fix(validator): fix regression in PSS202

kubeshop · Oct 2, 2023 · 5d3a3ba · 5d3a3ba
1 parent acd9b27
commit 5d3a3ba
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/.changeset/fluffy-files-melt.md b/.changeset/fluffy-files-melt.md
@@ -0,0 +1,5 @@
+---
+"@monokle/validation": patch
+---
+
+fix regression in PSS202
diff --git a/...ges/validation/src/validators/pod-security-standards/rules/PSS202-privilege-escalation.ts b/...ges/validation/src/validators/pod-security-standards/rules/PSS202-privilege-escalation.ts
@@ -17,7 +17,7 @@ export const privilegeEscalation = defineRule({
     validatePodSpec(resources, (resource, pod, prefix) => {
       pod.initContainers?.forEach((container, index) => {
         const allowPrivilegeEscalation = container.securityContext?.allowPrivilegeEscalation;
-        const valid = !allowPrivilegeEscalation;
+        const valid = allowPrivilegeEscalation !== undefined && !allowPrivilegeEscalation;
 
         if (valid) return;
 
@@ -28,7 +28,7 @@ export const privilegeEscalation = defineRule({
 
       pod.ephemeralContainers?.forEach((container, index) => {
         const allowPrivilegeEscalation = container.securityContext?.allowPrivilegeEscalation;
-        const valid = !allowPrivilegeEscalation;
+        const valid = allowPrivilegeEscalation !== undefined && !allowPrivilegeEscalation;
         if (valid) return;
 
         report(resource, {
@@ -38,7 +38,7 @@ export const privilegeEscalation = defineRule({
 
       pod.containers.forEach((container, index) => {
         const allowPrivilegeEscalation = container.securityContext?.allowPrivilegeEscalation;
-        const valid = !allowPrivilegeEscalation;
+        const valid = allowPrivilegeEscalation !== undefined && !allowPrivilegeEscalation;
         if (valid) return;
 
         report(resource, {