Merge pull request #428 from gauravgogia-accurics/master

Add policy AC-K8-NS-SE-M-0188 for CVE-2020-8554

pkg/policies/opa/rego/k8s/kubernetes_service/cve_2020_8554/AC-K8-NS-SE-M-0188.json

@@ -0,0 +1,15 @@
+{
+    "name": "ensurePrivateIP",
+    "file": "ensurePrivateIP.rego",
+    "template_args": {
+        "name": "ensurePrivateIP",
+        "prefix": "",
+        "resource_type": "kubernetes_service",
+        "suffix": ""
+    },
+    "severity": "MEDIUM",
+    "description": "Vulnerable to CVE-2020-8554",
+    "reference_id": "AC-K8-NS-SE-M-0188",
+    "category": "Network Security",
+    "version": 1
+}

pkg/policies/opa/rego/k8s/kubernetes_service/cve_2020_8554/ensurePrivateIP.rego

@@ -0,0 +1,15 @@
+package accurics
+
+{{.prefix}}{{.name}}{{.suffix}}[service.id] {
+    service := input.{{.resource_type}}[_]
+    type_check(service.config.spec)
+    object.get(service.config.spec, "externalIPs", "undefined") != "undefined"
+}
+
+type_check(spec) {
+    spec.type == "ClusterIP"
+}
+
+type_check(spec) {
+    object.get(spec, "type", "undefined") == "undefined"
+}