Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Containers_running_as_root query faild to evaluate #3412

Closed
mukeshpilaniya opened this issue May 22, 2021 · 1 comment · Fixed by #3422
Closed

Containers_running_as_root query faild to evaluate #3412

mukeshpilaniya opened this issue May 22, 2021 · 1 comment · Fixed by #3422
Assignees
@mukeshpilaniya
Labels
bug Something isn't working community Community contribution kubernetes Kubernetes query query New query feature
Projects
KICS Queries
Milestone
Query Accuracy

Comments

@mukeshpilaniya
Copy link
Contributor

The query Containers_runs_as_root failed to produce an output

Capture9

Capture10

for this Yaml file

 
---
apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-2
spec:
  securityContext:
    runAsUser: 10
    runAsNonRoot: false
  containers:
  - name: sec-ctx-demo-100
    image: gcr.io/google-samples/node-hello:1.0
    securityContext:
      runAsUser: 0
      runAsNonRoot: false
  - name: sec-ctx-demo-200
    image: gcr.io/google-samples/node-hedwfwllo:1.0
    securityContext:
      runAsUser: 0
      runAsNonRoot: false

Specifications

  • Version: 1.2.3
  • Platform: window
@mukeshpilaniya mukeshpilaniya added the bug Something isn't working label May 22, 2021
@cxlucas
Copy link
Contributor

cxlucas commented May 24, 2021
edited

Hi, @mukeshpilaniya.
Thank you for identifying this problem.
The bug was reproduced and it affects all versions, including the most recent one (1.3.1)
We will check it as soon as possible.

Below a small technical report on the data collected from the problem:

Query: Container Running As Root
ID: cf34805e-3872-4c08-bf92-6ff7bb0cfadb
Error: failed to evaluate query: containers_running_as_root:100 :
eval_conflict_error: functions must not produce
multiple outputs for same inputs

Query: Container Running With Low UID
ID: 02323c00-cdc3-4fdc-a310-4f2b3e7a1660
Error: failed to evaluate query: containers_run_with_low_uid:104:
eval_conflict_error: functions must not produce
multiple outputs for same inputs

A possible solution to the problem can be seen at: https://www.openpolicyagent.org/docs/latest/policy-language/#functions
in the section: eval_conflict_error: functions must not produce multiple outputs for the same inputs

Note: The error does not happen if there is only one container in the test sample.

apiVersion: v1
kind: Pod
metadata:
  name: security-context-demo-2
spec:
  securityContext:
    runAsUser: 10
    runAsNonRoot: false
  containers:
  - name: sec-ctx-demo-100
    image: gcr.io/google-samples/node-hello:1.0
    securityContext:
      runAsUser: 0
      runAsNonRoot: false

@rogeriopeixotocx rogeriopeixotocx mentioned this issue May 24, 2021
Merged
@rogeriopeixotocx rogeriopeixotocx added community Community contribution kubernetes Kubernetes query query New query feature labels May 24, 2021
@rogeriopeixotocx rogeriopeixotocx added this to Backlog in KICS Queries via automation May 24, 2021
@rogeriopeixotocx rogeriopeixotocx added this to the Query Accuracy milestone May 24, 2021
KICS Queries automation moved this from Backlog to Done May 25, 2021
rogeriopeixotocx pushed a commit that referenced this issue May 25, 2021
@mukeshpilaniya
fix(query): fixed issue containers_running_as_root #3412 (#3422)
ea67baa 
Co-authored-by: Pilaniya <mukeshkumar.pilaniya@accenture.com>
Co-authored-by: pilaniyamukesh0@gmail.com <pilaniya50966125>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mukeshpilaniya mukeshpilaniya

Labels
bug Something isn't working community Community contribution kubernetes Kubernetes query query New query feature
Projects
KICS Queries
Done
Milestone
Query Accuracy
Development

Successfully merging a pull request may close this issue.

fix(query): fixed issue containers_running_as_root #3412 mukeshpilaniya/kics
3 participants
@mukeshpilaniya @rogeriopeixotocx @cxlucas