Batch Job Definition With Privileged Container Properties
- Query id: defe5b18-978d-4722-9325-4d1975d3699f
- Query name: Batch Job Definition With Privileged Container Properties
- Platform: Ansible
- Severity: High
- Category: Insecure Configurations
- CWE: 250
- URL: Github
Description¶
Batch Job Definition should not have Privileged Container Properties
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: My Batch Job Definition
community.aws.aws_batch_job_definition:
job_definition_name: My Batch Job Definition
state: present
type: container
parameters:
Param1: Val1
Param2: Val2
privileged: true
image: <Docker Image URL>
vcpus: 1
memory: 512
command:
- python
- run_my_script.py
- arg1
job_role_arn: <Job Role ARN>
attempts: 3
register: job_definition_create_result
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: My Batch Job Definition
community.aws.aws_batch_job_definition:
job_definition_name: My Batch Job Definition without privilege
state: present
type: container
parameters:
Param1: Val1
Param2: Val2
privileged: false
image: <Docker Image URL>
vcpus: 1
memory: 512
command:
- python
- run_my_script.py
- arg1
job_role_arn: <Job Role ARN>
attempts: 3
register: job_definition_create_result
- name: My Batch Job Definition without explicit privilege
community.aws.aws_batch_job_definition:
job_definition_name: My Batch Job Definition
state: present
type: container
parameters:
Param1: Val1
Param2: Val2
image: <Docker Image URL>
vcpus: 1
memory: 512
command:
- python
- run_my_script.py
- arg1
job_role_arn: <Job Role ARN>
attempts: 3
register: job_definition_create_result