Add template for Kubernetes Fake Certificates

ssl/kubernetes-fake-certificate.yaml

@@ -0,0 +1,31 @@
+id: kubernetes-fake-certificate
+
+info:
+  name: Kubernetes Fake Ingress Certificate
+  author: kchason
+  severity: low
+  reference:
+    - https://snyk.io/blog/setting-up-ssl-tls-for-kubernetes-ingress/
+  description: |
+    Kubernetes Ingress controllers use a default self-signed certificate when no certificate is specified. 
+    This certificate is not trusted by any browser and should be replaced with a proper certificate.
+  remediation: |
+    Purchase or generate a proper SSL certificate for this service.
+    https://snyk.io/blog/setting-up-ssl-tls-for-kubernetes-ingress/
+  tags: ssl,kubernetes,tls
+
+ssl:
+  - address: "{{Host}}:{{Port}}"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - 'subject_cn == "Kubernetes Ingress Controller Fake Certificate"'
+          - 'issuer_cn == "Kubernetes Ingress Controller Fake Certificate"'
+        condition: or
+
+    extractors:
+      - type: dsl
+        dsl:
+          - '"Subject: " + subject_cn'
+          - '"Issuer: " + issuer_cn'