CKV_DOCKER_9 fires when apt appears as an argument (e.g. to rm -rf )

[jeffcasavant]

Describe the issue
CKV_DOCKER_9 correctly pushes me to use apt-get instead of apt. In my current Dockerfile, I am installing several packages with apt-get, and then I do the following:

cd /var/lib && rm -rf apt dpkg cache log

This causes CKV_DOCKER_9 to fire.

Examples

FROM ubuntu

RUN apt-get update && \
    apt-get install --yes --no-install-recommends \
        git && \
    apt-get clean autoclean && \
    apt-get autoremove --yes && \
    cd /var/lib && \
    rm -rf apt dpkg cache log

Version (please complete the following information):

• 3.2.92

[naveednawazkhan]

Thank you for reaching out, we'll look into this but as a workaround try the following code to avoid alert.

FROM ubuntu

RUN apt-get update && \
    apt-get install --yes --no-install-recommends \
        git && \
    apt-get clean autoclean && \
    apt-get autoremove --yes && \
    cd /var/lib && \
    rm -rf /var/lib/{apt,dpkg,cache,log}

[jeffcasavant]

That was my original formulation, but hadolint was complaining that the bracket expansion thing isn't POSIX.

Combined with SHELL /bin/bash that should work, I think.