daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixed lint error

patch-4
Prince Chaddha 2024-06-18 15:27:27 +04:00
parent 7ae624e9d8
commit 623251bba4
7 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cloud/kubernetes/deployments/k8s-seccomp-profile-set.yaml
View File

@ -37,7 +37,7 @@ javascript:
- code: | - code: |
deployment = JSON.parse(template.deployment); deployment = JSON.parse(template.deployment);
deployment.spec.template.spec.containers.forEach(container => { deployment.spec.template.spec.containers.forEach(container => {
if (container.securityContext && container.securityContext.seccompProfile && if (container.securityContext && container.securityContext.seccompProfile &&
(container.securityContext.seccompProfile.type === 'RuntimeDefault' || container.securityContext.seccompProfile.type === 'DockerDefault')) { (container.securityContext.seccompProfile.type === 'RuntimeDefault' || container.securityContext.seccompProfile.type === 'DockerDefault')) {
// No action needed, configured properly // No action needed, configured properly
} else { } else {

4
cloud/kubernetes/network-policies/k8s-netpol-egress-rules.yaml
View File

@ -1,4 +1,4 @@
id: netpol-egress-rules id: k8s-netpol-egress-rules
info: info:
name: Network policies define egress rules name: Network policies define egress rules
@ -34,7 +34,7 @@ code:
javascript: javascript:
- code: | - code: |
let policyData = JSON.parse(template.policy); let policyData = JSON.parse(template.policy);
if (!policyData.egress || policyData.egress.length === 0) { if (!policyData.egress || policyData.egress.length === 0) {
let result = (`Network policy '${policyData.policy}' does not define egress rules.`); let result = (`Network policy '${policyData.policy}' does not define egress rules.`);
Export(result); Export(result);

4
cloud/kubernetes/network-policies/k8s-network-ingress-rules.yaml
View File

@ -1,4 +1,4 @@
id: k8s-ingress-rules id: k8s-network-ingress-rules
info: info:
name: Define network ingress rules name: Define network ingress rules
@ -35,7 +35,7 @@ code:
javascript: javascript:
- code: | - code: |
let policyData = JSON.parse(template.policy); let policyData = JSON.parse(template.policy);
if (!policyData.ingress || policyData.ingress.length === 0) { if (!policyData.ingress || policyData.ingress.length === 0) {
let result = `Network policy '${policyData.policy}' does not define any ingress rules.`; let result = `Network policy '${policyData.policy}' does not define any ingress rules.`;
Export(result); Export(result);

2
cloud/kubernetes/pods/k8s-allow-privilege-escalation-set.yaml
View File

@ -34,7 +34,7 @@ code:
javascript: javascript:
- code: | - code: |
let podData = JSON.parse(template.container); let podData = JSON.parse(template.container);
podData.containers.forEach(container => { podData.containers.forEach(container => {
if (container.securityContext && container.securityContext.allowPrivilegeEscalation === true) { if (container.securityContext && container.securityContext.allowPrivilegeEscalation === true) {
let result = (`Container '${container.name}' in pod '${podData.pod}' running with allowPrivilegeEscalation enabled.`); let result = (`Container '${container.name}' in pod '${podData.pod}' running with allowPrivilegeEscalation enabled.`);

2
cloud/kubernetes/pods/k8s-readonly-rootfs.yaml
View File

@ -35,7 +35,7 @@ code:
javascript: javascript:
- code: | - code: |
let podData = JSON.parse(template.pod); let podData = JSON.parse(template.pod);
podData.containers.forEach(container => { podData.containers.forEach(container => {
if (container.securityContext && container.securityContext.readOnlyRootFilesystem !== true) { if (container.securityContext && container.securityContext.readOnlyRootFilesystem !== true) {
let result = (`Container '${container.name}' in pod '${podData.pod}' is not running with a read-only root filesystem.`); let result = (`Container '${container.name}' in pod '${podData.pod}' is not running with a read-only root filesystem.`);

2
cloud/kubernetes/pods/k8s-root-user-id.yaml
View File

@ -34,7 +34,7 @@ code:
javascript: javascript:
- code: | - code: |
let podData = JSON.parse(template.pod); let podData = JSON.parse(template.pod);
podData.containers.forEach(container => { podData.containers.forEach(container => {
if (container.securityContext && container.securityContext.runAsUser === 0) { if (container.securityContext && container.securityContext.runAsUser === 0) {
let result = (`Container '${container.name}' in pod '${podData.pod}' is running with root user ID.`); let result = (`Container '${container.name}' in pod '${podData.pod}' is running with root user ID.`);

4
cloud/kubernetes/security-compliance/k8s-svc-acct-issuer-set.yaml
View File

@ -23,13 +23,13 @@ code:
- bash - bash
source: | source: |
kubectl get pods -n kube-system -l component=kube-apiserver -o jsonpath="{.items[*].spec.containers[*].command}" kubectl get pods -n kube-system -l component=kube-apiserver -o jsonpath="{.items[*].spec.containers[*].command}"
matchers-condition: and matchers-condition: and
matchers: matchers:
- type: word - type: word
words: words:
- 'kube-apiserver' - 'kube-apiserver'
- type: word - type: word
words: words:
- "service-account-issuer" - "service-account-issuer"