From 5fb3ab376c3259802993ad0947fa988a6b83dc03 Mon Sep 17 00:00:00 2001
From: cmendible <266546+cmendible@users.noreply.github.com>
Date: Thu, 21 Dec 2023 12:11:13 +0100
Subject: [PATCH] Fixing #180

---
 internal/scanners/aks/rules.go      |  4 ++--
 internal/scanners/aks/rules_test.go | 16 ++++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/internal/scanners/aks/rules.go b/internal/scanners/aks/rules.go
index 634db37f..19450e0d 100644
--- a/internal/scanners/aks/rules.go
+++ b/internal/scanners/aks/rules.go
@@ -204,8 +204,8 @@ func (a *AKSScanner) GetRules() map[string]scanners.AzureRule {
 			Severity:    scanners.SeverityHigh,
 			Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) {
 				c := target.(*armcontainerservice.ManagedCluster)
-				out := *c.Properties.NetworkProfile.OutboundType == armcontainerservice.OutboundTypeUserDefinedRouting
-				return !out, ""
+				broken := c.Properties.NetworkProfile.OutboundType == nil || *c.Properties.NetworkProfile.OutboundType != armcontainerservice.OutboundTypeUserDefinedRouting
+				return broken, ""
 			},
 			Url: "https://learn.microsoft.com/azure/aks/limit-egress-traffic",
 		},
diff --git a/internal/scanners/aks/rules_test.go b/internal/scanners/aks/rules_test.go
index ac217188..2e9c6eb4 100644
--- a/internal/scanners/aks/rules_test.go
+++ b/internal/scanners/aks/rules_test.go
@@ -434,6 +434,22 @@ func TestAKSScanner_Rules(t *testing.T) {
 				result: "",
 			},
 		},
+		{
+			name: "AKSScanner OutboundType nil",
+			fields: fields{
+				rule: "aks-012",
+				target: &armcontainerservice.ManagedCluster{
+					Properties: &armcontainerservice.ManagedClusterProperties{
+						NetworkProfile: &armcontainerservice.NetworkProfile{},
+					},
+				},
+				scanContext: &scanners.ScanContext{},
+			},
+			want: want{
+				broken: true,
+				result: "",
+			},
+		},
 		{
 			name: "AKSScanner kubenet",
 			fields: fields{