From 1ab5016ae6d34719fca910d66aa535d2af8611b0 Mon Sep 17 00:00:00 2001
From: YiscahLevySilas1 <yiscahls@armosec.io>
Date: Tue, 8 Aug 2023 17:22:32 +0300
Subject: [PATCH] alert *any* hostpath

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>
---
 rules/alert-any-hostpath/raw.rego | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/rules/alert-any-hostpath/raw.rego b/rules/alert-any-hostpath/raw.rego
index def2a1566..9daf7f79e 100644
--- a/rules/alert-any-hostpath/raw.rego
+++ b/rules/alert-any-hostpath/raw.rego
@@ -7,7 +7,8 @@ deny[msga] {
     volumes := pod.spec.volumes
     volume := volumes[i]
 	beggining_of_path := "spec."
-	result  := is_dangerous_host_path(volume, beggining_of_path, i)
+	volume.hostPath
+	result := sprintf("%vvolumes[%v].hostPath.path", [beggining_of_path, format_int(i, 10)])
     podname := pod.metadata.name
 
 
@@ -31,7 +32,8 @@ deny[msga] {
     volumes := wl.spec.template.spec.volumes
     volume := volumes[i]
 	beggining_of_path := "spec.template.spec."
-    result  := is_dangerous_host_path(volume, beggining_of_path, i)
+    volume.hostPath
+	result := sprintf("%vvolumes[%v].hostPath.path", [beggining_of_path, format_int(i, 10)])
 
 
 	msga := {
@@ -53,7 +55,8 @@ deny[msga] {
     volumes := wl.spec.jobTemplate.spec.template.spec.volumes
     volume := volumes[i]
 	beggining_of_path := "spec.jobTemplate.spec.template.spec."
-    result  := is_dangerous_host_path(volume, beggining_of_path, i)
+    volume.hostPath
+	result := sprintf("%vvolumes[%v].hostPath.path", [beggining_of_path, format_int(i, 10)])
 	msga := {
 		"alertMessage": sprintf("%v: %v has: %v as hostPath volume", [wl.kind, wl.metadata.name, volume.name]),
 		"packagename": "armo_builtins",
@@ -65,15 +68,3 @@ deny[msga] {
 		}
 	}
 }
-
-
-
-is_dangerous_host_path(volume, beggining_of_path, i) = path {
-    startswith(volume.hostPath.path, "/etc")
-	path = sprintf("%vvolumes[%v].hostPath.path", [beggining_of_path, format_int(i, 10)])
-}
-
-is_dangerous_host_path(volume, beggining_of_path, i) = path {
-    startswith(volume.hostPath.path, "/var")
-	path = sprintf("%vvolumes[%v].hostPath.path", [beggining_of_path, format_int(i, 10)])
-}
\ No newline at end of file