fix(kubernetes): solve core net raw check

2025-12-19 05:17:47 +00:00 · 2024-05-23 11:23:13 -04:00 · 2024-05-23 10:10:55 -04:00
1 changed files with 9 additions and 6 deletions
--- a/prowler/providers/kubernetes/services/core/core_minimize_net_raw_capability_admission/core_minimize_net_raw_capability_admission.py
+++ b/prowler/providers/kubernetes/services/core/core_minimize_net_raw_capability_admission/core_minimize_net_raw_capability_admission.py
@@ -13,12 +13,15 @@ class core_minimize_net_raw_capability_admission(Check):
            report.status = "PASS"
            report.status_extended = f"Pod {pod.name} does not have NET_RAW capability."
            for container in pod.containers.values():
-                if "NET_RAW" in getattr(
-                    getattr(container.security_context, "capabilities", None), "add", []
-                ):
-                    report.status = "FAIL"
-                    report.status_extended = f"Pod {pod.name} has NET_RAW capability in container {container.name}."
-                    break
+                security_context = getattr(container, "security_context", None)
+                if security_context:
+                    capabilities = getattr(security_context, "capabilities", None)
+                    if capabilities:
+                        add_capabilities = getattr(capabilities, "add", [])
+                        if add_capabilities and "NET_RAW" in add_capabilities:
+                            report.status = "FAIL"
+                            report.status_extended = f"Pod {pod.name} has NET_RAW capability in container {container.name}."
+                            break

            findings.append(report)
Author	SHA1	Message	Date
Sergio	53f8ac2d20	fix(kubernetes): solve core net raw check	2024-05-23 11:23:13 -04:00
Sergio	95ed9e31dd	fix(kubernetes): solve core net raw check	2024-05-23 10:10:55 -04:00