Skip to content
Kubescape scanning for misconfigurations

Merge pull request #492 from kubescape/bump #1301

Sign in to view logs

Merge pull request #492 from kubescape/bump

Merge pull request #492 from kubescape/bump #1301

GitHub Actions / JUnit Test Report failed Sep 3, 2024 in 0s

1 tests run, 0 passed, 0 skipped, 1 failed.

Annotations

Check failure on line 1 in results_xml_format/basic_incident_presented.xml

See this annotation in the file changed.

@github-actions github-actions / JUnit Test Report

basic_incident_presented 

verify_incident_completed, timeout: 5 minutes, error: Not completed incident {"guid": "fd5bdb66-8e64-4134-81f9-7ec669fa3cae", "name": "Unexpected process launched", "attributes": {"incidentStatus": "incomplete"}, "updatedTime": "2024-09-03T09:27:32Z", "spiffe": "wlid://cluster-kind-systests-f0553324-3fcd-4208-9d56-97a600b8524e/namespace-systest-ns-eurz/deployment-redis-sleep", "resourceID": "", "designators": {"designatorType": "Attributes", "wlid": "wlid://cluster-kind-systests-f0553324-3fcd-4208-9d56-97a600b8524e/namespace-systest-ns-eurz/deployment-redis-sleep", "attributes": {"cluster": "kind-systests-f0553324-3fcd-4208-9d56-97a600b8524e", "clusterShortName": "kind-systests-f0553324-3fcd-4208-9d56-97a600b8524e", "containerName": "redis", "customerGUID": "3f4a257e-11ea-4cee-8bc0-ca8daa65a833", "kind": "Deployment", "name": "redis-sleep", "namespace": "systest-ns-eurz", "nodeName": "systests-f0553324-3fcd-4208-9d56-97a600b8524e-control-plane", "originalCacheEntry": "3f4a257e-11ea-4cee-8bc0-ca8daa65a833/kind-systests-f0553324-3fcd-4208-9d56-97a600b8524e/systests-f0553324-3fcd-4208-9d56-97a600b8524e-control-plane/wlid://cluster-kind-systests-f0553324-3fcd-4208-9d56-97a600b8524e/namespace-systest-ns-eurz/deployment-redis-sleep/redis/fd5bdb66-8e64-4134-81f9-7ec669fa3cae", "podName": "redis-sleep-7bd7d4785f-6nr6t"}}, "arguments": {"retval": 0}, "infectedPID": 12204, "fixSuggestions": "If this is a valid behavior, please add the exec call \"/bin/ls\" to the whitelist in the application profile for the Pod \"redis-sleep-7bd7d4785f-6nr6t\". You can use the following command: kubectl patch applicationprofile replicaset-redis-sleep-7bd7d4785f --namespace systest-ns-eurz --type merge -p '{\"spec\": {\"containers\": [{\"name\": \"redis\", \"execs\": [{\"path\": \"/bin/ls\", \"args\": [\"/bin/ls\",\"-l\",\"/tmp\"]}]}]}}'", "severity": 5, "timestamp": "2024-09-03T09:27:04.071Z", "nanoseconds": 1725355624071079961, "ruleDescription": "Unexpected process launched: /bin/ls in: redis", "kind": {"Group": "", "Version": "", "Kind": ""}, "resource": {"Group": "", "Version": "", "Resource": ""}, "clusterName": "kind-systests-f0553324-3fcd-4208-9d56-97a600b8524e", "containerName": "redis", "hostNetwork": false, "image": "docker.io/library/redis@sha256:92f3e116c1e719acf78004dd62992c3ad56f68f810c93a8db3fe2351bb9722c2", "imageDigest": "sha256:a5b1aed421143f36e2445cb2def7135ab7edb69eaa8066d07c3fa344f1052902", "namespace": "systest-ns-eurz", "nodeName": "systests-f0553324-3fcd-4208-9d56-97a600b8524e-control-plane", "containerID": "2f9f99562734b55ecab6779269f97ad0766de28eed859f34b513a8931f8882cf", "podName": "redis-sleep-7bd7d4785f-6nr6t", "podNamespace": "systest-ns-eurz", "workloadName": "redis-sleep", "workloadNamespace": "systest-ns-eurz", "workloadKind": "Deployment", "alertType": 0, "ruleID": "R0001", "hostName": "", "message": "Unexpected process launched: /bin/ls in: redis", "incidentCategory": "Anomaly", "incidentTypeID": "I013", "policiesApplied": [{"guid": "8ac868dd-5f24-49ef-be31-ec543f7477d6", "name": "Malware-new-systest-kind-e79839a6-7220-4714-b8f5-c4e5386bef55", "enabled": false, "scope": {}, "ruleSetType": "", "updatedBy": "", "notifications": null, "actions": null}, {"guid": "9a82a6a1-a8ab-4382-bdb4-0ba8b48ec19b", "name": "Malware-new-systest-kind-eb731017-244a-4797-ba05-b12240b6761f", "enabled": false, "scope": {}, "ruleSetType": "", "updatedBy": "", "notifications": null, "actions": null}, {"guid": "17794a36-9303-4692-9d6c-8ef419ae0d43", "name": "Anomaly", "enabled": false, "scope": {}, "ruleSetType": "", "updatedBy": "", "notifications": null, "actions": null}], "creationTimestamp": "2024-09-03T09:27:32.459Z", "description": "A process was launched that is not expected to run in the environment.", "incidentSeverity": "Medium", "isDismissed": false, "markedAsFalsePositive": false, "processTree": {"processTree": {"pid": 12204, "cmdline": "/bin/ls -l /tmp", "comm": "ls", "ppid": 12195, "pcomm": "runc", "hardlink": "/bin/busybox", "uid": 0, "gid": 0, "upperLayer": false, "cwd": "/data", "path": "/bin/ls"}, "uniqueID": 0, "containerID": "2f9f99562734b55ecab6779269f97ad0766de28eed859f34b513a8931f8882cf"}}. kwargs: '{'incident_id': 'fd5bdb66-8e64-4134-81f9-7ec669fa3cae'}'
Raw output 
verify_incident_completed, timeout: 5 minutes, error: Not completed incident {"guid": "fd5bdb66-8e64-4134-81f9-7ec669fa3cae", "name": "Unexpected process launched", "attributes": {"incidentStatus": "incomplete"}, "updatedTime": "2024-09-03T09:27:32Z", "spiffe": "wlid://cluster-kind-systests-f0553324-3fcd-4208-9d56-97a600b8524e/namespace-systest-ns-eurz/deployment-redis-sleep", "resourceID": "", "designators": {"designatorType": "Attributes", "wlid": "wlid://cluster-kind-systests-f0553324-3fcd-4208-9d56-97a600b8524e/namespace-systest-ns-eurz/deployment-redis-sleep", "attributes": {"cluster": "kind-systests-f0553324-3fcd-4208-9d56-97a600b8524e", "clusterShortName": "kind-systests-f0553324-3fcd-4208-9d56-97a600b8524e", "containerName": "redis", "customerGUID": "3f4a257e-11ea-4cee-8bc0-ca8daa65a833", "kind": "Deployment", "name": "redis-sleep", "namespace": "systest-ns-eurz", "nodeName": "systests-f0553324-3fcd-4208-9d56-97a600b8524e-control-plane", "originalCacheEntry": "3f4a257e-11ea-4cee-8bc0-ca8daa65a833/kind-systests-f0553324-3fcd-4208-9d56-97a600b8524e/systests-f0553324-3fcd-4208-9d56-97a600b8524e-control-plane/wlid://cluster-kind-systests-f0553324-3fcd-4208-9d56-97a600b8524e/namespace-systest-ns-eurz/deployment-redis-sleep/redis/fd5bdb66-8e64-4134-81f9-7ec669fa3cae", "podName": "redis-sleep-7bd7d4785f-6nr6t"}}, "arguments": {"retval": 0}, "infectedPID": 12204, "fixSuggestions": "If this is a valid behavior, please add the exec call \"/bin/ls\" to the whitelist in the application profile for the Pod \"redis-sleep-7bd7d4785f-6nr6t\". You can use the following command: kubectl patch applicationprofile replicaset-redis-sleep-7bd7d4785f --namespace systest-ns-eurz --type merge -p '{\"spec\": {\"containers\": [{\"name\": \"redis\", \"execs\": [{\"path\": \"/bin/ls\", \"args\": [\"/bin/ls\",\"-l\",\"/tmp\"]}]}]}}'", "severity": 5, "timestamp": "2024-09-03T09:27:04.071Z", "nanoseconds": 1725355624071079961, "ruleDescription": "Unexpected process launched: /bin/ls in: redis", "kind": {"Group": "", "Version": "", "Kind": ""}, "resource": {"Group": "", "Version": "", "Resource": ""}, "clusterName": "kind-systests-f0553324-3fcd-4208-9d56-97a600b8524e", "containerName": "redis", "hostNetwork": false, "image": "docker.io/library/redis@sha256:92f3e116c1e719acf78004dd62992c3ad56f68f810c93a8db3fe2351bb9722c2", "imageDigest": "sha256:a5b1aed421143f36e2445cb2def7135ab7edb69eaa8066d07c3fa344f1052902", "namespace": "systest-ns-eurz", "nodeName": "systests-f0553324-3fcd-4208-9d56-97a600b8524e-control-plane", "containerID": "2f9f99562734b55ecab6779269f97ad0766de28eed859f34b513a8931f8882cf", "podName": "redis-sleep-7bd7d4785f-6nr6t", "podNamespace": "systest-ns-eurz", "workloadName": "redis-sleep", "workloadNamespace": "systest-ns-eurz", "workloadKind": "Deployment", "alertType": 0, "ruleID": "R0001", "hostName": "", "message": "Unexpected process launched: /bin/ls in: redis", "incidentCategory": "Anomaly", "incidentTypeID": "I013", "policiesApplied": [{"guid": "8ac868dd-5f24-49ef-be31-ec543f7477d6", "name": "Malware-new-systest-kind-e79839a6-7220-4714-b8f5-c4e5386bef55", "enabled": false, "scope": {}, "ruleSetType": "", "updatedBy": "", "notifications": null, "actions": null}, {"guid": "9a82a6a1-a8ab-4382-bdb4-0ba8b48ec19b", "name": "Malware-new-systest-kind-eb731017-244a-4797-ba05-b12240b6761f", "enabled": false, "scope": {}, "ruleSetType": "", "updatedBy": "", "notifications": null, "actions": null}, {"guid": "17794a36-9303-4692-9d6c-8ef419ae0d43", "name": "Anomaly", "enabled": false, "scope": {}, "ruleSetType": "", "updatedBy": "", "notifications": null, "actions": null}], "creationTimestamp": "2024-09-03T09:27:32.459Z", "description": "A process was launched that is not expected to run in the environment.", "incidentSeverity": "Medium", "isDismissed": false, "markedAsFalsePositive": false, "processTree": {"processTree": {"pid": 12204, "cmdline": "/bin/ls -l /tmp", "comm": "ls", "ppid": 12195, "pcomm": "runc", "hardlink": "/bin/busybox", "uid": 0, "gid": 0, "upperLayer": false, "cwd": "/data", "path": "/bin/ls"}, "uniqueID": 0, "containerID": "2f9f99562734b55ecab6779269f97ad0766de28eed859f34b513a8931f8882cf"}}. kwargs: '{'incident_id': 'fd5bdb66-8e64-4134-81f9-7ec669fa3cae'}'
View more details on GitHub Actions