-
Notifications
You must be signed in to change notification settings - Fork 297
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #6889 from Checkmarx/joaom/kics-1218
fix(query): improve queries Container Memory Requests Not Equal To It's Limits and Container CPU Requests Not Equal To It's Limits
- Loading branch information
Showing
8 changed files
with
70 additions
and
15 deletions.
There are no files selected for viewing
6 changes: 3 additions & 3 deletions
6
assets/queries/k8s/container_cpu_requests_not_equal_to_its_limits/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,11 @@ | ||
{ | ||
"id": "9d43040e-e703-4e16-8bfe-8d4da10fa7e6", | ||
"queryName": "Container CPU Requests Not Equal To It's Limits", | ||
"queryName": "Container CPU Requests Not Equal To Its Limits", | ||
"severity": "LOW", | ||
"category": "Resource Management", | ||
"category": "Best Practices", | ||
"descriptionText": "A Pod's Containers must have the same CPU requests as limits set, which is recommended to avoid resource DDOS of the node during spikes. This means the 'requests.cpu' must equal 'limits.cpu', and both be defined.", | ||
"descriptionUrl": "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", | ||
"platform": "Kubernetes", | ||
"descriptionID": "3e1c6d16", | ||
"cwe": "" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
21 changes: 21 additions & 0 deletions
21
assets/queries/k8s/container_cpu_requests_not_equal_to_its_limits/test/negative1.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
#this code is a correct code for which the query should not find any result | ||
apiVersion: v1 | ||
kind: Pod | ||
metadata: | ||
name: frontend | ||
spec: | ||
containers: | ||
- name: app | ||
image: images.my-company.example/app:v4 | ||
resources: | ||
requests: | ||
memory: "128Mi" | ||
limits: | ||
memory: "128Mi" | ||
- name: log-aggregator | ||
image: images.my-company.example/log-aggregator:v6 | ||
resources: | ||
requests: | ||
memory: "128Mi" | ||
limits: | ||
memory: "128Mi" |
8 changes: 4 additions & 4 deletions
8
...ies/k8s/container_cpu_requests_not_equal_to_its_limits/test/positive_expected_result.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 2 additions & 2 deletions
4
assets/queries/k8s/container_memory_requests_not_equal_to_its_limits/metadata.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,11 +1,11 @@ | ||
{ | ||
"id": "aafa7d94-62de-4fbf-8838-b69ee217b0e6", | ||
"queryName": "Container Memory Requests Not Equal To It's Limits", | ||
"queryName": "Container Memory Requests Not Equal To Its Limits", | ||
"severity": "LOW", | ||
"category": "Resource Management", | ||
"descriptionText": "A Pod's Containers must have the same Memory requests as limits set, which is recommended to avoid resource DDOS of the node during spikes. This means the 'requests.memory' must equal 'limits.memory', and both be defined.", | ||
"descriptionUrl": "https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", | ||
"platform": "Kubernetes", | ||
"descriptionID": "0c15063c", | ||
"cwe": "" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
20 changes: 20 additions & 0 deletions
20
assets/queries/k8s/container_memory_requests_not_equal_to_its_limits/test/negative1.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
apiVersion: v1 | ||
kind: Pod | ||
metadata: | ||
name: frontend | ||
spec: | ||
containers: | ||
- name: app | ||
image: images.my-company.example/app:v4 | ||
resources: | ||
requests: | ||
cpu: "500m" | ||
limits: | ||
cpu: "500m" | ||
- name: log-aggregator | ||
image: images.my-company.example/log-aggregator:v6 | ||
resources: | ||
requests: | ||
cpu: "500m" | ||
limits: | ||
cpu: "500m" |
8 changes: 4 additions & 4 deletions
8
.../k8s/container_memory_requests_not_equal_to_its_limits/test/positive_expected_result.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters