Suspicious use of netcat with IP address
Description
This policy checks for suspicious use of netcat with an IP address in CircleCI pipelines. Netcat is a command-line tool that can be used to create reverse shells, which can lead to unauthorized access to a system. The use of netcat with an IP address may indicate a potential security risk, as it could be used to establish a reverse shell. It is essential to monitor and restrict the use of netcat in CircleCI pipelines to prevent potential security breaches.
Code Example
yaml
version: 2.1
jobs:
build-and-test:
docker:
- image: circleci/python:3.9
steps:
- run: echo 'Hello World'
# Avoid using netcat with IP addresses
# - run: nc 192.168.1.100 8080Remediation
Avoid using netcat with IP addresses in CircleCI pipeline commands. Instead, use alternative methods to achieve the desired functionality, such as using environment variables or secure communication protocols.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0826 |
| Severity | HIGH |
| IaC Type | circleci_pipelines |
| Frameworks | jobs.*.steps[] |
| Checkov ID | CKV_CIRCLECIPIPELINES_5 |