Skip to content

Kubernetes check apiserver_strong_ciphers_only uses incorrect object type #7945

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rsaladra opened this issue Jun 5, 2025 · 3 comments · May be fixed by #7952
Open

Kubernetes check apiserver_strong_ciphers_only uses incorrect object type #7945

rsaladra opened this issue Jun 5, 2025 · 3 comments · May be fixed by #7952
Assignees
Labels
bug status/waiting-for-revision Waiting for maintainer's revision

Comments

@rsaladra
Copy link

rsaladra commented Jun 5, 2025

Steps to Reproduce

In kubernetes cluster run command:

poetry run prowler kubernetes --log-level ERROR

Expected behavior

All checks are executed with no errors in parsing

Actual Result with Screenshots or Logs

One of checks is using not supported method. Log reports following line:

2025-06-05 12:37:50,411 [File: check.py:613] [Module: check] ERROR: apiserver_strong_ciphers_only -- AttributeError[29]: 'list' object has no attribute 'issubset'

How did you install Prowler?

Docker (docker pull toniblyx/prowler)

Environment Resource

Pod in on-prem kubernetes cluster

OS used

Debian 12 (as in image)

Prowler version

Prowler 5.7.1

Pip version

pip 25.1.1 from /home/prowler/.local/lib/python3.12/site-packages/pip (python 3.12)

Context

How to fix:

Edit prowler/providers/kubernetes/services/apiserver/apiserver_strong_ciphers_only/apiserver_strong_ciphers_only.py file , change type from list to set to use issubset method:

                    if command.startswith("--tls-cipher-suites"):
                        if (
-                            command.split("=")[1]
-                            .split(",")
+                            set(command.split("=")[1]
+                            .split(","))
                            .issubset(
                                apiserver_client.audit_config.get(
                                    "apiserver_strong_ciphers",
                                    default_apiserver_strong_ciphers,
@rsaladra rsaladra added bug status/needs-triage Issue pending triage labels Jun 5, 2025
@pedrooot pedrooot self-assigned this Jun 5, 2025
@pedrooot pedrooot added status/waiting-for-revision Waiting for maintainer's revision and removed status/needs-triage Issue pending triage labels Jun 5, 2025
@pedrooot
Copy link
Member

pedrooot commented Jun 5, 2025

Hey! @rsaladra We'll fix this asap, thanks for reporting this error

@pedrooot pedrooot linked a pull request Jun 5, 2025 that will close this issue
8 tasks
@pedrooot
Copy link
Member

pedrooot commented Jun 5, 2025

Hey! Could you check the solution from this PR? #7952

@rsaladra
Copy link
Author

rsaladra commented Jun 6, 2025

Hi @pedrooot , fix confirmed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug status/waiting-for-revision Waiting for maintainer's revision
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants