id: k8s-default-namespace-used

info:
  name: Default Namespace Usage in Deployments
  author: princechaddha
  severity: high
  description: Checks if Kubernetes Deployments are using the default namespace, which can lead to security risks and mismanagement issues.
  impact: |
    Using the default namespace for Kubernetes Deployments can increase security risks as it might allow broader access than necessary. It also complicates resource management across multiple teams and applications.
  remediation: |
    Avoid using the default namespace for Kubernetes Deployments. Create and specify dedicated namespaces tailored to specific applications or teams to enhance security and manage resources effectively.
  reference:
    - https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
  tags: cloud,devops,kubernetes,k8s,devsecops,namespaces,k8s-cluster-security

flow: |
  code(1);
  for (let deployment of template.items) {
    set("deployment", deployment)
    javascript(1);
  }

self-contained: true
code:
  - engine:
      - sh
      - bash
    source: kubectl get deployments --all-namespaces --output=json
    extractors:
      - type: json
        name: items
        internal: true
        json:
          - '.items[]'

javascript:
  - code: |
        deployment = JSON.parse(template.deployment);
        if (deployment.metadata.namespace.toLowerCase() === "default") {
          let result = (`Deployment '${deployment.metadata.name}' is using the default namespace, which is not recommended.`);
          Export(result);
        }

    extractors:
      - type: dsl
        dsl:
          - response
# digest: 4a0a00473045022100cb1a8cc055b7e8807ef5dad291c1259028e3d518155d9340c1fe72cb8a6cfad902201644f419892fe61eeb0bccd7e89bf5e57e87cdfb23374f91551df421236c4585:922c64590222798bb761d5b6d8e72950