APT-GET Missing Flags To Avoid Manual Input
- Query id: 77783205-c4ca-4f80-bb80-c777f267c547
- Query name: APT-GET Missing Flags To Avoid Manual Input
- Platform: Dockerfile
- Severity: Low
- Category: Supply-Chain
- CWE: 710
- URL: Github
Description¶
Check if apt-get calls use flags to avoid user manual input.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - dockerfile file
FROM node:12
RUN apt-get install python=2.7
RUN apt-get install apt-utils
RUN ["apt-get", "install", "apt-utils"]
Positive test num. 2 - dockerfile file
FROM node:12
RUN sudo apt-get install python=2.7
RUN sudo apt-get install apt-utils
RUN ["sudo", "apt-get", "install", "apt-utils"]
Positive test num. 4 - dockerfile file
Positive test num. 5 - dockerfile file
Positive test num. 6 - dockerfile file
Positive test num. 7 - dockerfile file
Code samples without security vulnerabilities¶
Negative test num. 1 - dockerfile file
FROM node:12
RUN apt-get -y install apt-utils
RUN apt-get -qy install git gcc
RUN ["apt-get", "-y", "install", "apt-utils"]
Negative test num. 2 - dockerfile file
FROM node:12
RUN sudo apt-get -y install apt-utils
RUN sudo apt-get -qy install git gcc
RUN ["sudo", "apt-get", "-y", "install", "apt-utils"]
Negative test num. 3 - dockerfile file
FROM node:12
RUN apt-get --yes install apt-utils
RUN ["sudo", "apt-get", "--yes" ,"install", "apt-utils"]