COPY '--from' References Current FROM Alias
- Query id: cdddb86f-95f6-4fc4-b5a1-483d9afceb2b
- Query name: COPY '--from' References Current FROM Alias
- Platform: Dockerfile
- Severity: High
- Category: Build Process
- URL: Github
Description¶
COPY '--from' should not mention the current FROM alias, since it is impossible to copy from itself
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Code samples without security vulnerabilities¶
Negative test num. 1 - dockerfile file
FROM golang:1.7.3 AS builder
WORKDIR /go/src/github.com/foo/href-counter/
RUN go get -d -v golang.org/x/net/html
COPY app.go .
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o app .
# another dockerfile
FROM alpine:latest
RUN apk --no-cache add ca-certificates
WORKDIR /root/
COPY --from=builder /go/src/github.com/foo/href-counter/app .
CMD ["./app"]