Sub 5260

configurations/scenarios-test-env/README.md

@@ -11,6 +11,7 @@ This is a collection of vulnerable scenarios for the **attack chains** feature.
 * [attack-chain-6](./attack-chain-6/)
 * [attack-chain-7](./attack-chain-7/)
 * [attack-chain-8](./attack-chain-8/)
+* [attack-chain-9](./attack-chain-9/)
 
 ## Requirements
 

configurations/scenarios-test-env/attack-chain-9/01-crd.yaml

@@ -0,0 +1,43 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: servicesscanresults.kubescape.io
+spec:
+  group: kubescape.io
+  names:
+    kind: ServiceScanResult
+    plural: servicesscanresults
+    shortNames:
+      - kssa
+    singular: servicescanresult
+  scope: Namespaced
+  versions:
+    - name: v1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                clusterIP:
+                  type: string
+                ports:
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      port:
+                        type: integer
+                      protocol:
+                        type: string
+                      sessionLayer:
+                        type: string
+                      presentationLayer:
+                        type: string
+                      applicationLayer:
+                        type: string
+                      authenticated:
+                        type: boolean

configurations/scenarios-test-env/attack-chain-9/02-service-unauthnticated.yaml

@@ -0,0 +1,85 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: operator-configmap
+  namespace: default
+data:
+  example-config.txt: |
+    dmVyeSBpbXBvcnRhbnQgZmlsZQ==
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: operator-deployment
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: operator
+  template:
+    metadata:
+      labels:
+        app: operator
+    spec:
+      containers:
+        - name: wordpress
+          image: wordpress:6.0.1-php7.4
+          env:
+            - name: WORDPRESS_DB_HOST
+              value: wordpress-mysql
+            - name: WORDPRESS_DB_NAME
+              value: wordpress
+            - name: WORDPRESS_DB_USER
+              value: root
+            - name: WORDPRESS_DB_PASSWORD
+              value: P4ssw0rd0110
+            - name: WORDPRESS_DEBUG
+              value: "1"
+          ports:
+            - containerPort: 80
+              name: wordpress
+          resources:
+            requests:
+              cpu: 700m
+              memory: "1Gi"
+            limits:
+              cpu: 700m
+              memory: "1Gi"
+          volumeMounts:
+            - name: hostpath-volume
+              mountPath: /tmp
+      volumes:
+        - name: hostpath-volume
+          hostPath:
+            path: /tmp
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: operator
+  namespace: default
+spec:
+  selector:
+    app: operator
+  ports:
+    - protocol: TCP
+      port: 4002
+      targetPort: 80
+  type: NodePort
+---
+apiVersion: kubescape.io/v1
+kind: ServiceScanResult
+metadata:
+  name: operator
+  namespace: default
+spec:
+  clusterIP: 10.103.207.220
+  ports:
+    - applicationLayer: ""
+      authenticated: false
+      port: 4002
+      presentationLayer: http
+      protocol: TCP
+      sessionLayer: tcp

configurations/scenarios-test-env/attack-chain-9/README.md

@@ -0,0 +1,27 @@
+# Attack Chain #9
+
+
+**unauthnticated serivce**
+
+## Steps to reproduce
+
+Create the cluster with **kind** using the provided configuration file:
+
+```shell
+kind create cluster --config kind-config --name attack-chains
+```
+
+Create the crd the deployment:
+
+```shell
+kubectl apply -f 01-crd.yaml
+kubectl apply -f 02-service-unauthnticated.yaml
+```
+
+## Result
+
+After creating the cluster and installing the manifests you should be able to see attack chain composed like so:
+
+* **Public facing database without authentication
+
+

configurations/scenarios-test-env/attack-chain-9/fix_control

@@ -0,0 +1,7 @@
+#!/usr/bin/bash
+
+kubectl delete ServiceScanResult operator -n default
+kubectl wait ServiceScanResult/operator --for=delete --timeout=-1s
+
+kubectl delete deployment operator-deployment -n default
+kubectl wait --for=delete deployment/operator-deployment -n default --timeout=90s

configurations/scenarios-test-env/attack-chain-9/kind-config

@@ -0,0 +1,15 @@
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  image: kindest/node:v1.25.3
+  kubeadmConfigPatches:
+  - |
+    kind: InitConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        node-labels: "ingress-ready=true"
+  extraPortMappings:
+  - containerPort: 30008
+    hostPort: 30008
+    protocol: TCP