You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Multiple apt-get update and apt-get install commands can be used in a single RUN instruction.
Actual Behavior
For the following two Dockerfiles the query "Update Instruction Alone" reports a problem. There is no update command that is not followed by an install command in these Dockerfiles.
FROM alpine
RUN if ! which gpg ; then \
(apt-get update ;apt-get install --no-install-recommends gnupg=2.2.19 -y ) ; \
fi ; \
if ! gpg --version | grep -q '^gpg (GnuPG) 1\.' ; then \
(apt-get update ;apt-get install --no-install-recommends dirmngr=2.2.19 -y ) ; \
fi ; \
rm -rf /var/lib/apt/lists/*
FROM node:19.7.0
RUN npm install sqlite3; apt-get update ;apt-get install --no-install-recommends g++;
Specifications
Version: snapshot-34973e9d
Platform: Docker
Subsystem: Dockerfiles
Query: 9bae49be-0aa3-4de5-bab2-4c3a069e40cd
The text was updated successfully, but these errors were encountered:
malte-laukoetter
changed the title
Query "Update Instruction Alone" false positive for multiple update statements in a single RUN instruction
Query "Update Instruction Alone" false detection for multiple update/install commands
Aug 16, 2022
Hi @Lergin, I hope you are doing Great!!
I am happy to tell you that there is already a PR to improve the checks for update and install keywords in this Security Query.
Expected Behavior
Multiple
apt-get update
andapt-get install
commands can be used in a singleRUN
instruction.Actual Behavior
For the following two Dockerfiles the query "Update Instruction Alone" reports a problem. There is no update command that is not followed by an install command in these Dockerfiles.
Specifications
The text was updated successfully, but these errors were encountered: