mirror of
https://github.com/FairwindsOps/polaris.git
synced 2026-05-21 00:24:13 +00:00
2b17c31957
* Bump lins * Code refactoring * Fixign issues * Fixing issues * Fixing issues * Fixing issues * [WIP] * [WIP] * [WIP] * Trying to fix tests * Trying to fix tests * Fixing issues * Fixing issues * Fixing issues * Fixing issues * Fixing issues * Fixing issues * Revert go mod * Revert go mod * Revert go mod * Revert go mod * Fixing issues * Fixing issue * Code refactoring * Updating json schema version * Updating json schema version
44 lines
1.4 KiB
YAML
44 lines
1.4 KiB
YAML
successMessage: The ConfigMap does not contain potentially sensitive content in its keys and values
|
|
failureMessage: Potentially sensitive content is detected in the ConfigMap keys or values
|
|
category: Security
|
|
target: /ConfigMap
|
|
schemaString: |
|
|
'$schema': https://json-schema.org/draft/2019-09/schema
|
|
type: object
|
|
required: ["metadata"]
|
|
properties:
|
|
metadata:
|
|
required: ["name"]
|
|
properties:
|
|
name:
|
|
type: string
|
|
data:
|
|
type: object
|
|
propertyNames:
|
|
'$comment': These ConfigMap keys will be disallowed.
|
|
allOf:
|
|
- not:
|
|
pattern: '(?i)^AWS_SECRET_ACCESS_KEY$'
|
|
- not:
|
|
pattern: '(?i)^GOOGLE_APPLICATION_CREDENTIALS$'
|
|
- not:
|
|
pattern: '(?i)^AZURE_.+KEY$'
|
|
- not:
|
|
pattern: '(?i)^OCI_CLI_KEY_CONTENT$'
|
|
- not:
|
|
pattern: '(?i)password'
|
|
- not:
|
|
pattern: '(?i)token'
|
|
- not:
|
|
pattern: '(?i)bearer'
|
|
- not:
|
|
pattern: '(?i)secret'
|
|
'$comment': This allows ConfigMap keys not excluded above.
|
|
- pattern: '(?i).*'
|
|
additionalProperties:
|
|
'$comment': These ConfigMap values will be disallowed.
|
|
allOf:
|
|
- not:
|
|
'$comment': THis matches variations like begin private key, begin rsa private key ...
|
|
pattern: '(?i)\s*-BEGIN\s+.*PRIVATE KEY-\s*'
|