Skip to content

Commit

Permalink
fix(tests): fixed k8saudit rule that used contains on a list.
Browse files Browse the repository at this point in the history
Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
  • Loading branch information
FedeDP authored and poiana committed May 17, 2024
1 parent e3fcfc1 commit f03d938
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion tests/data/rules/k8saudit.go
Original file line number Diff line number Diff line change
Expand Up @@ -347,7 +347,7 @@ var K8SAuditEngineV4K8SAuditRules = run.NewStringFileAccessor(
- rule: ClusterRole With Pod Exec Created
desc: Detect any attempt to create a Role/ClusterRole that can exec to pods
condition: kevt and (role or clusterrole) and kcreate and ka.req.role.rules.resources contains "pods/exec"
condition: kevt and (role or clusterrole) and kcreate and ka.req.role.rules.resources intersects ("pods/exec")
output: Created Role/ClusterRole with pod exec privileges (user=%ka.user.name role=%ka.target.name rules=%ka.req.role.rules)
priority: WARNING
source: k8s_audit
Expand Down

0 comments on commit f03d938

Please sign in to comment.