feat: DL3026 (Use only an allowed registry in the FROM image) (#54)

* Add trusted_registries arg

* Fix spacing

* DL3026 logic

* Minor listing updates

* Updated packages

* fix higher tests

* fix conflicts in go.sum

---------

Co-authored-by: Tomohiro Kusumoto <tomohiro.kusumoto123@gmail.com>

README.md

@@ -46,6 +46,8 @@ The available options are:
 ```
   --ignore RULECODE     A rule to ignore. If present, the ignore list in the
                         config file is ignored
+  --trusted-registry REGISTRY (e.g. docker.io)
+			A docker registry to allow to appear in FROM instructions
 
   --help        -h      Print this help message and exit.
   --version     -v      Print the version information
@@ -102,6 +104,7 @@ The following is a list of the implemented rules. Dockerfile lint rule provided
 | [DL3023](https://github.com/hadolint/hadolint/wiki/DL3023)   | `COPY --from` cannot reference its own `FROM` alias.                                                                                                |
 | [DL3024](https://github.com/hadolint/hadolint/wiki/DL3024)   | `FROM` aliases (stage names) must be unique.                                                                                                        |
 | [DL3025](https://github.com/hadolint/hadolint/wiki/DL3025)   | Use arguments JSON notation for CMD and ENTRYPOINT arguments.                                                                                       |
+| [DL3026](https://github.com/hadolint/hadolint/wiki/DL3027)   | Use only an allowed registry in the `FROM image`                                                                                       |
 | [DL3027](https://github.com/hadolint/hadolint/wiki/DL3027)   | Do not use apt; use apt-get or apt-cache instead.                                                                                       |
 | [DL4000](https://github.com/hadolint/hadolint/wiki/DL4000)   | MAINTAINER is deprecated.                                                                                                                           |
 | [DL4001](https://github.com/hadolint/hadolint/wiki/DL4001)   | Either use Wget or Curl but not both.                                                                                                               |

cmd/cli.go

@@ -35,6 +35,8 @@ Usage: godolint [--ignore RULECODE]
 Available options:
   --ignore RULECODE	A rule to ignore. If present, the ignore list in the
 			config file is ignored
+  --trusted-registry REGISTRY (e.g. docker.io)
+			A docker registry to allow to appear in FROM instructions
 
   --help	-h	Print this help message and exit.
   --version	-v	Print the version information
@@ -60,6 +62,7 @@ func (ss *sliceString) Set(value string) error {
 func (cli *CLI) Run(args []string) int {
 	var ignoreRules sliceString
 	var isVersion bool
+	var trustedRegistries sliceString
 
 	flags := flag.NewFlagSet(name, flag.ContinueOnError)
 	flags.Usage = func() {
@@ -69,6 +72,7 @@ func (cli *CLI) Run(args []string) int {
 	flags.Var(&ignoreRules, "ignore", "Set ignore strings")
 	flags.BoolVar(&isVersion, "version", false, "version")
 	flags.BoolVar(&isVersion, "v", false, "version")
+	flags.Var(&trustedRegistries, "trusted-registry", "Docker registries to allow to appear in FROM instructions")
 
 	if err := flags.Parse(args[1:]); err != nil {
 		fmt.Fprint(cli.ErrStream, err)
@@ -100,7 +104,7 @@ func (cli *CLI) Run(args []string) int {
 		return ExitCodeAstParseError
 	}
 
-	analyzer := linter.NewAnalyzer(ignoreRules)
+	analyzer := linter.NewAnalyzer(ignoreRules, trustedRegistries)
 	rst, err := analyzer.Run(r.AST)
 	if err != nil {
 		fmt.Fprint(cli.ErrStream, err)

cmd/cli_test.go

@@ -29,6 +29,8 @@ Usage: godolint [--ignore RULECODE]
 Available options:
   --ignore RULECODE	A rule to ignore. If present, the ignore list in the
 			config file is ignored
+  --trusted-registry REGISTRY (e.g. docker.io)
+			A docker registry to allow to appear in FROM instructions
 
   --help	-h	Print this help message and exit.
   --version	-v	Print the version information

go.mod

@@ -5,8 +5,15 @@ go 1.22.5
 require github.com/moby/buildkit v0.15.1
 
 require (
+	github.com/agext/levenshtein v1.2.3 // indirect
 	github.com/containerd/typeurl/v2 v2.1.1 // indirect
+	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/go-units v0.5.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
+	github.com/tonistiigi/go-csvvalue v0.0.0-20240710180619-ddb21b71c0b4 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 )

go.sum

@@ -1,7 +1,13 @@
+github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo=
+github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558=
 github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4=
 github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
+github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
+github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
+github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
@@ -12,16 +18,22 @@ github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/moby/buildkit v0.14.1 h1:2epLCZTkn4CikdImtsLtIa++7DzCimrrZCT1sway+oI=
 github.com/moby/buildkit v0.14.1/go.mod h1:1XssG7cAqv5Bz1xcGMxJL123iCv5TYN4Z/qf647gfuk=
-github.com/moby/buildkit v0.15.0 h1:vnZLThPr9JU6SvItctKoa6NfgPZ8oUApg/TCOaa/SVs=
-github.com/moby/buildkit v0.15.0/go.mod h1:oN9S+8I7wF26vrqn9NuAF6dFSyGTfXvtiu9o1NlnnH4=
 github.com/moby/buildkit v0.15.1 h1:J6wrew7hphKqlq1wuu6yaUb/1Ra7gEzDAovylGztAKM=
 github.com/moby/buildkit v0.15.1/go.mod h1:Yis8ZMUJTHX9XhH9zVyK2igqSHV3sxi3UN0uztZocZk=
+github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
+github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
+github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
+github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
+github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
+github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+github.com/tonistiigi/go-csvvalue v0.0.0-20240710180619-ddb21b71c0b4 h1:7I5c2Ig/5FgqkYOh/N87NzoyI9U15qUPXhDD8uCupv8=
+github.com/tonistiigi/go-csvvalue v0.0.0-20240710180619-ddb21b71c0b4/go.mod h1:278M4p8WsNh3n4a1eqiFcV2FGk7wE5fwUpUom9mK9lE=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=

linter/analyzer.go

@@ -9,22 +9,26 @@ import (
 
 // Analyzer implements Analyzer.
 type Analyzer struct {
-	rules []*rules.Rule
+	rules             []*rules.Rule
+	trustedRegistries []string
 }
 
 // NewAnalyzer generate a NewAnalyzer with rules to apply.
-func NewAnalyzer(ignoreRules []string) Analyzer {
-	return newAnalyzer(ignoreRules)
+func NewAnalyzer(ignoreRules []string, trustedRegistries []string) Analyzer {
+	return newAnalyzer(ignoreRules, trustedRegistries)
 }
 
-func newAnalyzer(ignoreRules []string) Analyzer {
+func newAnalyzer(ignoreRules []string, trustedRegistries []string) Analyzer {
 	var filteredRules []*rules.Rule
 	for _, k := range getMakeDiff(rules.RuleKeys, ignoreRules) {
 		if rule, ok := rules.Rules[k]; ok {
 			filteredRules = append(filteredRules, rule)
 		}
 	}
-	return Analyzer{rules: filteredRules}
+	return Analyzer{
+		rules:             filteredRules,
+		trustedRegistries: trustedRegistries,
+	}
 }
 
 // Run apply docker best practice rules to docker ast.
@@ -35,7 +39,9 @@ func (a Analyzer) Run(node *parser.Node) ([]string, error) {
 
 	for i := range a.rules {
 		go func(r *rules.Rule) {
-			vrst, err := r.ValidateFunc(node)
+			vrst, err := r.ValidateFunc(node, &rules.RuleOptions{
+				TrustedRegistries: a.trustedRegistries,
+			})
 			if err != nil {
 				errChan <- err
 			} else {

linter/analyzer_test.go

@@ -168,7 +168,7 @@ func TestAnalyzer(t *testing.T) {
 	}
 
 	for i, tc := range cases {
-		analyzer := NewAnalyzer(tc.ignoreRules)
+		analyzer := NewAnalyzer(tc.ignoreRules, nil)
 		gotRst, gotErr := analyzer.Run(tc.node)
 		if !sliceEq(tc.expectedRst, gotRst) {
 			t.Errorf("#%d results deep equal has returned: want %s, got %s", i, tc.expectedRst, gotRst)

linter/rules/dl3000.go

@@ -8,7 +8,7 @@ import (
 )
 
 // validateDL3000 is "Use absolute WORKDIR."
-func validateDL3000(node *parser.Node) (rst []ValidateResult, err error) {
+func validateDL3000(node *parser.Node, _ *RuleOptions) (rst []ValidateResult, err error) {
 	for _, child := range node.Children {
 		if child.Value == WORKDIR {
 			absPath, err := filepath.Abs(child.Next.Value)

linter/rules/dl3000_test.go

@@ -31,7 +31,7 @@ CMD ["go", "run", "main.go"]
 			t.Errorf("#%d parse error %s", i, tc.dockerfileStr)
 		}
 
-		gotRst, gotErr := validateDL3000(rst.AST)
+		gotRst, gotErr := validateDL3000(rst.AST, nil)
 		if !isValidateResultEq(gotRst, tc.expectedRst) {
 			t.Errorf("#%d results deep equal has returned: want %v, got %v", i, tc.expectedRst, gotRst)
 		}

linter/rules/dl3001.go

@@ -8,7 +8,7 @@ import (
 
 // validateDL3001 is "For some bash commands it makes no sense running them in a Docker container
 // like free, ifconfig, kill, mount, ps, service, shutdown, ssh, top, vim"
-func validateDL3001(node *parser.Node) (rst []ValidateResult, err error) {
+func validateDL3001(node *parser.Node, _ *RuleOptions) (rst []ValidateResult, err error) {
 	for _, child := range node.Children {
 		if child.Value == RUN {
 			for _, v := range strings.Fields(child.Next.Value) {

linter/rules/dl3001_test.go

@@ -33,7 +33,7 @@ CMD ["go", "run", "main.go"]
 			t.Errorf("#%d parse error %s", i, tc.dockerfileStr)
 		}
 
-		gotRst, gotErr := validateDL3001(rst.AST)
+		gotRst, gotErr := validateDL3001(rst.AST, nil)
 		if !isValidateResultEq(gotRst, tc.expectedRst) {
 			t.Errorf("#%d results deep equal has returned: want %v, got %v", i, tc.expectedRst, gotRst)
 		}

linter/rules/dl3002.go

@@ -5,7 +5,7 @@ import (
 )
 
 // validateDL3002 is "Last user should not be root."
-func validateDL3002(node *parser.Node) (rst []ValidateResult, err error) {
+func validateDL3002(node *parser.Node, _ *RuleOptions) (rst []ValidateResult, err error) {
 	var isLastRootUser bool
 	var lastRootUserPos int
 	for _, child := range node.Children {

linter/rules/dl3002_test.go

@@ -45,7 +45,7 @@ CMD ["go", "run", "main.go"]
 			t.Errorf("#%d parse error %s", i, tc.dockerfileStr)
 		}
 
-		gotRst, gotErr := validateDL3002(rst.AST)
+		gotRst, gotErr := validateDL3002(rst.AST, nil)
 		if !isValidateResultEq(gotRst, tc.expectedRst) {
 			t.Errorf("#%d results deep equal has returned: want %v, got %v", i, tc.expectedRst, gotRst)
 		}

linter/rules/dl3003.go

@@ -7,7 +7,7 @@ import (
 )
 
 // validateDL3003 is "Use WORKDIR to switch to a directory"
-func validateDL3003(node *parser.Node) (rst []ValidateResult, err error) {
+func validateDL3003(node *parser.Node, _ *RuleOptions) (rst []ValidateResult, err error) {
 	for _, child := range node.Children {
 		if child.Value == RUN {
 			for _, v := range strings.Fields(child.Next.Value) {

linter/rules/dl3003_test.go

@@ -33,7 +33,7 @@ CMD ["go", "run", "main.go"]
 			t.Errorf("#%d parse error %s", i, tc.dockerfileStr)
 		}
 
-		gotRst, gotErr := validateDL3003(rst.AST)
+		gotRst, gotErr := validateDL3003(rst.AST, nil)
 		if !isValidateResultEq(gotRst, tc.expectedRst) {
 			t.Errorf("#%d results deep equal has returned: want %v, got %v", i, tc.expectedRst, gotRst)
 		}

linter/rules/dl3004.go

@@ -7,7 +7,7 @@ import (
 )
 
 // validateDL3004 is "Do not use sudo as it leads to unpredictable behavior. Use a tool like gosu to enforce root."
-func validateDL3004(node *parser.Node) (rst []ValidateResult, err error) {
+func validateDL3004(node *parser.Node, _ *RuleOptions) (rst []ValidateResult, err error) {
 	for _, child := range node.Children {
 		if child.Value == RUN {
 			for _, v := range strings.Fields(child.Next.Value) {

linter/rules/dl3004_test.go

@@ -33,7 +33,7 @@ CMD ["go", "run", "main.go"]
 			t.Errorf("#%d parse error %s", i, tc.dockerfileStr)
 		}
 
-		gotRst, gotErr := validateDL3004(rst.AST)
+		gotRst, gotErr := validateDL3004(rst.AST, nil)
 		if !isValidateResultEq(gotRst, tc.expectedRst) {
 			t.Errorf("#%d results deep equal has returned: want %v, got %v", i, tc.expectedRst, gotRst)
 		}

linter/rules/dl3005.go

@@ -7,7 +7,7 @@ import (
 )
 
 // validateDL3005 is "Do not use apt-get upgrade or dist-upgrade."
-func validateDL3005(node *parser.Node) (rst []ValidateResult, err error) {
+func validateDL3005(node *parser.Node, _ *RuleOptions) (rst []ValidateResult, err error) {
 	for _, child := range node.Children {
 		if child.Value == RUN {
 			var isAptGet, isUpgrade bool

linter/rules/dl3005_test.go

@@ -32,7 +32,7 @@ CMD ["go", "run", "main.go"]
 			t.Errorf("#%d parse error %s", i, tc.dockerfileStr)
 		}
 
-		gotRst, gotErr := validateDL3005(rst.AST)
+		gotRst, gotErr := validateDL3005(rst.AST, nil)
 		if !isValidateResultEq(gotRst, tc.expectedRst) {
 			t.Errorf("#%d results deep equal has returned: want %v, got %v", i, tc.expectedRst, gotRst)
 		}

linter/rules/dl3006.go

@@ -9,7 +9,7 @@ import (
 var regexDL3006 = regexp.MustCompile(`.+[:].+`)
 
 // validateDL3006 Always tag the version of an image explicitly"
-func validateDL3006(node *parser.Node) (rst []ValidateResult, err error) {
+func validateDL3006(node *parser.Node, _ *RuleOptions) (rst []ValidateResult, err error) {
 	for _, child := range node.Children {
 		if child.Value == FROM && !regexDL3006.MatchString(child.Next.Value) {
 			rst = append(rst, ValidateResult{line: child.StartLine})

linter/rules/dl3006_test.go

@@ -32,7 +32,7 @@ CMD ["go", "run", "main.go"]
 			t.Errorf("#%d parse error %s", i, tc.dockerfileStr)
 		}
 
-		gotRst, gotErr := validateDL3006(rst.AST)
+		gotRst, gotErr := validateDL3006(rst.AST, nil)
 		if !isValidateResultEq(gotRst, tc.expectedRst) {
 			t.Errorf("#%d results deep equal has returned: want %v, got %v", i, tc.expectedRst, gotRst)
 		}

linter/rules/dl3007.go

@@ -9,7 +9,7 @@ import (
 var regexDL3007 = regexp.MustCompile(`.*:latest`)
 
 // validateDL3007 Using latest is prone to errors if the image will ever update. Pin the version explicitly to a release tag.
-func validateDL3007(node *parser.Node) (rst []ValidateResult, err error) {
+func validateDL3007(node *parser.Node, _ *RuleOptions) (rst []ValidateResult, err error) {
 	for _, child := range node.Children {
 		if child.Value == FROM && regexDL3007.MatchString(child.Next.Value) {
 			rst = append(rst, ValidateResult{line: child.StartLine})

linter/rules/dl3007_test.go

@@ -32,7 +32,7 @@ CMD ["go", "run", "main.go"]
 			t.Errorf("#%d parse error %s", i, tc.dockerfileStr)
 		}
 
-		gotRst, gotErr := validateDL3007(rst.AST)
+		gotRst, gotErr := validateDL3007(rst.AST, nil)
 		if !isValidateResultEq(gotRst, tc.expectedRst) {
 			t.Errorf("#%d results deep equal has returned: want %v, got %v", i, tc.expectedRst, gotRst)
 		}

linter/rules/dl3008.go

@@ -10,7 +10,7 @@ import (
 var regexDL3008 = regexp.MustCompile(`.+=.+`)
 
 // validateDL3008 Pin versions in apt get install. Instead of `apt-get install <package>` use `apt-get install <package>=<version>`
-func validateDL3008(node *parser.Node) (rst []ValidateResult, err error) {
+func validateDL3008(node *parser.Node, _ *RuleOptions) (rst []ValidateResult, err error) {
 	for _, child := range node.Children {
 		if child.Value == RUN {
 			var isAptGet, isInstall bool

linter/rules/dl3008_test.go

@@ -59,7 +59,7 @@ RUN \
 			t.Errorf("#%d parse error %s", i, tc.dockerfileStr)
 		}
 
-		gotRst, gotErr := validateDL3008(rst.AST)
+		gotRst, gotErr := validateDL3008(rst.AST, nil)
 		if !isValidateResultEq(gotRst, tc.expectedRst) {
 			t.Errorf("#%d results deep equal has returned: want %v, got %v", i, tc.expectedRst, gotRst)
 		}

linter/rules/dl3009.go

@@ -7,7 +7,7 @@ import (
 )
 
 // validateDL3009 Delete the apt-get lists after installing something.
-func validateDL3009(node *parser.Node) (rst []ValidateResult, err error) {
+func validateDL3009(node *parser.Node, _ *RuleOptions) (rst []ValidateResult, err error) {
 	for _, child := range node.Children {
 		if child.Value == RUN && isDL3009Error(child) {
 			rst = append(rst, ValidateResult{line: child.StartLine})

linter/rules/dl3009_test.go

@@ -38,7 +38,7 @@ CMD ["go", "run", "main.go"]
 			t.Errorf("#%d parse error %s", i, tc.dockerfileStr)
 		}
 
-		gotRst, gotErr := validateDL3009(rst.AST)
+		gotRst, gotErr := validateDL3009(rst.AST, nil)
 		if !isValidateResultEq(gotRst, tc.expectedRst) {
 			t.Errorf("#%d results deep equal has returned: want %v, got %v", i, tc.expectedRst, gotRst)
 		}

linter/rules/dl3010.go

@@ -10,7 +10,7 @@ import (
 var isCompressionExt = regexp.MustCompile(`(?:\.tar\.gz|tar\.bz|\.tar.xz|\.tgz|\.tbz)$`)
 
 // validateDL3010 Use ADD for extracting archives into an image.
-func validateDL3010(node *parser.Node) (rst []ValidateResult, err error) {
+func validateDL3010(node *parser.Node, _ *RuleOptions) (rst []ValidateResult, err error) {
 	for _, child := range node.Children {
 		if child.Value == COPY {
 			args := strings.Fields(child.Next.Value)

linter/rules/dl3010_test.go

@@ -29,7 +29,7 @@ CMD ["go", "run", "main.go"]
 			t.Errorf("#%d parse error %s", i, tc.dockerfileStr)
 		}
 
-		gotRst, gotErr := validateDL3010(rst.AST)
+		gotRst, gotErr := validateDL3010(rst.AST, nil)
 		if !isValidateResultEq(gotRst, tc.expectedRst) {
 			t.Errorf("#%d results deep equal has returned: want %v, got %v", i, tc.expectedRst, gotRst)
 		}

linter/rules/dl3011.go

@@ -8,7 +8,7 @@ import (
 )
 
 // validateDL3011 Valid UNIX ports range from 0 to 65535
-func validateDL3011(node *parser.Node) (rst []ValidateResult, err error) {
+func validateDL3011(node *parser.Node, _ *RuleOptions) (rst []ValidateResult, err error) {
 	for _, child := range node.Children {
 		if child.Value == EXPOSE {
 			port := child.Next

linter/rules/dl3011_test.go

@@ -36,7 +36,7 @@ EXPOSE hoge
 			t.Errorf("#%d parse error %s", i, tc.dockerfileStr)
 		}
 
-		gotRst, gotErr := validateDL3011(rst.AST)
+		gotRst, gotErr := validateDL3011(rst.AST, nil)
 		if !isValidateResultEq(gotRst, tc.expectedRst) {
 			t.Errorf("#%d results deep equal has returned: want %v, got %v", i, tc.expectedRst, gotRst)
 		}

linter/rules/dl3012.go

@@ -5,7 +5,7 @@ package rules
 //)
 //
 //// validateDL3012 Provide an email address or URL as maintainer.
-//func validateDL3012(node *parser.Node) (rst []ValidateResult, err error) {
+//func validateDL3012(node *parser.Node, _ *RuleOptions) (rst []ValidateResult, err error) {
 //	for _, child := range node.Children {
 //		if child.Value == MAINTAINER {
 //