Kubernetes Outdated Software Version Regex bug

Question

Kubernetes Outdated Software Version Regex bug

fgomesz opened this issue a year ago · 1 comments

The regex of the Kubernetes Outdated Software query (https://hub.steampipe.io/mods/turbot/azure_compliance/queries/kubernetes_cluster_upgraded_with_non_vulnerable_version) is matching even the latest Kubernetes versions like 1.27.0. Basically the regex used '1.\d|10.*' matches even the latest Kubernetes versions.

To reproduce
either use the steampipe query on a Kubernetes version 1.27.0 or newer, or use a postgres regex tester like
Postgres regex tester

Suggested fix
Use this regex "1.([0-9]|10).[0-9]{1,2}" instead of the '1.\d|10.*'

Answer 1 · 2024-01-08T11:18:14.000Z

@fgomesz We appreciate your effort in identifying and reporting this bug. We will be releasing an updated version that addresses this issue as soon as possible.
Thanks!!