Serving Revision Spec Without Timeout Seconds

  • Query id: e8bb41e4-2f24-4e84-8bea-8c7c070cf93d
  • Query name: Serving Revision Spec Without Timeout Seconds
  • Platform: Knative
  • Severity: Info
  • Category: Insecure Configurations
  • CWE: 799
  • URL: Github

Description

Serving Revision Spec should have Timeout Seconds defined to avoid Denial of Service
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: dummy
spec:
  template:
    spec:
      containers:
        - name: app
          image: images.my-company.example/app:v4
          securityContext:
            allowPrivilegeEscalation: false
          resources:
            requests:
              memory: "64Mi"
              cpu: "250m"
            limits:
              memory: "128Mi"
              cpu: "500m"
      containerConcurrency: 100
---
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: dummy
spec:
  template:
    spec:
      containers:
        - name: app
          image: images.my-company.example/app:v4
          securityContext:
            allowPrivilegeEscalation: false
          resources:
            requests:
              memory: "64Mi"
              cpu: "250m"
            limits:
              memory: "128Mi"
              cpu: "500m"
      containerConcurrency: 100
      timeoutSeconds: 0

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: dummy
spec:
  template:
    spec:
      containers:
        - name: app
          image: images.my-company.example/app:v4
          securityContext:
            allowPrivilegeEscalation: false
          resources:
            requests:
              memory: "64Mi"
              cpu: "250m"
            limits:
              memory: "128Mi"
              cpu: "500m"
      containerConcurrency: 100
      timeoutSeconds: 600