alert *any* hostpath

Signed-off-by: YiscahLevySilas1 <[email protected]>
kubescape · Aug 8, 2023 · 1ab5016 · 1ab5016
1 parent 361c6fa
commit 1ab5016
Showing 1 changed file with 6 additions and 15 deletions.
diff --git a/rules/alert-any-hostpath/raw.rego b/rules/alert-any-hostpath/raw.rego
@@ -7,7 +7,8 @@ deny[msga] {
     volumes := pod.spec.volumes
     volume := volumes[i]
 	beggining_of_path := "spec."
-	result  := is_dangerous_host_path(volume, beggining_of_path, i)
+	volume.hostPath
+	result := sprintf("%vvolumes[%v].hostPath.path", [beggining_of_path, format_int(i, 10)])
     podname := pod.metadata.name
 
 
@@ -31,7 +32,8 @@ deny[msga] {
     volumes := wl.spec.template.spec.volumes
     volume := volumes[i]
 	beggining_of_path := "spec.template.spec."
-    result  := is_dangerous_host_path(volume, beggining_of_path, i)
+    volume.hostPath
+	result := sprintf("%vvolumes[%v].hostPath.path", [beggining_of_path, format_int(i, 10)])
 
 
 	msga := {
@@ -53,7 +55,8 @@ deny[msga] {
     volumes := wl.spec.jobTemplate.spec.template.spec.volumes
     volume := volumes[i]
 	beggining_of_path := "spec.jobTemplate.spec.template.spec."
-    result  := is_dangerous_host_path(volume, beggining_of_path, i)
+    volume.hostPath
+	result := sprintf("%vvolumes[%v].hostPath.path", [beggining_of_path, format_int(i, 10)])
 	msga := {
 		"alertMessage": sprintf("%v: %v has: %v as hostPath volume", [wl.kind, wl.metadata.name, volume.name]),
 		"packagename": "armo_builtins",
@@ -65,15 +68,3 @@ deny[msga] {
 		}
 	}
 }
-
-
-
-is_dangerous_host_path(volume, beggining_of_path, i) = path {
-    startswith(volume.hostPath.path, "/etc")
-	path = sprintf("%vvolumes[%v].hostPath.path", [beggining_of_path, format_int(i, 10)])
-}
-
-is_dangerous_host_path(volume, beggining_of_path, i) = path {
-    startswith(volume.hostPath.path, "/var")
-	path = sprintf("%vvolumes[%v].hostPath.path", [beggining_of_path, format_int(i, 10)])
-}