- Modify id of exploit pfa to lower camel case to make it inline with (

#189) other ids
5GSEC · Jun 18, 2024 · 2e642c2 · 2e642c2
1 parent 52c3aba
commit 2e642c2
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 18 deletions.
diff --git a/examples/namespaced/exploit-pfa-si-sib.yaml b/examples/namespaced/exploit-pfa-si-sib.yaml
@@ -1,27 +1,24 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright 2023 Authors of Nimbus
 
-apiVersion: intent.security.nimbus.com/v1
+apiVersion: intent.security.nimbus.com/v1alpha1
 kind: SecurityIntent
 metadata:
   name: exploit-pfa
 spec:
   intent:
-    id: PreventExecutionFromTempOrLogsFolders
+    id: preventExecutionFromTempOrLogsFolders
     description: "Mitigate the execution of harmful binaries which may result in exploiting public facing application"
     action: Block
 ---
-apiVersion: intent.security.nimbus.com/v1
+apiVersion: intent.security.nimbus.com/v1alpha1
 kind: SecurityIntentBinding
 metadata:
   name: exploit-pfa-binding
 spec:
   intents:
     - name: exploit-pfa
   selector:
-    any:
-      - resources:
-          kind: Pod
-          namespace: default
-          matchLabels:
-            app: nginx
+    workloadSelector:
+      matchLabels:
+        app: nginx
diff --git a/examples/namespaced/pkg-mgr-exec-si-sib.yaml b/examples/namespaced/pkg-mgr-exec-si-sib.yaml
@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: Apache-2.0
 # Copyright 2023 Authors of Nimbus
 
-apiVersion: intent.security.nimbus.com/v1
+apiVersion: intent.security.nimbus.com/v1alpha1
 kind: SecurityIntent
 metadata:
   name: pkg-mgr-execution
@@ -13,17 +13,14 @@ spec:
       and deployment systems, to move laterally through the network.
     action: Block
 ---
-apiVersion: intent.security.nimbus.com/v1
+apiVersion: intent.security.nimbus.com/v1alpha1
 kind: SecurityIntentBinding
 metadata:
   name: pkg-mgr-execution-binding
 spec:
   intents:
     - name: pkg-mgr-execution
   selector:
-    any:
-      - resources:
-          kind: Pod
-          namespace: default
-          matchLabels:
-            app: nginx
+    workloadSelector:
+      matchLabels:
+        app: nginx
diff --git a/pkg/adapter/idpool/idpool.go b/pkg/adapter/idpool/idpool.go
@@ -15,7 +15,7 @@ const (
 	EscapeToHost              = "escapeToHost"
 	DisallowChRoot            = "disallowChRoot"
 	DisallowCapabilities      = "disallowCapabilities"
-	ExploitPFA                = "PreventExecutionFromTempOrLogsFolders"
+	ExploitPFA                = "preventExecutionFromTempOrLogsFolders"
 	EnsureTLS                 = "ensureTLS"
 )