nuclei-templates/cloud/kubernetes/network-policies/k8s-netpol-namespace.yaml

id: k8s-netpol-namespace

info:
  name: Network Policies specify namespace
  author: princechaddha
  severity: medium
  description: Checks for Kubernetes Network Policies that do not specify a namespace, which can lead to potential misconfigurations and security issues.
  impact: |
    Omitting the namespace in Network Policies can cause the policies to apply incorrectly, potentially exposing Kubernetes resources to unauthorized access. This poses a security risk by not isolating network traffic properly within the cluster.
  remediation: |
    Ensure that all Network Policies explicitly define a namespace to maintain proper network isolation and security boundaries.
  reference:
    - https://kubernetes.io/docs/concepts/services-networking/network-policies/
  tags: cloud,devops,kubernetes,devsecops,k8s,k8s-cluster-security

flow: |
  code(1);
  for (let policy of template.items) {
    set("policy", policy)
    javascript(1);
  }

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: kubectl get netpol --all-namespaces --output=json
    extractors:
      - type: json
        name: items
        internal: true
        json:
          - '.items[] | {policy: .metadata.name, namespace: .metadata.namespace}'

javascript:
  - code: |
        let policyData = JSON.parse(template.policy);
        if (!policyData.namespace) {
          let result = (`Network Policy '${policyData.policy}' does not specify a namespace.`);
          Export(result);
        }

    extractors:
      - type: dsl
        dsl:
          - response
# digest: 4b0a00483046022100a7a99b20e705b40f456f020120dbdc38203e9c7f83d53b71bbc0af6797ee66260221009031e85d86065e75668a3ec1dfeb488792ceb00272ad63592f819e073d410d3c:922c64590222798bb761d5b6d8e72950
added security and compliance templates 2024-06-16 06:24:40 +00:00			`id: k8s-netpol-namespace`

			`info:`
			`name: Network Policies specify namespace`
			`author: princechaddha`
			`severity: medium`
			`description: Checks for Kubernetes Network Policies that do not specify a namespace, which can lead to potential misconfigurations and security issues.`
			`impact: \|`
			`Omitting the namespace in Network Policies can cause the policies to apply incorrectly, potentially exposing Kubernetes resources to unauthorized access. This poses a security risk by not isolating network traffic properly within the cluster.`
			`remediation: \|`
			`Ensure that all Network Policies explicitly define a namespace to maintain proper network isolation and security boundaries.`
			`reference:`
			`- https://kubernetes.io/docs/concepts/services-networking/network-policies/`
added kubernetes cluster security profile 2024-06-18 12:04:45 +00:00			`tags: cloud,devops,kubernetes,devsecops,k8s,k8s-cluster-security`
added security and compliance templates 2024-06-16 06:24:40 +00:00
			`flow: \|`
			`code(1);`
			`for (let policy of template.items) {`
			`set("policy", policy)`
			`javascript(1);`
			`}`

			`self-contained: true`
			`code:`
			`- engine:`
			`- sh`
			`- bash`
			`source: kubectl get netpol --all-namespaces --output=json`
			`extractors:`
			`- type: json`
			`name: items`
			`internal: true`
			`json:`
			`- '.items[] \| {policy: .metadata.name, namespace: .metadata.namespace}'`

			`javascript:`
			`- code: \|`
			`let policyData = JSON.parse(template.policy);`
			`if (!policyData.namespace) {`
			let result = (`Network Policy '${policyData.policy}' does not specify a namespace.`);
			`Export(result);`
			`}`

			`extractors:`
			`- type: dsl`
			`dsl:`
			`- response`
Auto Template Signing [Tue Jun 25 11:14:32 UTC 2024] :robot: 2024-06-25 11:14:32 +00:00			`# digest: 4b0a00483046022100a7a99b20e705b40f456f020120dbdc38203e9c7f83d53b71bbc0af6797ee66260221009031e85d86065e75668a3ec1dfeb488792ceb00272ad63592f819e073d410d3c:922c64590222798bb761d5b6d8e72950`