add new attack paths for security risks

attack-tracks/external-wl-unauthenticated.json

@@ -0,0 +1,20 @@
+{
+    "apiVersion": "regolibrary.kubescape/v1alpha1",
+    "kind": "AttackTrack",
+    "metadata": {
+        "name": "external-database-without-authentication"
+    },
+    "spec": {
+        "version": "1.0",
+        "data": {
+            "name": "Initial Access",
+            "description": "An attacker can access the Kubernetes environment.",
+            "subSteps": [
+                {
+                    "name": "Unauthenticated Access",
+                    "description": "An unauthenticated attacker can access resources."
+                }
+            ]
+        }
+    }
+}

attack-tracks/external-wl-with-cluster-takeover-roles.json

@@ -0,0 +1,20 @@
+{
+    "apiVersion": "regolibrary.kubescape/v1alpha1",
+    "kind": "AttackTrack",
+    "metadata": {
+        "name": "external-workload-with-cluster-takeover-roles"
+    },
+    "spec": {
+        "version": "1.0",
+        "data": {
+            "name": "Initial Access",
+            "description": "An attacker can access the Kubernetes environment.",
+            "subSteps": [
+                {
+                    "name": "Cluster Access",
+                    "description": "An attacker has access to sensitive information and can leverage them by creating pods in the cluster."
+                }
+            ]
+        }
+    }
+}

controls/C-0256-exposuretointernet.json

@@ -16,6 +16,18 @@
                 "categories": [
                     "Initial Access"
                 ]
+            },
+            {
+                "attackTrack": "external-workload-with-cluster-takeover-roles",
+                "categories": [
+                    "Initial Access"
+                ]
+            },
+            {
+                "attackTrack": "external-database-without-authentication",
+                "categories": [
+                    "Initial Access"
+                ]
             }
         ]
     },

controls/C-0267-workloadwithclustertakeoverroles.json

@@ -1,6 +1,18 @@
 {
     "name": "Workload with cluster takeover roles",
-    "attributes": {},
+    "attributes": {
+        "controlTypeTags": [
+            "security"
+        ],
+        "attackTracks": [
+            {
+                "attackTrack": "external-workload-with-cluster-takeover-roles",
+                "categories": [
+                    "Cluster Access"
+                ]
+            }
+        ]
+    },
     "description": "Cluster takeover roles include workload creation or update and secret access. They can easily lead to super privileges in the cluster. If an attacker can exploit this workload then the attacker can take over the cluster using the RBAC privileges this workload is assigned to.",
     "remediation": "You should apply least privilege principle. Make sure each service account has only the permissions that are absolutely necessary.",
     "rulesNames": [

frameworks/security.json

@@ -182,6 +182,12 @@
                 "name": "Authenticated user has sensitive permissions"
             }
         },
+        {
+            "controlID": "C-0267",
+            "patch": {
+                "name": "Workload with cluster takeover roles"
+            }
+        },
         {
             "controlID": "C-0270",
             "patch": {
@@ -193,6 +199,18 @@
             "patch": {
                 "name": "Ensure memory limits are set"
             }
+        },
+        {
+            "controlID": "C-0272",
+            "patch": {
+                "name": "Workload with administrative roles"
+            }
+        },
+        {
+            "controlID": "C-0273",
+            "patch": {
+                "name": "Outdated Kubernetes version"
+            }
         }
     ]
 }