From 87cb7a5eae36d7eda0473904ffddbd8135515324 Mon Sep 17 00:00:00 2001
From: Matheus Moraes <matheusfaria.moraes@gmail.com>
Date: Wed, 13 Mar 2024 12:27:58 -0300
Subject: [PATCH] feat: increase M-114 severity to medium

---
 README.md                                              | 2 +-
 checks.md                                              | 2 +-
 internal/builtins/pss/restricted/M-114_run_as_user.yml | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 07000b2..a7e1122 100644
--- a/README.md
+++ b/README.md
@@ -110,6 +110,7 @@ Medium     M-108   Forbidden proc mount type                               Passe
 Medium     M-109   Forbidden seccomp profile                               Passed   0        33       0         
 Medium     M-110   Unsafe sysctls                                          Passed   0        33       0         
 Medium     M-112   Allowed privilege escalation                            Passed   0        33       0         
+Medium     M-114   Container running as root UID                           Passed   0        33       0         
 Medium     M-200   Image registry not allowed                              Passed   0        33       0         
 Medium     M-400   Image tagged latest                                     Passed   0        33       0         
 Medium     M-408   Sudo in container entrypoint                            Passed   0        33       0         
@@ -122,7 +123,6 @@ Low        M-115   Not allowed seccomp profile                             Faile
 Low        M-300   Root filesystem write allowed                           Failed   29       4        0         
 Low        M-111   Not allowed volume type                                 Failed   8        25       0         
 Low        M-203   SSH server running inside container                     Passed   0        39       0         
-Low        M-114   Container running as root UID                           Passed   0        33       0         
 Low        M-401   Unmanaged Pod                                           Passed   0        15       0         
 ```
 
diff --git a/checks.md b/checks.md
index 6245dc0..d782b75 100644
--- a/checks.md
+++ b/checks.md
@@ -36,6 +36,6 @@ In the table below, you can view all checks present on Marvin. Click on the #ID
 | PSS - Restricted | [M-111](/internal/builtins/pss/restricted/M-111_volume_types.yml)        | Low      | Not allowed volume type                               |
 |                  | [M-112](/internal/builtins/pss/restricted/M-112_privilege_escalation.yml)| Medium   | Allowed privilege escalation                          |
 |                  | [M-113](/internal/builtins/pss/restricted/M-113_run_as_non_root.yml)     | Medium   | Container could be running as root user               |
-|                  | [M-114](/internal/builtins/pss/restricted/M-114_run_as_user.yml)         | Low      | Container running as root UID                         |
+|                  | [M-114](/internal/builtins/pss/restricted/M-114_run_as_user.yml)         | Medium   | Container running as root UID                         |
 |                  | [M-115](/internal/builtins/pss/restricted/M-115_seccomp.yml)             | Low      | Not allowed seccomp profile                           |
 |                  | [M-116](/internal/builtins/pss/restricted/M-116_capabilities.yml)        | Low      | Not allowed added/dropped capabilities                |
diff --git a/internal/builtins/pss/restricted/M-114_run_as_user.yml b/internal/builtins/pss/restricted/M-114_run_as_user.yml
index aec0f4a..91fa9cc 100644
--- a/internal/builtins/pss/restricted/M-114_run_as_user.yml
+++ b/internal/builtins/pss/restricted/M-114_run_as_user.yml
@@ -17,7 +17,7 @@
 # https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/pod-security-admission/policy/check_runAsUser_test.go
 id: M-114
 slug: run-as-user
-severity: Low
+severity: Medium
 message: "Container running as root UID"
 match:
   resources: