feat: increase M-114 severity to medium

undistro · Mar 13, 2024 · 87cb7a5 · 87cb7a5
1 parent 14d6a98
commit 87cb7a5
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -110,6 +110,7 @@ Medium     M-108   Forbidden proc mount type                               Passe
 Medium     M-109   Forbidden seccomp profile                               Passed   0        33       0         
 Medium     M-110   Unsafe sysctls                                          Passed   0        33       0         
 Medium     M-112   Allowed privilege escalation                            Passed   0        33       0         
+Medium     M-114   Container running as root UID                           Passed   0        33       0         
 Medium     M-200   Image registry not allowed                              Passed   0        33       0         
 Medium     M-400   Image tagged latest                                     Passed   0        33       0         
 Medium     M-408   Sudo in container entrypoint                            Passed   0        33       0         
@@ -122,7 +123,6 @@ Low        M-115   Not allowed seccomp profile                             Faile
 Low        M-300   Root filesystem write allowed                           Failed   29       4        0         
 Low        M-111   Not allowed volume type                                 Failed   8        25       0         
 Low        M-203   SSH server running inside container                     Passed   0        39       0         
-Low        M-114   Container running as root UID                           Passed   0        33       0         
 Low        M-401   Unmanaged Pod                                           Passed   0        15       0         
 ```
 

diff --git a/checks.md b/checks.md
@@ -36,6 +36,6 @@ In the table below, you can view all checks present on Marvin. Click on the #ID
 | PSS - Restricted | [M-111](/internal/builtins/pss/restricted/M-111_volume_types.yml)        | Low      | Not allowed volume type                               |
 |                  | [M-112](/internal/builtins/pss/restricted/M-112_privilege_escalation.yml)| Medium   | Allowed privilege escalation                          |
 |                  | [M-113](/internal/builtins/pss/restricted/M-113_run_as_non_root.yml)     | Medium   | Container could be running as root user               |
-|                  | [M-114](/internal/builtins/pss/restricted/M-114_run_as_user.yml)         | Low      | Container running as root UID                         |
+|                  | [M-114](/internal/builtins/pss/restricted/M-114_run_as_user.yml)         | Medium   | Container running as root UID                         |
 |                  | [M-115](/internal/builtins/pss/restricted/M-115_seccomp.yml)             | Low      | Not allowed seccomp profile                           |
 |                  | [M-116](/internal/builtins/pss/restricted/M-116_capabilities.yml)        | Low      | Not allowed added/dropped capabilities                |
diff --git a/internal/builtins/pss/restricted/M-114_run_as_user.yml b/internal/builtins/pss/restricted/M-114_run_as_user.yml
@@ -17,7 +17,7 @@
 # https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/pod-security-admission/policy/check_runAsUser_test.go
 id: M-114
 slug: run-as-user
-severity: Low
+severity: Medium
 message: "Container running as root UID"
 match:
   resources: