Serving Revision Spec Without Timeout Seconds
- Query id: e8bb41e4-2f24-4e84-8bea-8c7c070cf93d
- Query name: Serving Revision Spec Without Timeout Seconds
- Platform: Knative
- Severity: Info
- Category: Insecure Configurations
- URL: Github
Description¶
Serving Revision Spec should have Timeout Seconds defined to avoid Denial of Service
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: dummy
spec:
template:
spec:
containers:
- name: app
image: images.my-company.example/app:v4
securityContext:
allowPrivilegeEscalation: false
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
containerConcurrency: 100
---
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: dummy
spec:
template:
spec:
containers:
- name: app
image: images.my-company.example/app:v4
securityContext:
allowPrivilegeEscalation: false
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
containerConcurrency: 100
timeoutSeconds: 0
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: dummy
spec:
template:
spec:
containers:
- name: app
image: images.my-company.example/app:v4
securityContext:
allowPrivilegeEscalation: false
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
containerConcurrency: 100
timeoutSeconds: 600