Comments (1)
meldaravaniel
commented on May 24, 2024
@Ruben-Silva I was poking around my kics tf vulnerabilities report, and I initially thought this query was incorrect (maybe based on assuming it's the same for Ansible?). According to both terraform documentation, and my cluster state, the structure of the master_auth block is:
master_auth {
client_certificate_config {
issue_client_certificate = false
}
}But the Ansible docs are more helpful in this case, stating this is not a thing in clusters using GKE < 1.19. It seems prudent to keep the query in case folks on old versions are using Kics, and it might be too much work to determine the version since some people may be using variables that aren't defined in the resource itself. To that end, I think the message should include the affected version. Also recommend matching the wording of the "must have master auth enabled" query to be more clear.
I've created this PR in case you agree: #6153
from kics.
Related Issues (20)
- bug(engine): stack-overflow HOT 13
- bug(docker): images are inconsistently publishing multiplatform builds HOT 4
- bug(parser): evaluating Terrform functions with null values as params HOT 1
- bug(parser): poor openapi parsing performance HOT 4
- feat(scan): do not trigger false alerts on `ExternalSecrets` file HOT 2
- bug(ansible): not detecting yaml inventory since v1.7.11 HOT 5
- bug(parser): poor openapi parsing performance when using --enable-openapi-refs HOT 1
- feat(bicep): bicep support HOT 3
- feat(results): update to support cyclonedx bom schema 1.5
- bug(rule): rule KMS Key With Full Permissions is creating false alarms
- bug(result): false positive with variable type detection
- bug(query): false positive from dockerfile/apt_get_install_lists_were_not_deleted HOT 2
- bug(scan): ignore-block in yaml file applies to the top-level block
- bug(results): wrong version of cyclonedx schema generated
- feat(query): false negatives for Azure Function app
- bug(cicd): yaml parser transform number to string
- bug(scan): scan fails to create new OS thread
- bug(scan): ansible false positive (in mysql_user at update_password)
- bug(cloudformation): api_gateway_access_logging_disabled not working for HTTP API Gateways
- bug(cloudformation): s3 bucket setup with KMS managed encryption w/o KMS key yields `S3 Bucket SSE Disabled` HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kics.