Missing Flag From Dnf Install

• Query id: 7ebd323c-31b7-4e5b-b26f-de5e9e477af8
• Query name: Missing Flag From Dnf Install
• Platform: Dockerfile
• Severity: Low
• Category: Supply-Chain
• CWE: 710
• URL: Github

Description

The '-y' or '--assumeyes' flag should be added when invoking dnf install. If omitted, it can cause the command to fail during the build process, because dnf would expect manual input.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - dockerfile file

FROM fedora:27
RUN set -uex && \
    dnf config-manager --set-enabled docker-ce-test && \
    dnf install docker-ce && \
    dnf clean all

FROM fedora:28
RUN set -uex
RUN dnf config-manager --set-enabled docker-ce-test
RUN dnf in docker-ce
RUN dnf clean all

Positive test num. 2 - dockerfile file

FROM fedora:27
RUN set -uex; \
    dnf config-manager --set-enabled docker-ce-test; \
    dnf install docker-ce; \
    dnf clean all

FROM fedora:28
RUN set -uex
RUN dnf config-manager --set-enabled docker-ce-test
RUN dnf in docker-ce
RUN dnf clean all

Code samples without security vulnerabilities

Negative test num. 1 - dockerfile file

FROM fedora:27
RUN set -uex && \
    dnf config-manager --set-enabled docker-ce-test && \
    dnf install -y docker-ce && \
    dnf clean all

Negative test num. 2 - dockerfile file

FROM fedora:27
RUN set -uex; \
    dnf config-manager --set-enabled docker-ce-test; \
    dnf install -y docker-ce; \
    dnf clean all

Negative test num. 3 - dockerfile file

FROM fedora:27
RUN microdnf install -y \
    openssl-libs-1:1.1.1k-6.el8_5.x86_64 \
    zlib-1.2.11-18.el8_5.x86_64 \
 && microdnf clean all