delete(query): Remove false positive host_aliases_undefined_or_empty k8s rule

[Churro]

Proposed Changes

• Remove the rule entirely as, to best of my knowledge, the high severity warning is a false positive:
  • According to official docs, the kubelet manages the hosts file. Regular DNS resolution can be overridden using hostAliases if no resolver is available. This is no security issue though.
  • The rule description mentions that containers should not be able to modify the hosts file after they are started. However, specifying hostAliases would not prevent this (as long as readOnlyRootFilesystem: false).
  • Requiring a hostAliases definition seems flawed in the first place: usually, you want to use kube-dns and not list combinations of hostname and IP address manually. This is analogous to how we use the Internet generally, nowadays.

I submit this contribution under the Apache-2.0 license.

[kicsbot]

Scan submitted to Checkmarx

[kicsbot]

Checkmarx SAST - Scan Summary & Details

Cx-SAST Summary

Total of 5 vulnerabilities
 0 High
 0 Medium
 5 Low
 0 Info

Violation Summary

No policy violation found

[rafaela-soares]

Hello, @Churro!

Your PR has not been forgotten. Thank you so much for being so collaborative 😊

[rafaela-soares]

Hello again, @Churro!

Our security team confirmed that you are right! Thank you so much for noticing and reporting! 🚀

We will be glad to add your contribution to the next release. Can we ask you to also delete the query kics/assets/queries/terraform/kubernetes/host_aliases_undefined_or_empty, please?

[Churro]

Hi @rafaela-soares,

Thank you for following up on this! As requested, I've now also deleted the TF rule.

[rafaela-soares]

Hello again, @Churro!

Thank you so much!

Sorry for bothering again. Can you please merge the branch with the KICS master? We had a bug in the validate-queries-metadata test.

[Churro]

Sure, no problem. Seems to work fine now 👍

[rafaela-soares]

Thank you much, @Churro! 🚀