Workload Host Port Not Specified

• Query id: 2b1836f1-dcce-416e-8e16-da8c71920633
• Query name: Workload Host Port Not Specified
• Platform: Kubernetes
• Severity: Low
• Category: Networking and Firewall
• CWE: 665
• URL: Github

Description

Verifies if Kubernetes workload's host port is specified
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

apiVersion: v1
kind: Pod
metadata:
  name: firstpod
spec:
  containers:
  - name: container
    image: nginx
    ports:
    - containerPort: 80
      hostIP: 10.0.0.1
      hostPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: secondpod
spec:
  template:
    spec:
      containers:
      - name: container2
        image: nginx
        ports:
        - containerPort: 81
          hostIP: 10.0.0.2
          hostPort: 8081
    metadata:
      labels:
        app: nginx
  selector:
    matchLabels:
      app: nginx

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

apiVersion: v1
kind: Pod
metadata:
  name: firstpod
spec:
  containers:
  - name: container
    image: nginx
    ports:
    - containerPort: 80
      hostIP: 10.0.0.1