Shell Running A Pipe Without Pipefail Flag
- Query id: efbf148a-67e9-42d2-ac47-02fa1c0d0b22
- Query name: Shell Running A Pipe Without Pipefail Flag
- Platform: Dockerfile
- Severity: Medium
- Category: Insecure Defaults
- URL: Github
Description¶
Check if shell commands with pipes (except Powershell) have the pipefail flag set (-o).
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - dockerfile file
FROM node:12
RUN zsh ./some_output | ./some_script
RUN [ "/bin/bash", "./some_output", "|", "./some_script" ]