DL3040: fix: check clean after dnf install

hadolint · Jun 14, 2023 · d98b136 · d98b136
1 parent b7154d7
commit d98b136
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 4 deletions.
diff --git a/src/Hadolint/Rule/DL3040.hs b/src/Hadolint/Rule/DL3040.hs
@@ -1,6 +1,7 @@
 module Hadolint.Rule.DL3040 (rule) where
 
 import Hadolint.Rule
+import Data.Maybe (fromMaybe)
 import qualified Hadolint.Shell as Shell
 import Language.Docker.Syntax
 
@@ -21,12 +22,12 @@ dl3040 = simpleRule code severity message check
 
     checkMissingClean args cmdName =
       foldArguments (Shell.noCommands $ dnfInstall cmdName) args
-        || ( foldArguments (Shell.anyCommands $ dnfInstall cmdName) args
-               && foldArguments (Shell.anyCommands $ dnfClean cmdName) args
-           )
+        || fromMaybe False (
+             (<) <$> foldArguments (Shell.findCommandIndex $ dnfInstall cmdName) args
+                 <*> foldArguments (Shell.findCommandIndex $ dnfClean cmdName) args)
 
     dnfInstall cmdName = Shell.cmdHasArgs cmdName ["install"]
-    dnfClean cmdName args = Shell.cmdHasArgs cmdName ["clean", "all"] args 
+    dnfClean cmdName args = Shell.cmdHasArgs cmdName ["clean", "all"] args
       || Shell.cmdHasArgs "rm" ["-rf", "/var/cache/yum/*"] args
     dnfCmds = ["dnf", "microdnf"]
 {-# INLINEABLE dl3040 #-}
diff --git a/test/Hadolint/Rule/DL3040Spec.hs b/test/Hadolint/Rule/DL3040Spec.hs
@@ -28,3 +28,5 @@ spec = do
       ruleCatchesNot "DL3040" "RUN microdnf install -y mariadb-10.4 && rm -rf /var/cache/yum/*"
       onBuildRuleCatchesNot "DL3040" "RUN dnf install -y mariadb-10.4 && rm -rf /var/cache/yum/*"
       onBuildRuleCatchesNot "DL3040" "RUN microdnf install -y mariadb-10.4 && rm -rf /var/cache/yum/*"
+    it "not ok with clean before install" $ do
+      ruleCatches "DL3040" "microdnf clean all && RUN dnf install -y mariadb-10.4"