Modify rule S6505: Fix FN by mentioning standalone yarn command (#3142

)
SonarSource · Sep 25, 2023 · fd8de68 · fd8de68
1 parent ac6f02d
commit fd8de68
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/rules/S6505/docker/rule.adoc b/rules/S6505/docker/rule.adoc
@@ -18,18 +18,21 @@ for dependencies to work correctly.
 Doing this will reduce the attack surface and block a well-known supply chain
 attack vector.
 
+Commands that are subject to this issue are: `npm install`, `yarn install` and `yarn`
+(`yarn` without an explicit command will execute `install`).
+
 
 == Sensitive Code Example
 
-[source,docker]
+[source,docker,diff-id=1,diff-type=noncompliant]
 ----
 FROM node:latest
 
 # Sensitive
 RUN npm install
 ----
 
-[source,docker]
+[source,docker,diff-id=2,diff-type=noncompliant]
 ----
 FROM node:latest
 
@@ -39,14 +42,14 @@ RUN yarn install
 
 == Compliant Solution
 
-[source,docker]
+[source,docker,diff-id=1,diff-type=compliant]
 ----
 FROM node:latest
 
 RUN npm install --ignore-scripts
 ----
 
-[source,docker]
+[source,docker,diff-id=2,diff-type=compliant]
 ----
 FROM node:latest
 
@@ -72,7 +75,7 @@ ifdef::env-github,rspecator-view[]
 
 === Highlighting
 
-Highlight the command and the subcommand, if the latter is present.
+Highlight the command and the subcommand if the latter is present.
 
 '''