APT-GET Missing Flags To Avoid Manual Input

  • Query id: 77783205-c4ca-4f80-bb80-c777f267c547
  • Query name: APT-GET Missing Flags To Avoid Manual Input
  • Platform: Dockerfile
  • Severity: Low
  • Category: Supply-Chain
  • CWE: 710
  • URL: Github

Description

Check if apt-get calls use flags to avoid user manual input.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - dockerfile file
FROM node:12
RUN apt-get install python=2.7
RUN apt-get install apt-utils
RUN ["apt-get", "install", "apt-utils"]
Positive test num. 2 - dockerfile file
FROM node:12
RUN sudo apt-get install python=2.7
RUN sudo apt-get install apt-utils
RUN ["sudo", "apt-get", "install", "apt-utils"]
Positive test num. 3 - dockerfile file
FROM node:12
RUN DUMMY=test apt-get install python=2.7

Positive test num. 4 - dockerfile file
FROM node:12
RUN ["sudo", "apt-get", "-q" ,"install", "apt-utils"]
RUN sudo apt-get -q install apt-utils
Positive test num. 5 - dockerfile file
FROM node:12
RUN ["sudo", "apt-get", "--quiet", "install", "apt-utils"] 
RUN sudo apt-get --quiet install apt-utils
Positive test num. 6 - dockerfile file
FROM node:12
RUN sudo apt-get --quiet install sl
RUN ["apt-get", "--quiet" ,"install", "apt-utils"] 
Positive test num. 7 - dockerfile file
FROM node:12
RUN sudo apt-get -q install sl
RUN ["apt-get", "-q", "install", "apt-utils"] 

Code samples without security vulnerabilities

Negative test num. 1 - dockerfile file
FROM node:12
RUN apt-get -y install apt-utils
RUN apt-get -qy install git gcc
RUN ["apt-get", "-y", "install", "apt-utils"]
Negative test num. 2 - dockerfile file
FROM node:12
RUN sudo apt-get -y install apt-utils
RUN sudo apt-get -qy install git gcc
RUN ["sudo", "apt-get", "-y", "install", "apt-utils"]
Negative test num. 3 - dockerfile file
FROM node:12
RUN apt-get --yes install apt-utils
RUN ["sudo", "apt-get", "--yes" ,"install", "apt-utils"]

Negative test num. 4 - dockerfile file
FROM node:12
RUN sudo apt-get -qq install apt-utils
RUN ["apt-get", "-qq", "install", "apt-utils"] 
Negative test num. 5 - dockerfile file
FROM node:12
RUN apt-get --assume-yes install apt-utils
RUN ["sudo", "apt-get", "--assume-yes", "install", "apt-utils"] 
Negative test num. 6 - dockerfile file
FROM node:12
RUN sudo apt-get -q=2 install apt-utils
RUN ["apt-get", "-q=2", "install", "apt-utils"]
Negative test num. 7 - dockerfile file
FROM node:12
RUN apt-get --quiet --quiet install sl
RUN ["apt-get", "--quiet", "--quiet" ,"install", "apt-utils"] 
Negative test num. 8 - dockerfile file
FROM node:12
RUN apt-get -q -q install sl
RUN ["apt-get", "-q", "-q", "apt-utils"]