APT-GET Missing '-y' To Avoid Manual Input

  • Query id: 77783205-c4ca-4f80-bb80-c777f267c547
  • Query name: APT-GET Missing '-y' To Avoid Manual Input
  • Platform: Dockerfile
  • Severity: Medium
  • Category: Supply-Chain
  • URL: Github

Description

Check if apt-get calls use the flag -y to avoid user manual input.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - dockerfile file
FROM node:12
RUN apt-get install python=2.7
RUN apt-get install apt-utils
RUN ["apt-get", "install", "apt-utils"]
Positive test num. 2 - dockerfile file
FROM node:12
RUN sudo apt-get install python=2.7
RUN sudo apt-get install apt-utils
RUN ["sudo", "apt-get", "install", "apt-utils"]
Positive test num. 3 - dockerfile file
FROM node:12
RUN DUMMY=test apt-get install python=2.7

Code samples without security vulnerabilities

Negative test num. 1 - dockerfile file
FROM node:12
RUN apt-get -y install apt-utils
RUN apt-get -qy install git gcc
RUN ["apt-get", "-y", "install", "apt-utils"]
Negative test num. 2 - dockerfile file
FROM node:12
RUN sudo apt-get -y install apt-utils
RUN sudo apt-get -qy install git gcc
RUN ["sudo", "apt-get", "-y", "install", "apt-utils"]