[docker-in-docker] - Fix for multiple vulnerability issues related to docker compose-switch component. (#1541)

Kaniska244 · web-flow · commit 97fccabe1f86 · 2026-01-19T16:36:43.000Z
* [docker-in-docker] - Fix for multiple vulnerability issues related to docker compose-switch component.

* Corrections in test scripts as per review comment.
diff --git a/src/docker-in-docker/README.md b/src/docker-in-docker/README.md
@@ -22,7 +22,7 @@ Create child containers *inside* a container, independent from the host's docker
 | azureDnsAutoDetection | Allow automatically setting the dockerd DNS server when the installation script detects it is running in Azure | boolean | true |
 | dockerDefaultAddressPool | Define default address pools for Docker networks. e.g. base=192.168.0.0/16,size=24 | string | - |
 | installDockerBuildx | Install Docker Buildx | boolean | true |
-| installDockerComposeSwitch | Install Compose Switch (provided docker compose is available) which is a replacement to the Compose V1 docker-compose (python) executable. It translates the command line into Compose V2 docker compose then runs the latter. | boolean | true |
+| installDockerComposeSwitch | Install Compose Switch (provided docker compose is available) which is a replacement to the Compose V1 docker-compose (python) executable. It translates the command line into Compose V2 docker compose then runs the latter. | boolean | false |
 | disableIp6tables | Disable ip6tables (this option is only applicable for Docker versions 27 and greater) | boolean | false |
 
 ## Customizations
diff --git a/src/docker-in-docker/devcontainer-feature.json b/src/docker-in-docker/devcontainer-feature.json
@@ -1,6 +1,6 @@
 {
     "id": "docker-in-docker",
-    "version": "2.13.0",
+    "version": "2.14.0",
     "name": "Docker (Docker-in-Docker)",
     "documentationURL": "https://github.com/devcontainers/features/tree/main/src/docker-in-docker",
     "description": "Create child containers *inside* a container, independent from the host's docker instance. Installs Docker extension in the container along with needed CLIs.",
@@ -53,7 +53,7 @@
         },
         "installDockerComposeSwitch": {
             "type": "boolean",
-            "default": true,
+            "default": false,
             "description": "Install Compose Switch (provided docker compose is available) which is a replacement to the Compose V1 docker-compose (python) executable. It translates the command line into Compose V2 docker compose then runs the latter."
         },
         "disableIp6tables": {
diff --git a/src/docker-in-docker/install.sh b/src/docker-in-docker/install.sh
@@ -16,7 +16,7 @@ AZURE_DNS_AUTO_DETECTION="${AZUREDNSAUTODETECTION:-"true"}"
 DOCKER_DEFAULT_ADDRESS_POOL="${DOCKERDEFAULTADDRESSPOOL:-""}"
 USERNAME="${USERNAME:-"${_REMOTE_USER:-"automatic"}"}"
 INSTALL_DOCKER_BUILDX="${INSTALLDOCKERBUILDX:-"true"}"
-INSTALL_DOCKER_COMPOSE_SWITCH="${INSTALLDOCKERCOMPOSESWITCH:-"true"}"
+INSTALL_DOCKER_COMPOSE_SWITCH="${INSTALLDOCKERCOMPOSESWITCH:-"false"}"
 MICROSOFT_GPG_KEYS_URI="https://packages.microsoft.com/keys/microsoft.asc"
 MICROSOFT_GPG_KEYS_ROLLING_URI="https://packages.microsoft.com/keys/microsoft-rolling.asc"
 DOCKER_MOBY_ARCHIVE_VERSION_CODENAMES="trixie bookworm buster bullseye bionic focal jammy noble"
diff --git a/test/docker-in-docker/docker_build.sh b/test/docker-in-docker/docker_build.sh
@@ -9,12 +9,13 @@ source dev-container-features-test-lib
 check "docker-buildx" docker buildx version
 check "docker-build" docker build ./
 
-check "installs compose-switch" bash -c "[[ -f /usr/local/bin/compose-switch ]]"
 check "docker compose" bash -c "docker compose version | grep -E '2.[0-9]+.[0-9]+'"
 check "docker-compose" bash -c "docker-compose --version | grep -E '2.[0-9]+.[0-9]+'"
 
 check "docker-buildx" bash -c "docker buildx version"
 check "docker-buildx-path" bash -c "ls -la /usr/libexec/docker/cli-plugins/docker-buildx"
 
+check "Not installing compose-switch by default" bash -c "[[ ! -f /usr/local/bin/compose-switch ]]"
+
 # Report result
 reportResults
diff --git a/test/docker-in-docker/docker_build_with_compose_switch.sh b/test/docker-in-docker/docker_build_with_compose_switch.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+set -e
+
+# Optional: Import test library
+source dev-container-features-test-lib
+
+# Definition specific tests
+check "docker-buildx" docker buildx version
+check "docker-build" docker build ./
+
+check "docker compose" bash -c "docker compose version | grep -E '2.[0-9]+.[0-9]+'"
+check "docker-compose" bash -c "docker-compose --version | grep -E '2.[0-9]+.[0-9]+'"
+
+check "docker-buildx" bash -c "docker buildx version"
+check "docker-buildx-path" bash -c "ls -la /usr/libexec/docker/cli-plugins/docker-buildx"
+
+check "installs compose-switch as the flag is on" bash -c "[[ -f /usr/local/bin/compose-switch ]]"
+
+# Report result
+reportResults
+
diff --git a/test/docker-in-docker/docker_buildx.sh b/test/docker-in-docker/docker_buildx.sh
@@ -13,7 +13,8 @@ check "docker-buildx" docker buildx version
 check "docker-build" docker build ./
 
 check "installs docker-compose v1 install" bash -c "type docker-compose"
-check "installs compose-switch" bash -c "[[ -f /usr/local/bin/compose-switch ]]"
+
+check "Not installing compose-switch by default" bash -c "[[ ! -f /usr/local/bin/compose-switch ]]"
 
 # Report result
 reportResults
diff --git a/test/docker-in-docker/docker_compose_v2.sh b/test/docker-in-docker/docker_compose_v2.sh
@@ -10,7 +10,8 @@ source dev-container-features-test-lib
 check "docker compose" bash -c "docker compose version | grep -E '2.[0-9]+.[0-9]+'"
 check "docker-compose" bash -c "docker-compose --version | grep -E '2.[0-9]+.[0-9]+'"
 check "installs compose-switch as docker-compose" bash -c "[[ -f /usr/local/bin/docker-compose ]]"
-check "installs compose-switch" bash -c "[[ -f /usr/local/bin/compose-switch ]]"
+
+check "Not installing compose-switch by default" bash -c "[[ ! -f /usr/local/bin/compose-switch ]]"
 
 # Report result
 reportResults
diff --git a/test/docker-in-docker/docker_specific_moby_buildx.sh b/test/docker-in-docker/docker_specific_moby_buildx.sh
@@ -14,7 +14,8 @@ check "docker-buildx" docker buildx version
 check "docker-build" docker build ./
 
 check "installs docker-compose v1 install" bash -c "type docker-compose"
-check "installs compose-switch" bash -c "[[ -f /usr/local/bin/compose-switch ]]"
+
+check "Not installing compose-switch by default" bash -c "[[ ! -f /usr/local/bin/compose-switch ]]"
 
 # Report result
 reportResults
diff --git a/test/docker-in-docker/scenarios.json b/test/docker-in-docker/scenarios.json
@@ -55,6 +55,18 @@
         },
         "remoteUser": "node"
     },
+    "docker_build_with_compose_switch": {
+        "image": "mcr.microsoft.com/devcontainers/javascript-node:0-18",
+        "features": {
+            "docker-in-docker": {
+                "version": "latest",
+                "moby": "false",
+                "dockerDashComposeVersion": "v2",
+                "installDockerComposeSwitch": true
+            }
+        },
+        "remoteUser": "node"
+    },    
     "docker_build_2": {
         "image": "ubuntu:noble",
         "features": {
