/containers-images-extractor v1.0.21
+	github.com/Checkmarx/containers-syft-packages-extractor v1.0.23 // indirect
 	github.com/CycloneDX/cyclonedx-go v0.9.2 // indirect
 	github.com/DataDog/zstd v1.5.6 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect

go.sum

@@ -65,12 +65,12 @@ github.com/BurntSushi/toml v0.4.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbi
 github.com/BurntSushi/toml v1.5.0 h1:W5quZX/G/csjUnuI8SUYlsHs9M38FC7znL0lIO+DvMg=
 github.com/BurntSushi/toml v1.5.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Checkmarx/containers-images-extractor v1.0.20 h1:PGTtBMsjF77HrTtnmzzVGywFkuUtXfc/PBo46kMYORw=
-github.com/Checkmarx/containers-images-extractor v1.0.20/go.mod h1:HyzVb8TtTDf56hGlSakalPXtzjJ6VhTYe9fmAcOS+V8=
-github.com/Checkmarx/containers-resolver v1.0.27 h1:fEZkgQR+PLyIOunLRQAzofUX97I9qKGG9gAoKNI4ajw=
-github.com/Checkmarx/containers-resolver v1.0.27/go.mod h1:zxQja33k9SvDXG7eWq03U8WxkHIu/XchzjXsoKfhDFY=
-github.com/Checkmarx/containers-syft-packages-extractor v1.0.22 h1:5zzTrAgKOiqFvAwSS0DRmWyWuKK66jXj54wc8xroObQ=
-github.com/Checkmarx/containers-syft-packages-extractor v1.0.22/go.mod h1:OPGYISPnKtVFl2mZrClErv83ZLjUPKjdQQsXLmx++oY=
+github.com/Checkmarx/containers-images-extractor v1.0.21 h1:SEo4FyxUZnOkZnHqdpqDLcztHj/1IyEkvAnlTNBsNOA=
+github.com/Checkmarx/containers-images-extractor v1.0.21/go.mod h1:HyzVb8TtTDf56hGlSakalPXtzjJ6VhTYe9fmAcOS+V8=
+github.com/Checkmarx/containers-resolver v1.0.28 h1:FikNmHIAYqJ1G1qHixASDUjJirl+Dp635TuMYq/RfUY=
+github.com/Checkmarx/containers-resolver v1.0.28/go.mod h1:X6KwE/vFIDlgyBZKnkhRGitt65hWCZp0sdvgNTRyvSw=
+github.com/Checkmarx/containers-syft-packages-extractor v1.0.23 h1:qP4OBlCVF6BbOO0gzcoOzAtfdx7+M1kU3OsY2xBvy8E=
+github.com/Checkmarx/containers-syft-packages-extractor v1.0.23/go.mod h1:OPGYISPnKtVFl2mZrClErv83ZLjUPKjdQQsXLmx++oY=
 github.com/Checkmarx/containers-types v1.0.9 h1:LbHDj9LZ0x3f28wDx398WC19sw0U0EfEewHMLStBwvs=
 github.com/Checkmarx/containers-types v1.0.9/go.mod h1:KR0w8XCosq3+6jRCfQrH7i//Nj2u11qaUJM62CREFZA=
 github.com/Checkmarx/gen-ai-prompts v0.0.0-20240807143411-708ceec12b63 h1:SCuTcE+CFvgjbIxUNL8rsdB2sAhfuNx85HvxImKta3g=

internal/commands/scan.go

@@ -3560,6 +3560,14 @@ func validateContainerImageFormat(containerImage string) error {
 			return validatePrefixedContainerImage(containerImage, getPrefixFromInput(containerImage, knownSources))
 		}
 
+		// Check if this looks like an invalid prefix attempt (e.g., "invalid-prefix:file.tar")
+		// If the "tag" ends with .tar and the "image name" looks like a simple prefix (no / or .)
+		// then the user likely intended to use a prefix format but used an unknown prefix
+		lowerTag := strings.ToLower(imageTag)
+		if strings.HasSuffix(lowerTag, ".tar") && !strings.Contains(imageName, "/") && !strings.Contains(imageName, ".") {
+			return errors.Errorf("Invalid value for --container-images flag. Unknown prefix '%s:'. Supported prefixes are: docker:, podman:, containerd:, registry:, docker-archive:, oci-archive:, oci-dir:, file:", imageName)
+		}
+
 		return nil // Valid image:tag format
 	}
 

internal/commands/scan_test.go

@@ -2448,6 +2448,23 @@ func TestValidateContainerImageFormat_Comprehensive(t *testing.T) {
 			expectedError:  "Invalid value for --container-images flag. The 'dir:' prefix is not supported",
 		},
 
+		// ==================== Unknown Prefix Tests ====================
+		{
+			name:           "Invalid - unknown prefix with tar file",
+			containerImage: "invalid-prefix:test-image.tar",
+			expectedError:  "Invalid value for --container-images flag. Unknown prefix 'invalid-prefix:'",
+		},
+		{
+			name:           "Invalid - typo in prefix (dcoker)",
+			containerImage: "dcoker:my-image.tar",
+			expectedError:  "Invalid value for --container-images flag. Unknown prefix 'dcoker:'",
+		},
+		{
+			name:           "Invalid - custom prefix with tar",
+			containerImage: "myprefix:archive.tar",
+			expectedError:  "Invalid value for --container-images flag. Unknown prefix 'myprefix:'",
+		},
+
 		// ==================== Edge Cases ====================
 		{
 			name:           "Complex registry with multiple colons",