Curl or Wget Instead of Add
- Query id: 4b410d24-1cbe-4430-a632-62c9a931cf1c
- Query name: Curl or Wget Instead of Add
- Platform: Dockerfile
- Severity: Low
- Category: Best Practices
- CWE: 610
- URL: Github
Description¶
Use of Curl or Wget should be done instead of Add to fetch packages from remote URLs due to the use of Add being strongly discouraged
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - dockerfile file
FROM openjdk:10-jdk
VOLUME /tmp
ADD https://example.com/big.tar.xz /usr/src/things/
RUN tar -xJf /usr/src/things/big.tar.xz -C /usr/src/things
RUN make -C /usr/src/things all