Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fail for irrelevant resources #53

Merged
merged 2 commits into from
Jan 13, 2024
Merged

fix: fail for irrelevant resources #53

merged 2 commits into from
Jan 13, 2024

Conversation

itaysk
Copy link
Contributor

@itaysk itaysk commented Jan 10, 2024

reported in aquasecurity/trivy#4922 since the failRootGroupId rule is given a default value, it doesn't fail the deny rule and results in a false detection. added an explicit check for the failRootGropuId truthiness to resolve.

also fixed the sad path test
however I'm not sure how we're supposed to run the tests and if it's indeed broken

@itaysk
fix: fail for irrelevant resources
c54c2ec 
reported in aquasecurity/trivy#4922
since the failRootGroupId rule is given a default value, it doesn't fail
the deny rule and results in a false detection. added an explicit check for
the failRootGropuId truthiness to resolve.

also fixed the sad path test
@itaysk itaysk requested a review from simar7 as a code owner January 10, 2024 16:16
@itaysk itaysk mentioned this pull request Jan 10, 2024
Closed
@itaysk
Copy link
Contributor Author

itaysk commented Jan 10, 2024

p.s I would expect the selector subtype to have prevent this bug, no?

@simar7
Copy link
Member

simar7 commented Jan 10, 2024

p.s I would expect the selector subtype to have prevent this bug, no?

k8s subtypes support was just added, we need to bump the dependency for it to pick it up. I'm taking care of it.

@simar7 simar7 merged commit d755c3b into aquasecurity:main Jan 13, 2024
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simar7 simar7 simar7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@itaysk @simar7