Test#2

Open

chyde2 wants to merge 1 commit intomainfrom

Owner

chyde2 commented Mar 20, 2025

No description provided.


          Add files via upload

b074b11

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

+                            #!/bin/bash
+                            echo "Hello, World!" > index.html
+                            nohup python -m SimpleHTTPServer 80 &
+                            export access_key = "AKIAIOSFODNN7EXAMAAA"

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] AWS Access Key
Rule ID: APPSEC_SECRET_2

Description

AWS Access Keys

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

+                            echo "Hello, World!" > index.html
+                            nohup python -m SimpleHTTPServer 80 &
+                            export access_key = "AKIAIOSFODNN7EXAMAAA"
+                            export secret_key = "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"

cortex-appsec-jp Bot Mar 20, 2025

LOW

[Secret] Random High Entropy String
Rule ID: APPSEC_SECRET_80

Description

Random High Entropy Strings

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

+                  id      = aws_launch_template.example.id
+                }
+                metadata_options {

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+                  <groupId>org.example</groupId>
+                  <artifactId>log4j-rce</artifactId>
+                  <version>1.0-SNAPSHOT</version>
+                  <packaging>jar</packaging>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+                      <mainClass>MyExample</mainClass>
+                    </manifest>
+                  </archive>
+                  <descriptorRefs>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

+                metadata_options {
+                  http_endpoint = "enabled"
+                  http_tokens   = "required"

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

log4j.yaml

+                automountServiceAccountToken: false
+                securityContext:
+                  seccompProfile:
+                    type: RuntimeDefault

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

Dockerfile

+              WORKDIR /usr/src/poc
+              RUN mvn clean && mvn package
+              USER m3
+              HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

+                            echo "Hello, World!" > index.html
+                            nohup python -m SimpleHTTPServer 80 &
+                            export access_key = "AKIAIOSFODNN7EXAMAAA"
+                            export secret_key = "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"

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

+                region     = "us-west-2"
+              }
+              resource "aws_instance" "example" {

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

log4j.yaml

+              apiVersion: v1
+              kind: Pod
+              metadata:
+                name: privileged-pod

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

+                user_data = <<EOF
+                            #!/bin/bash
+                            echo "Hello, World!" > index.html
+                            nohup python -m SimpleHTTPServer 80 &

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

Dockerfile

		HEALTHCHECK CMD curl --fail http://localhost:3000 \|\| exit 1


		CMD ["java", "-jar", "/usr/src/poc/target/log4j-rce-1.0-SNAPSHOT-jar-with-dependencies.jar"] No newline at end of file

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+                <configuration>
+                  <archive>
+                    <manifest>
+                      <mainClass>MyExample</mainClass>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

+                            echo "Hello, World!" > index.html
+                            nohup python -m SimpleHTTPServer 80 &
+                            export access_key = "AKIAIOSFODNN7EXAMAAA"
+                            export secret_key = "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"

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

+                }
+                metadata_options {
+                  http_endpoint = "enabled"

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

@@ @@ -0,0 +1,54 @@ @@
+              <?xml version="1.0" encoding="UTF-8"?>
+              <project xmlns="http://maven.apache.org/POM/4.0.0"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+                  <version>1.0-SNAPSHOT</version>
+                  <packaging>jar</packaging>
+                  <dependencies>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

		@@ -0,0 +1,71 @@
		provider "aws" {

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+                    </manifest>
+                  </archive>
+                  <descriptorRefs>
+                    <descriptorRef>jar-with-dependencies</descriptorRef>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

+                instance_type   = "t2.micro"
+                key_name        = "example_keypair"
+                subnet_id       = "example_subnet_id"
+                vpc_security_group_ids = ["example_security_group_id"]

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+              <project xmlns="http://maven.apache.org/POM/4.0.0"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+                  <modelVersion>4.0.0</modelVersion>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+                  <packaging>jar</packaging>
+                  <dependencies>
+                      <dependency>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

+                  http_endpoint = "enabled"
+                  http_tokens   = "required"
+                }
+                ebs_optimized = true

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+                  </descriptorRefs>
+                </configuration>
+                <executions>
+                  <execution>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

		@@ -0,0 +1,54 @@
		<?xml version="1.0" encoding="UTF-8"?>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

+                  encrypted     = true
+                }
+                launch_template {

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+              <?xml version="1.0" encoding="UTF-8"?>
+              <project xmlns="http://maven.apache.org/POM/4.0.0"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                       xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

log4j.yaml

+              kind: Pod
+              metadata:
+                name: privileged-pod
+                namespace: my-namespace

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+                    <descriptorRef>jar-with-dependencies</descriptorRef>
+                  </descriptorRefs>
+                </configuration>
+                <executions>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+                   <build>
+                  <plugins>
+              <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

Dockerfile

+              WORKDIR /usr/src/poc
+              RUN mvn clean && mvn package
+              USER m3
+              HEALTHCHECK CMD curl --fail http://localhost:3000 || exit 1

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+                  <plugins>
+              <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <configuration>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

+                region     = "us-west-2"
+              }
+              resource "aws_instance" "example" {

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+                  <groupId>org.example</groupId>
+                  <artifactId>log4j-rce</artifactId>
+                  <version>1.0-SNAPSHOT</version>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+                <configuration>
+                  <archive>
+                    <manifest>
+                      <mainClass>MyExample</mainClass>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

ec2.tf

+                key_name        = "example_keypair"
+                subnet_id       = "example_subnet_id"
+                vpc_security_group_ids = ["example_security_group_id"]
+                associate_public_ip_address = false

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

@@ @@ -0,0 +1,54 @@ @@
+              <?xml version="1.0" encoding="UTF-8"?>
+              <project xmlns="http://maven.apache.org/POM/4.0.0"
+                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

pom.xml

+                  <modelVersion>4.0.0</modelVersion>
+                  <groupId>org.example</groupId>
+                  <artifactId>log4j-rce</artifactId>

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

cortex-appsec-jp Bot reviewed

View reviewed changes

Dockerfile

		HEALTHCHECK CMD curl --fail http://localhost:3000 \|\| exit 1


		CMD ["java", "-jar", "/usr/src/poc/target/log4j-rce-1.0-SNAPSHOT-jar-with-dependencies.jar"] No newline at end of file

cortex-appsec-jp Bot Mar 20, 2025

HIGH

[Secret] Kuberentes deployment may be vulnerable - please revise code
Rule ID: APPSEC_CUSTOM_1

Description

Kuberentes deployment may be vulnerable - please revise code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet