Apt Get Install Lists Were Not Deleted

  • Query id: df746b39-6564-4fed-bf85-e9c44382303c
  • Query name: Apt Get Install Lists Were Not Deleted
  • Platform: Dockerfile
  • Severity: Info
  • Category: Supply-Chain
  • URL: Github

Description

After using apt-get install, it is needed to delete apt-get lists
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - dockerfile file
FROM busybox1
RUN apt-get update && apt-get install --no-install-recommends -y python

FROM busybox2
RUN apt-get install python

FROM busybox3
RUN apt-get update && apt-get install --no-install-recommends -y python
RUN rm -rf /var/lib/apt/lists/*

FROM busybox4
RUN apt-get update && apt-get install --no-install-recommends -y python
RUN rm -rf /var/lib/apt/lists/*
RUN apt-get clean

Code samples without security vulnerabilities

Negative test num. 1 - dockerfile file
FROM busyboxneg1
RUN apt-get update && apt-get install --no-install-recommends -y python \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*

FROM busyboxneg2
RUN apt-get update && apt-get install --no-install-recommends -y python && apt-get clean

FROM busyboxneg3
RUN apt-get update && apt-get install --no-install-recommends -y python \
  && apt-get clean

FROM busyboxneg4
RUN apt-get update && apt-get install --no-install-recommends -y python \
  && rm -rf /var/lib/apt/lists/*