Serving Revision Spec Without Timeout Seconds

• Query id: e8bb41e4-2f24-4e84-8bea-8c7c070cf93d
• Query name: Serving Revision Spec Without Timeout Seconds
• Platform: Knative
• Severity: Info
• Category: Insecure Configurations
• CWE: 799
• URL: Github

Description

Serving Revision Spec should have Timeout Seconds defined to avoid Denial of Service
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: dummy
spec:
  template:
    spec:
      containers:
        - name: app
          image: images.my-company.example/app:v4
          securityContext:
            allowPrivilegeEscalation: false
          resources:
            requests:
              memory: "64Mi"
              cpu: "250m"
            limits:
              memory: "128Mi"
              cpu: "500m"
      containerConcurrency: 100
---
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: dummy
spec:
  template:
    spec:
      containers:
        - name: app
          image: images.my-company.example/app:v4
          securityContext:
            allowPrivilegeEscalation: false
          resources:
            requests:
              memory: "64Mi"
              cpu: "250m"
            limits:
              memory: "128Mi"
              cpu: "500m"
      containerConcurrency: 100
      timeoutSeconds: 0

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: dummy
spec:
  template:
    spec:
      containers:
        - name: app
          image: images.my-company.example/app:v4
          securityContext:
            allowPrivilegeEscalation: false
          resources:
            requests:
              memory: "64Mi"
              cpu: "250m"
            limits:
              memory: "128Mi"
              cpu: "500m"
      containerConcurrency: 100
      timeoutSeconds: 600