nuclei-templates/cloud/kubernetes/pods/k8s-root-user-id.yaml

id: k8s-root-user-id

info:
  name: Pods run with root user ID
  author: princechaddha
  severity: low
  description: Checks for pods running with the user ID of the root user, increasing security risks.
  impact: |
    Running pods with the root user ID can allow malicious entities to gain unnecessary privileges, leading to potential compromises in the Kubernetes environment.
  remediation: Configure pods to run with a non-root user ID by setting the 'securityContext' for each container and the pod itself.
  reference:
    - https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  tags: cloud,devops,kubernetes,devsecops,pods,k8s,k8s-cluster-security

flow: |
  code(1);
  for (let pod of template.items) {
    set("pod", pod)
    javascript(1);
  }

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: kubectl get pods --all-namespaces --output=json
    extractors:
      - type: json
        name: items
        internal: true
        json:
          - '.items[] | {pod: .metadata.name, containers: .spec.containers}'

javascript:
  - code: |
        let podData = JSON.parse(template.pod);
        podData.containers.forEach(container => {
          if (container.securityContext && container.securityContext.runAsUser === 0) {
            let result = (`Container '${container.name}' in pod '${podData.pod}' is running with root user ID.`);
            Export(result);
          }
        });

    extractors:
      - type: dsl
        dsl:
          - response
# digest: 4a0a004730450220517a362ea6e79742e15c12dcf13275a23e3507c4a8c72f25f0a5620100cce53a022100d04b0c6d1bf0da1801dc9c6c9bea05701fa7e0e43570cd5b8ad9fb90294aa44c:922c64590222798bb761d5b6d8e72950
added network-policies templates 2024-06-14 07:49:43 +00:00			`id: k8s-root-user-id`

			`info:`
			`name: Pods run with root user ID`
			`author: princechaddha`
			`severity: low`
			`description: Checks for pods running with the user ID of the root user, increasing security risks.`
			`impact: \|`
			`Running pods with the root user ID can allow malicious entities to gain unnecessary privileges, leading to potential compromises in the Kubernetes environment.`
			`remediation: Configure pods to run with a non-root user ID by setting the 'securityContext' for each container and the pod itself.`
			`reference:`
			`- https://kubernetes.io/docs/tasks/configure-pod-container/security-context/`
added kubernetes cluster security profile 2024-06-18 12:04:45 +00:00			`tags: cloud,devops,kubernetes,devsecops,pods,k8s,k8s-cluster-security`
added network-policies templates 2024-06-14 07:49:43 +00:00
			`flow: \|`
			`code(1);`
			`for (let pod of template.items) {`
			`set("pod", pod)`
			`javascript(1);`
			`}`

			`self-contained: true`
			`code:`
			`- engine:`
			`- sh`
			`- bash`
			`source: kubectl get pods --all-namespaces --output=json`
			`extractors:`
			`- type: json`
			`name: items`
			`internal: true`
			`json:`
			`- '.items[] \| {pod: .metadata.name, containers: .spec.containers}'`

			`javascript:`
			`- code: \|`
fixed lint error 2024-06-18 11:27:27 +00:00			`let podData = JSON.parse(template.pod);`
added network-policies templates 2024-06-14 07:49:43 +00:00			`podData.containers.forEach(container => {`
			`if (container.securityContext && container.securityContext.runAsUser === 0) {`
			let result = (`Container '${container.name}' in pod '${podData.pod}' is running with root user ID.`);
			`Export(result);`
			`}`
			`});`

			`extractors:`
			`- type: dsl`
			`dsl:`
			`- response`
Auto Template Signing [Tue Jun 25 11:14:32 UTC 2024] :robot: 2024-06-25 11:14:32 +00:00			`# digest: 4a0a004730450220517a362ea6e79742e15c12dcf13275a23e3507c4a8c72f25f0a5620100cce53a022100d04b0c6d1bf0da1801dc9c6c9bea05701fa7e0e43570cd5b8ad9fb90294aa44c:922c64590222798bb761d5b6d8e72950`