Apt Get Install Pin Version Not Defined

  • Query id: 965a08d7-ef86-4f14-8792-4a3b2098937e
  • Query name: Apt Get Install Pin Version Not Defined
  • Platform: Dockerfile
  • Severity: Medium
  • Category: Supply-Chain
  • URL: Github

Description

When installing a package, its pin version should be defined
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - dockerfile file
FROM busybox
RUN apt-get install python
RUN ["apt-get", "install", "python"]

FROM busybox2
RUN apt-get install -y -t python

FROM busybox3
RUN apt-get update && apt-get install -y \
    python-qt4 \
    python-pyside \
    python-pip \
    python3-pip \
    python3-pyqt5

Code samples without security vulnerabilities

Negative test num. 1 - dockerfile file
FROM busybox
RUN apt-get install python=2.7