Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update "Changing Default Shell Using SHELL Command" query for Docker, query and reasoning are in conflict #5118

Closed
malte-laukoetter opened this issue Apr 4, 2022 · 1 comment · Fixed by #5295
Closed

Update "Changing Default Shell Using SHELL Command" query for Docker, query and reasoning are in conflict #5118

malte-laukoetter opened this issue Apr 4, 2022 · 1 comment · Fixed by #5295
Assignees
@cxAndreFelicidade
Labels
community Community contribution query New query feature

Comments

@malte-laukoetter
Copy link

Platform

Docker

Query

8a301064-c291-4b20-adcb-403fe7fd95fd

Description

The query currently checks that the SHELL instruction is not used at all in a Dockerfile. Instead, it suggests changing the shell within every RUN instruction. This conflicts with the Dockerfile reference that is mentioned as the reasoning. Here it is instead suggested that the shell is changed using the SHELL instruction (https://docs.docker.com/engine/reference/builder/#shell) and not in the RUN instructions. When using a command to change the shell (eg. RUN powershell -command) this leads to inefficiencies. The JSON syntax for the RUN instruction could be used to stop this. But the Dockerfile reference instead proposes to use the SHELL instruction as then the RUN instructions are simpler to read. I was not able to find any reasoning for why the SHELL instruction should be avoided.

I would therefore suggest either removing this query, changing it to check that the shell is not changed using the RUN instruction or updating the reasoning if there is one.
@malte-laukoetter malte-laukoetter added the query New query feature label Apr 4, 2022
@kaplanlior kaplanlior added the community Community contribution label Apr 5, 2022
@cxAndreFelicidade cxAndreFelicidade mentioned this issue May 2, 2022
Merged
@cxAndreFelicidade cxAndreFelicidade self-assigned this May 2, 2022
@cxAndreFelicidade
Copy link
Contributor

Hello Lergin, thank you once again for being so attentive! I have refactored the query in question in this PR, thank you for your time!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cxAndreFelicidade cxAndreFelicidade

Labels
community Community contribution query New query feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(queries): fixed Docker queries related to issues 5115, 5116, and 5118 Checkmarx/kics
3 participants
@kaplanlior @malte-laukoetter @cxAndreFelicidade