Apt Get Install Lists Were Not Deleted

• Query id: df746b39-6564-4fed-bf85-e9c44382303c
• Query name: Apt Get Install Lists Were Not Deleted
• Platform: Dockerfile
• Severity: Info
• Category: Supply-Chain
• CWE: 459
• URL: Github

Description

After using apt-get install, it is needed to delete apt-get lists
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - dockerfile file

FROM busybox1
RUN apt-get update && apt-get install --no-install-recommends -y python

FROM busybox2
RUN apt-get install python

FROM busybox3
RUN apt-get update && apt-get install --no-install-recommends -y python
RUN rm -rf /var/lib/apt/lists/*

FROM busybox4
RUN apt-get update && apt-get install --no-install-recommends -y python
RUN rm -rf /var/lib/apt/lists/*
RUN apt-get clean

Positive test num. 2 - dockerfile file

FROM busybox5
RUN set -eux; \
    apt-get update; \
    apt-get install -y --no-install-recommends package=0.0.0

Code samples without security vulnerabilities

Negative test num. 1 - dockerfile file

FROM busyboxneg1
RUN apt-get update && apt-get install --no-install-recommends -y python \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*

FROM busyboxneg2
RUN apt-get update && apt-get install --no-install-recommends -y python && apt-get clean

FROM busyboxneg3
RUN apt-get update && apt-get install --no-install-recommends -y python \
  && apt-get clean

FROM busyboxneg4
RUN apt-get update && apt-get install --no-install-recommends -y python \
  && rm -rf /var/lib/apt/lists/*

Negative test num. 2 - dockerfile file

FROM busyboxneg5
RUN apt-get update; \
  apt-get install --no-install-recommends -y python; \
  apt-get clean; \
  rm -rf /var/lib/apt/lists/*

FROM busyboxneg6
RUN apt-get update; \
  apt-get install --no-install-recommends -y python; \
  apt-get clean

FROM busyboxneg7
RUN set -eux; \
    apt-get update; \
    apt-get install -y --no-install-recommends package=0.0.0; \
    rm -rf /var/lib/apt/lists/*