From d9913043d06f9e60ce137d561b7f401af2ab5e3d Mon Sep 17 00:00:00 2001
From: Manuel Weber <manuel@mondoo.com>
Date: Mon, 17 Jun 2024 13:41:06 +0200
Subject: [PATCH] mondoo-k8s-sec: fix props

Signed-off-by: Manuel Weber <manuel@mondoo.com>
---
 core/mondoo-kubernetes-security.mql.yaml | 42 ++++++++----------------
 1 file changed, 14 insertions(+), 28 deletions(-)

diff --git a/core/mondoo-kubernetes-security.mql.yaml b/core/mondoo-kubernetes-security.mql.yaml
index 3c28587a..a4d5e1fc 100644
--- a/core/mondoo-kubernetes-security.mql.yaml
+++ b/core/mondoo-kubernetes-security.mql.yaml
@@ -4254,10 +4254,8 @@ queries:
       - uid: excludedByFixedImages
         title: Exclude containers from the check when using fixed images using hash values.
         mql: |
-          return [
-            # Add container images <image-name>@<digest>
-            # image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-          ]
+          # Add a list of container images in the format <image-name>@<digest>, such as: return ['image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2', 'image@sha256:12a23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5123']
+          return ['']
     mql: |
       k8s.pod.ephemeralContainers
         .where(image.in(props.excludedByFixedImages) != true)
@@ -4308,10 +4306,8 @@ queries:
       - uid: excludedByFixedImages
         title: Exclude containers from the check when using fixed images using hash values.
         mql: |
-          return [
-            # Add container images <image-name>@<digest>
-            # image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-          ]
+          # Add a list of container images in the format <image-name>@<digest>, such as: return ['image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2', 'image@sha256:12a23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5123']
+          return ['']
     mql: |
       k8s.cronjob.initContainers
         .where(image.in(props.excludedByFixedImages) != true)
@@ -4359,10 +4355,8 @@ queries:
       - uid: excludedByFixedImages
         title: Exclude containers from the check when using fixed images using hash values.
         mql: |
-          return [
-            # Add container images <image-name>@<digest>
-            # image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-          ]
+          # Add a list of container images in the format <image-name>@<digest>, such as: return ['image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2', 'image@sha256:12a23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5123']
+          return ['']
     mql: |
       k8s.statefulset.initContainers
         .where(image.in(props.excludedByFixedImages) != true)
@@ -4410,10 +4404,8 @@ queries:
       - uid: excludedByFixedImages
         title: Exclude containers from the check when using fixed images using hash values.
         mql: |
-          return [
-            # Add container images <image-name>@<digest>
-            # image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-          ]
+          # Add a list of container images in the format <image-name>@<digest>, such as: return ['image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2', 'image@sha256:12a23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5123']
+          return ['']
     mql: |
       k8s.deployment.initContainers
         .where(image.in(props.excludedByFixedImages) != true)
@@ -4461,10 +4453,8 @@ queries:
       - uid: excludedByFixedImages
         title: Exclude containers from the check when using fixed images using hash values.
         mql: |
-          return [
-            # Add container images <image-name>@<digest>
-            # image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-          ]
+          # Add a list of container images in the format <image-name>@<digest>, such as: return ['image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2', 'image@sha256:12a23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5123']
+          return ['']
     mql: |
       k8s.job.initContainers
         .where(image.in(props.excludedByFixedImages) != true)
@@ -4512,10 +4502,8 @@ queries:
       - uid: excludedByFixedImages
         title: Exclude containers from the check when using fixed images using hash values.
         mql: |
-          return [
-            # Add container images <image-name>@<digest>
-            # image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-          ]
+          # Add a list of container images in the format <image-name>@<digest>, such as: return ['image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2', 'image@sha256:12a23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5123']
+          return ['']
     mql: |
       k8s.replicaset.containers
         .where(image.in(props.excludedByFixedImages) != true)
@@ -4563,10 +4551,8 @@ queries:
       - uid: excludedByFixedImages
         title: Exclude containers from the check when using fixed images using hash values.
         mql: |
-          return [
-            # Add container images <image-name>@<digest>
-            # image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2
-          ]
+          # Add a list of container images in the format <image-name>@<digest>, such as: return ['image@sha256:45b23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5cb2', 'image@sha256:12a23dee08af5e43a7fea6c4cf9c25ccf269ee113168c19722f87876677c5123']
+          return ['']
     mql: |
       k8s.daemonset.containers
         .where(image.in(props.excludedByFixedImages) != true)