[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document categories #253

Open
itaysk opened this issue Oct 28, 2019 · 9 comments
Open

Document categories #253

itaysk opened this issue Oct 28, 2019 · 9 comments
Labels
documentation enhancement New feature or request

Comments

@itaysk
Copy link
Collaborator
itaysk commented Oct 28, 2019

we need to add some documentation of the existing categories and their meaning.
Also, maybe worth to report the relation to severity until that is changed (#118)
@itaysk itaysk added enhancement New feature or request documentation labels Oct 28, 2019
@hauze-v
Copy link
Contributor
hauze-v commented Oct 28, 2019

I'd like to help with this. Is there a list of categories somewhere, or are you using a package that I can view for a list of categories?

@itaysk
Copy link
Collaborator Author
itaysk commented Oct 29, 2019
edited

Take a look here: https://github.com/aquasecurity/kube-hunter/blob/b2d2f5a01ae9c54714fa6d991887c5e3d51688c1/src/core/types.py#L54:L80

@MiniMarvin MiniMarvin mentioned this issue Oct 29, 2019
Closed
3 tasks
@itaysk itaysk added this to the v0.2.1 milestone Nov 12, 2019
@lizrice
Copy link
Contributor
lizrice commented Feb 10, 2020

We should use a standard categorisation rather than making up a new one

@lizrice lizrice closed this as completed Feb 10, 2020
@lizrice lizrice reopened this Feb 10, 2020
@lizrice lizrice removed this from the v0.2.1 milestone Feb 14, 2020
@aroundarmor
Copy link

hello @itaysk,
I would like to contribute to it.
Can you provide me redirection where you want to add meanings of the words?

@itaysk
Copy link
Collaborator Author
itaysk commented Oct 9, 2020

The categories documentation should go here: https://github.com/aquasecurity/kube-hunter/blob/master/docs/index.md
This page currently contains a copy of the readme which is not ideal, so while you're at it you can delete that and just link to the readme instead.

@ng29
Copy link
ng29 commented Oct 12, 2020

hey @itaysk can i pick this up ?

@itaysk
Copy link
Collaborator Author
itaysk commented Oct 13, 2020

I suppose you can but I have to say that there are fine nuances in these definitions that will probably require more than one iterations to fine tune. I you are confident that you fully understand these definitions than go ahead, thanks. @danielsagi do you have anything to add?

@ng29
Copy link
ng29 commented Oct 13, 2020

I suppose you can but I have to say that there are fine nuances in these definitions that will probably require more than one iterations to fine tune. I you are confident that you fully understand these definitions than go ahead, thanks. @danielsagi do you have anything to add?

Some more info and pointers to start will be much appreciated..

@endorama
Copy link
endorama commented Oct 15, 2020
edited

Hello! I'd love to help here!

Following along the "standard categorization", I got from #260 that MITRE CWE would be an appropriate choice.

But referring to the nuances @itaysk is referring to how would you prefer to address them? Without a complete understanding of the code and how those Categories are used within kube-hunter, understanding what is the correct nuance may be complicated.

For example InformationDisclosure may map to CWE-200: Exposure of Sensitive Information to an Unauthorized Actor or CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere. (I would ignore CWE-199: Information Management Errors as too broad).

Would you prefer a PR with a proposed solution where to discuss different options, an issue where to address each one separately or would you prefer using this issue and discuss all of them here?

Let me add that I love the work Aqua Security does so kudos to you!

py-go pushed a commit to py-go/kube-hunter that referenced this issue Aug 29, 2021
@danielpacak
chore: Upgrade setup-kind action to v0.5.0 (aquasecurity#253)
7e0434e 
Signed-off-by: Daniel Pacak <pacak.daniel@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs: Vulnerability Types Description MiniMarvin/kube-hunter
6 participants
@lizrice @endorama @itaysk @ng29 @hauze-v @aroundarmor