Test #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Open

chyde2 wants to merge 1 commit into main from chyde2-patch-1

Owner

chyde2 commented Mar 20, 2025

No description provided.


          Add files via upload

b074b11

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

+                            #!/bin/bash
+                            echo "Hello, World!" > index.html
+                            nohup python -m SimpleHTTPServer 80 &
+                            export access_key = "AKIAIOSFODNN7EXAMAAA"

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] AWS Access Key
Rule ID: APPSEC_SECRET_2

Description

AWS Access Keys

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

+                            echo "Hello, World!" > index.html
+                            nohup python -m SimpleHTTPServer 80 &
+                            export access_key = "AKIAIOSFODNN7EXAMAAA"
+                            export secret_key = "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"

cortex-appsec-jp bot Mar 20, 2025

LOW

[Secret] Random High Entropy String
Rule ID: APPSEC_SECRET_80

Description

Random High Entropy Strings

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

+                  id      = aws_launch_template.example.id
+                }
+                metadata_options {

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+                  <groupId>org.example</groupId>
+                  <artifactId>log4j-rce</artifactId>
+                  <version>1.0-SNAPSHOT</version>
+                  <packaging>jar</packaging>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+                      <mainClass>MyExample</mainClass>
+                    </manifest>
+                  </archive>
+                  <descriptorRefs>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

+                metadata_options {
+                  http_endpoint = "enabled"
+                  http_tokens   = "required"

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

log4j.yaml

+                automountServiceAccountToken: false
+                securityContext:
+                  seccompProfile:
+                    type: RuntimeDefault

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

Dockerfile

+              WORKDIR /usr/src/poc
+              RUN mvn clean && mvn package
+              USER m3
+              HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

+                            echo "Hello, World!" > index.html
+                            nohup python -m SimpleHTTPServer 80 &
+                            export access_key = "AKIAIOSFODNN7EXAMAAA"
+                            export secret_key = "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"

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

+                region     = "us-west-2"
+              }
+              resource "aws_instance" "example" {

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

log4j.yaml

+              apiVersion: v1
+              kind: Pod
+              metadata:
+                name: privileged-pod

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

+                user_data = <<EOF
+                            #!/bin/bash
+                            echo "Hello, World!" > index.html
+                            nohup python -m SimpleHTTPServer 80 &

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

Dockerfile

		HEALTHCHECK CMD curl --fail http://localhost:3000 \|\| exit 1


		CMD ["java", "-jar", "/usr/src/poc/target/log4j-rce-1.0-SNAPSHOT-jar-with-dependencies.jar"] No newline at end of file

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+                <configuration>
+                  <archive>
+                    <manifest>
+                      <mainClass>MyExample</mainClass>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

+                            echo "Hello, World!" > index.html
+                            nohup python -m SimpleHTTPServer 80 &
+                            export access_key = "AKIAIOSFODNN7EXAMAAA"
+                            export secret_key = "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"

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

+                }
+                metadata_options {
+                  http_endpoint = "enabled"

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

@@ @@ -0,0 +1,54 @@ @@
+              <?xml version="1.0" encoding="UTF-8"?>
+              <project xmlns="http://maven.apache.org/POM/4.0.0"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+                  <version>1.0-SNAPSHOT</version>
+                  <packaging>jar</packaging>
+                  <dependencies>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

		@@ -0,0 +1,71 @@
		provider "aws" {

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+                    </manifest>
+                  </archive>
+                  <descriptorRefs>
+                    <descriptorRef>jar-with-dependencies</descriptorRef>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

+                instance_type   = "t2.micro"
+                key_name        = "example_keypair"
+                subnet_id       = "example_subnet_id"
+                vpc_security_group_ids = ["example_security_group_id"]

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+              <project xmlns="http://maven.apache.org/POM/4.0.0"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+                  <modelVersion>4.0.0</modelVersion>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+                  <packaging>jar</packaging>
+                  <dependencies>
+                      <dependency>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

+                  http_endpoint = "enabled"
+                  http_tokens   = "required"
+                }
+                ebs_optimized = true

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+                  </descriptorRefs>
+                </configuration>
+                <executions>
+                  <execution>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

		@@ -0,0 +1,54 @@
		<?xml version="1.0" encoding="UTF-8"?>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

+                  encrypted     = true
+                }
+                launch_template {

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+              <?xml version="1.0" encoding="UTF-8"?>
+              <project xmlns="http://maven.apache.org/POM/4.0.0"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

log4j.yaml

+              kind: Pod
+              metadata:
+                name: privileged-pod
+                namespace: my-namespace

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+                    <descriptorRef>jar-with-dependencies</descriptorRef>
+                  </descriptorRefs>
+                </configuration>
+                <executions>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+                   <build>
+                  <plugins>
+              <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

Dockerfile

+              WORKDIR /usr/src/poc
+              RUN mvn clean && mvn package
+              USER m3
+              HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+                  <plugins>
+              <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <configuration>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

+                region     = "us-west-2"
+              }
+              resource "aws_instance" "example" {

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+                  <groupId>org.example</groupId>
+                  <artifactId>log4j-rce</artifactId>
+                  <version>1.0-SNAPSHOT</version>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+                <configuration>
+                  <archive>
+                    <manifest>
+                      <mainClass>MyExample</mainClass>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

ec2.tf

+                key_name        = "example_keypair"
+                subnet_id       = "example_subnet_id"
+                vpc_security_group_ids = ["example_security_group_id"]
+                associate_public_ip_address = false

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

@@ @@ -0,0 +1,54 @@ @@
+              <?xml version="1.0" encoding="UTF-8"?>
+              <project xmlns="http://maven.apache.org/POM/4.0.0"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

pom.xml

+                  <modelVersion>4.0.0</modelVersion>
+                  <groupId>org.example</groupId>
+                  <artifactId>log4j-rce</artifactId>

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp bot reviewed

View reviewed changes

Dockerfile

		HEALTHCHECK CMD curl --fail http://localhost:3000 \|\| exit 1


		CMD ["java", "-jar", "/usr/src/poc/target/log4j-rce-1.0-SNAPSHOT-jar-with-dependencies.jar"] No newline at end of file

cortex-appsec-jp bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet