Skip to content

fix(query): improving Volume Mount With OS Directory Write Permissions k8s query#7508

Merged
cx-miguel-dasilva merged 3 commits into
masterfrom
AST-94893
Jun 30, 2025
Merged

fix(query): improving Volume Mount With OS Directory Write Permissions k8s query#7508
cx-miguel-dasilva merged 3 commits into
masterfrom
AST-94893

Conversation

@cx-artur-ribeiro

@cx-artur-ribeiro cx-artur-ribeiro commented Jun 25, 2025

Copy link
Copy Markdown
Contributor

Reason for Proposed Changes

  • Improve the query to not only search for the readOnly property, but also for recursiveReadOnly;
  • configMaps and secrets should not be detected since they are readOnly by default;

Proposed Changes

  • Add a check for configMaps and secrets volumes;
  • Add a check for the recursiveReadOnly property ;
  • Update query fields in order to correctly reflect the actual and expected values, as well as the searchKey;
  • Add more positive and negative cases to reflect all the possibilities for the query update (missing, vulnerable and not vulnerable cases);

I submit this contribution under the Apache-2.0 license.

@cx-artur-ribeiro cx-artur-ribeiro self-assigned this Jun 25, 2025
@cx-artur-ribeiro cx-artur-ribeiro requested a review from a team as a code owner June 25, 2025 17:53
@github-actions github-actions Bot added query New query feature kubernetes Kubernetes query labels Jun 25, 2025
@github-actions

github-actions Bot commented Jun 25, 2025

Copy link
Copy Markdown
Contributor

kics-logo

KICS version: v2.1.7

Category Results
CRITICAL CRITICAL 0
HIGH HIGH 0
MEDIUM MEDIUM 0
LOW LOW 0
INFO INFO 0
TRACE TRACE 0
TOTAL TOTAL 0
Metric Values
Files scanned placeholder 1
Files parsed placeholder 1
Files failed to scan placeholder 0
Total executed queries placeholder 47
Queries failed to execute placeholder 0
Execution time placeholder 0

cx-rui-araujo
cx-rui-araujo approved these changes Jun 27, 2025
View reviewed changes

@cx-rui-araujo cx-rui-araujo left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Great work 🐈‍⬛

cx-miguel-dasilva
cx-miguel-dasilva approved these changes Jun 30, 2025
View reviewed changes

@cx-miguel-dasilva cx-miguel-dasilva left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@cx-miguel-dasilva cx-miguel-dasilva merged commit 4c8d0c9 into master Jun 30, 2025
25 checks passed
@cx-miguel-dasilva cx-miguel-dasilva deleted the AST-94893 branch June 30, 2025 15:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@cx-miguel-dasilva cx-miguel-dasilva cx-miguel-dasilva approved these changes

@cx-rui-araujo cx-rui-araujo cx-rui-araujo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@cx-artur-ribeiro cx-artur-ribeiro

Labels

kubernetes Kubernetes query query New query feature

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cx-artur-ribeiro @cx-miguel-dasilva @cx-rui-araujo