From 5362807992eff14639e4bb17b63740d156cfe804 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Wed, 29 Nov 2023 22:40:23 +0700 Subject: [PATCH] feat: add kubernetes.io/dockerc(onfigjson|fg) secrets (#8718) Signed-off-by: Dwi Siswanto --- .../kubernetes-dockercfg-secret.yaml | 22 +++++++++++++++++++ .../kubernetes-dockerconfigjson-secret.yaml | 22 +++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 file/keys/kubernetes/kubernetes-dockercfg-secret.yaml create mode 100644 file/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml diff --git a/file/keys/kubernetes/kubernetes-dockercfg-secret.yaml b/file/keys/kubernetes/kubernetes-dockercfg-secret.yaml new file mode 100644 index 0000000000..0ebd7579bc --- /dev/null +++ b/file/keys/kubernetes/kubernetes-dockercfg-secret.yaml @@ -0,0 +1,22 @@ +id: kubernetes-dockercfg-secret + +info: + name: kubernetes.io/dockercfg Secret + author: dwisiswant0 + severity: info + reference: + - https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets + metadata: + verified: true + tags: kubernetes,k8s,file,keys,secret + +file: + - extensions: + - yaml + - yml + + extractors: + - type: regex + part: body + regex: + - \.dockercfg:\s+["']?e(w|y)[\w=]+["']? diff --git a/file/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml b/file/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml new file mode 100644 index 0000000000..e5cb684a50 --- /dev/null +++ b/file/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml @@ -0,0 +1,22 @@ +id: kubernetes-dockerconfigjson-secret + +info: + name: kubernetes.io/dockerconfigjson Secret + author: dwisiswant0 + severity: info + reference: + - https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets + metadata: + verified: true + tags: kubernetes,k8s,file,keys,secret + +file: + - extensions: + - yaml + - yml + + extractors: + - type: regex + part: body + regex: + - \.dockerconfigjson:\s+["']?e(w|y)[\w=]+["']?