dockerfile.best-practice.missing-yum-assume-yes-switch.missing-yum-assume-yes-switch

semgrep

Author

unknown

Download Count*

License

This 'yum install' is missing the '-y' switch. This might stall builds because it requires human intervention. Add the '-y' switch.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: missing-yum-assume-yes-switch
    severity: WARNING
    languages:
      - dockerfile
    patterns:
      - pattern: |
          RUN ... yum install ...
      - pattern-not: |
          RUN ... yum install ... -y ...
      - pattern-not: |
          RUN ... yum ... --assumeyes ...
    message: This 'yum install' is missing the '-y' switch. This might stall builds
      because it requires human intervention. Add the '-y' switch.
    metadata:
      source-rule-url: https://github.com/hadolint/hadolint/wiki/DL3030
      references:
        - https://github.com/hadolint/hadolint/wiki/DL3030
      category: best-practice
      technology:
        - dockerfile
      license: Commons Clause License Condition v1.0[LGPL-2.1-only]

Examples

missing-yum-assume-yes-switch.dockerfile

# cf. https://github.com/hadolint/hadolint/wiki/DL3030

FROM centos
# ruleid: missing-yum-assume-yes-switch
RUN yum install httpd-2.24.4 && yum clean all

# ok: missing-yum-assume-yes-switch
RUN yum install -y httpd-2.24.4 && yum clean all

# ok: missing-yum-assume-yes-switch
RUN yum install --downloadonly -y httpd-2.24.4 python

# ok: missing-yum-assume-yes-switch
RUN yuminstall -y httpd-2.24.4

# ok: missing-yum-assume-yes-switch
RUN yum install -y --downloadonly \
    python3 \
    python3-pip \
    && yum clean all

# ruleid: missing-yum-assume-yes-switch
RUN yum install --downloadonly \
    python3 \
    python3-pip \
    && yum clean all

# ok: missing-yum-assume-yes-switch
RUN yum install --assumeyes \
    --downloadonly \
    python3 \
    python3-pip \
    && yum clean all

Short Link: https://sg.run/vpY4