Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Duplicate similarity_id for 2 resource types in the same file #6103

Closed
niro-lightspin opened this issue Jan 23, 2023 · 1 comment · Fixed by #6111
Closed

Duplicate similarity_id for 2 resource types in the same file #6103

niro-lightspin opened this issue Jan 23, 2023 · 1 comment · Fixed by #6111
Labels
bug Something isn't working community Community contribution

Comments

@niro-lightspin
Copy link

niro-lightspin commented Jan 23, 2023
edited
Loading

Not sure if that's a bug but we found a duplicate similarity_id for 2 resource types in the same file

{
"query_name": "ServiceAccount Allows Access Secrets",
"query_id": "056ac60e-fe07-4acc-9b34-8e1d51716ab9",
"query_url": "https://kubernetes.io/docs/reference/access-authn-authz/rbac/",
"severity": "MEDIUM",
"platform": "Kubernetes",
"category": "Secret Management",
"description": "Roles and ClusterRoles when binded, should not use get, list or watch as verbs",
"description_id": "79619280",
"files": [
{
"file_name": "../ingress_takeover.yaml",
"similarity_id": "97148540dde559c5d4cdf9770ea286105f13c07626bb1f29120eefe69790c54d",
"line": 51,
"resource_type": "ClusterRole",
"resource_name": "ingress-nginx",
"issue_type": "IncorrectValue",
"search_key": "metadata.name={{ingress-nginx}}.rules",
"search_line": 0,
"search_value": "",
"expected_value": "The metadata.name={{ingress-nginx}}.rules.verbs should not contain the following verbs: [["list", "watch"]]",
"actual_value": "The metadata.name={{ingress-nginx}}.rules.verbs contain the following verbs: [["list", "watch"]]"
},
{
"file_name": "../ingress_takeover.yaml",
"similarity_id": "97148540dde559c5d4cdf9770ea286105f13c07626bb1f29120eefe69790c54d",
"line": 51,
"resource_type": "Role",
"resource_name": "ingress-nginx",
"issue_type": "IncorrectValue",
"search_key": "metadata.name={{ingress-nginx}}.rules",
"search_line": 0,
"search_value": "",
"expected_value": "The metadata.name={{ingress-nginx}}.rules.verbs should not contain the following verbs: [["get", "list", "watch"]]",
"actual_value": "The metadata.name={{ingress-nginx}}.rules.verbs contain the following verbs: [["get", "list", "watch"]]"
}
]
}
@niro-lightspin niro-lightspin added bug Something isn't working community Community contribution labels Jan 23, 2023
@cxMiguelSilva cxMiguelSilva mentioned this issue Jan 26, 2023
Merged
@cxMiguelSilva
Copy link
Collaborator

Hi @niro-lightspin, hope you are doing great!
I am glad to inform you that this issue is being addressed in #6111.
The similarity id was the same for the results because the similarity id is computed using the path, query id, and search key which were the same for those 2 results.
Thank you so much for finding this bug.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working community Community contribution
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(query): update query searchline to avoid duplicate similarity id Checkmarx/kics
2 participants
@cxMiguelSilva @niro-lightspin