Fixing #180

Azure · Dec 21, 2023 · 5fb3ab3 · 5fb3ab3
1 parent f8079d9
commit 5fb3ab3
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 2 deletions.
diff --git a/internal/scanners/aks/rules.go b/internal/scanners/aks/rules.go
@@ -204,8 +204,8 @@ func (a *AKSScanner) GetRules() map[string]scanners.AzureRule {
 			Severity:    scanners.SeverityHigh,
 			Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) {
 				c := target.(*armcontainerservice.ManagedCluster)
-				out := *c.Properties.NetworkProfile.OutboundType == armcontainerservice.OutboundTypeUserDefinedRouting
-				return !out, ""
+				broken := c.Properties.NetworkProfile.OutboundType == nil || *c.Properties.NetworkProfile.OutboundType != armcontainerservice.OutboundTypeUserDefinedRouting
+				return broken, ""
 			},
 			Url: "https://learn.microsoft.com/azure/aks/limit-egress-traffic",
 		},

diff --git a/internal/scanners/aks/rules_test.go b/internal/scanners/aks/rules_test.go
@@ -434,6 +434,22 @@ func TestAKSScanner_Rules(t *testing.T) {
 				result: "",
 			},
 		},
+		{
+			name: "AKSScanner OutboundType nil",
+			fields: fields{
+				rule: "aks-012",
+				target: &armcontainerservice.ManagedCluster{
+					Properties: &armcontainerservice.ManagedClusterProperties{
+						NetworkProfile: &armcontainerservice.NetworkProfile{},
+					},
+				},
+				scanContext: &scanners.ScanContext{},
+			},
+			want: want{
+				broken: true,
+				result: "",
+			},
+		},
 		{
 			name: "AKSScanner kubenet",
 			fields: fields{