Missing Flag From Dnf Install
- Query id: 7ebd323c-31b7-4e5b-b26f-de5e9e477af8
- Query name: Missing Flag From Dnf Install
- Platform: Dockerfile
- Severity: Low
- Category: Supply-Chain
- CWE: 710
- URL: Github
Description¶
The '-y' or '--assumeyes' flag should be added when invoking dnf install. If omitted, it can cause the command to fail during the build process, because dnf would expect manual input.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - dockerfile file
FROM fedora:27
RUN set -uex && \
dnf config-manager --set-enabled docker-ce-test && \
dnf install docker-ce && \
dnf clean all
FROM fedora:28
RUN set -uex
RUN dnf config-manager --set-enabled docker-ce-test
RUN dnf in docker-ce
RUN dnf clean all
Positive test num. 2 - dockerfile file
FROM fedora:27
RUN set -uex; \
dnf config-manager --set-enabled docker-ce-test; \
dnf install docker-ce; \
dnf clean all
FROM fedora:28
RUN set -uex
RUN dnf config-manager --set-enabled docker-ce-test
RUN dnf in docker-ce
RUN dnf clean all
Code samples without security vulnerabilities¶
Negative test num. 1 - dockerfile file
FROM fedora:27
RUN set -uex && \
dnf config-manager --set-enabled docker-ce-test && \
dnf install -y docker-ce && \
dnf clean all