logstash
logstash copied to clipboard
Ensuring COPY instruction is used instead of ADD in Dockerfiles
Release notes
[rn:skip]
What does this PR do?
Ensuring COPY instruction is used instead of ADD in all Dockerfiles (and related docs)
Why is it important/What is the impact to the user?
TL;DR - As a security best practice, COPY instruction should be used instead of ADD whenever possible
The COPY instruction simply copies files from the local host machine to the container file system. The ADD instruction could potentially retrieve files from remote URLs and perform operations such as unpacking them. The ADD instruction, therefore, introduces security risks. For example, malicious files may be directly accessed from URLs without scanning, or there may be vulnerabilities associated with decompressing them.
Checklist
- [ ] My code follows the style guidelines of this project
- [ ] ~~I have commented my code, particularly in hard-to-understand areas~~
- [ ] I have made corresponding changes to the documentation
- [ ] I have made corresponding change to the default configuration files (and/or docker env variables)
- [ ] ~~I have added tests that prove my fix is effective or that my feature works~~
Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually?
💚 CLA has been signed
@roaksoax the CLA was signed.
Please let me know if anything is missing in order to push it forward
@lior-orca thanks for the contribution! please make sure that the email you used to sign the CLA is the same used in the git commit: https://patch-diff.githubusercontent.com/raw/elastic/logstash/pull/14423.patch, and that the email is also associated with your git profile.
@jsvd done