# DOCKER-COR-002: Invalid Port Number

> **Severity:** HIGH | **CWE:** CWE-20

- **Language:** Docker
- **Category:** Correctness
- **URL:** https://codepathfinder.dev/registry/docker/correctness/DOCKER-COR-002
- **Detection:** `pathfinder scan --ruleset docker/DOCKER-COR-002 --project .`

## Description

Detects EXPOSE instructions with invalid port numbers.
Valid ports are 1-65535.

## Vulnerable Code

```python
EXPOSE 0
EXPOSE 70000
```

## Secure Code

```python
EXPOSE 8080
EXPOSE 443
```

## Detection Rule (Python SDK)

```python
from codepathfinder.container_decorators import dockerfile_rule
from codepathfinder.container_matchers import instruction
from codepathfinder.container_combinators import any_of


@dockerfile_rule(
    id="DOCKER-COR-002",
    name="Invalid Port Number",
    severity="HIGH",
    cwe="CWE-20",
    category="correctness",
    tags="docker,dockerfile,port,expose,validation,input-validation,correctness,networking,configuration",
    message="EXPOSE instruction has invalid port number. Valid ports are 1-65535."
)
def invalid_port():
    return any_of(
        instruction(type="EXPOSE", port_less_than=1),
        instruction(type="EXPOSE", port_greater_than=65535)
    )
```

## How to Fix

- Review your Dockerfile to address the invalid port number issue
- Follow Docker official best practices for image building
- Use docker build --check to validate Dockerfile syntax and best practices

## FAQ

**Q: Why does this rule flag invalid port number?**

EXPOSE instruction has invalid port number. Valid ports are 1-65535.

**Q: How do I fix this?**

Review the secure code example in the playground above and apply the recommended pattern to your Dockerfile or docker-compose.yml.

---

Source: https://codepathfinder.dev/registry/docker/correctness/DOCKER-COR-002
Code Pathfinder — Open source, type-aware SAST with cross-file dataflow analysis