mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-02-14 18:09:54 +00:00
2b17c31957
* Bump lins * Code refactoring * Fixign issues * Fixing issues * Fixing issues * Fixing issues * [WIP] * [WIP] * [WIP] * Trying to fix tests * Trying to fix tests * Fixing issues * Fixing issues * Fixing issues * Fixing issues * Fixing issues * Fixing issues * Revert go mod * Revert go mod * Revert go mod * Revert go mod * Fixing issues * Fixing issue * Code refactoring * Updating json schema version * Updating json schema version
53 lines
1.9 KiB
YAML
53 lines
1.9 KiB
YAML
successMessage: The container does not set potentially sensitive environment variables
|
|
failureMessage: The container sets potentially sensitive environment variables
|
|
category: Security
|
|
target: Container
|
|
schemaString: |
|
|
'$schema': https://json-schema.org/draft/2019-09/schema
|
|
type: object
|
|
properties:
|
|
env:
|
|
type: array
|
|
items:
|
|
type: object
|
|
anyOf:
|
|
- not:
|
|
required: ["value"]
|
|
- required: ["name", "value"]
|
|
properties:
|
|
name:
|
|
type: string
|
|
'$comment': These environment variable names will be disallowed.
|
|
allOf:
|
|
- not:
|
|
pattern: '(?i)^AWS_SECRET_ACCESS_KEY$'
|
|
- not:
|
|
pattern: '(?i)^GOOGLE_APPLICATION_CREDENTIALS$'
|
|
- not:
|
|
pattern: '(?i)^AZURE_.+KEY$'
|
|
- not:
|
|
pattern: '(?i)^OCI_CLI_KEY_CONTENT$'
|
|
- not:
|
|
pattern: '(?i)password'
|
|
- not:
|
|
pattern: '(?i)token'
|
|
- not:
|
|
pattern: '(?i)bearer'
|
|
- not:
|
|
pattern: '(?i)secret'
|
|
'$comment': This allows variable names not excluded above.
|
|
- pattern: '(?i).*'
|
|
value:
|
|
type: string
|
|
'$comment': These environment variable values will be disallowed.
|
|
allOf:
|
|
- not:
|
|
'$comment': THis matches variations like begin private key, begin rsa private key ...
|
|
pattern: '(?i)\s*-BEGIN\s+.*PRIVATE KEY-\s*'
|
|
- required: ["name", "valueFrom"]
|
|
properties:
|
|
name:
|
|
type: string
|
|
valueFrom:
|
|
type: object
|