Uploaded image for project: 'MicroShift'
  1. MicroShift
  2. USHIFT-1583 ISA62443 gap review
  3. USHIFT-2066

verify k8s API server input validation

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • None
    • None
    • None

      IEC62443 requires input validation.

      Does k8s API server check e.g. for max field sizes, to protect against buffer overflow attacks, SQL injection style attacks?

      Is there some Static Source Analysis being used in the buidld chain?

       

      See https://docs.google.com/spreadsheets/d/1y11eoHoDi64IlOHr55dTXfZHLF3lu7eI/edit#gid=1778351477&range=C112 for detailed requirements and comments from customers assessors. (Row 112, Requirement CR 3.5)

       

              dhellman@redhat.com Doug Hellmann
              dfroehli42rh Daniel Fröhlich
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: