Suspicious use of curl in run task
Description
This policy checks for suspicious use of curl in CircleCI pipeline run tasks, specifically looking for commands that use 'curl' and 'POST' together, which could potentially be used for malicious activities such as data exfiltration or unauthorized API calls. It's essential to review and validate the usage of curl in pipeline scripts to prevent potential security risks. The rule scans the 'run' section of the CircleCI configuration to identify such patterns. By detecting and addressing these issues, developers can ensure the security and integrity of their CI/CD pipelines.
Code Example
version: 2.1
jobs:
build-and-test:
docker:
- image: circleci/python:3.9
steps:
- run: |
# Refactored command using wget instead of curl
wget -q -O example.txt https://example.com/api/endpointRemediation
Review and refactor the curl command in the CircleCI pipeline script to ensure it is not used for malicious activities. Consider using alternative, more secure methods for making HTTP requests, such as using official API clients or libraries.
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0828 |
| Severity | MEDIUM |
| IaC Type | circleci_pipelines |
| Frameworks | jobs.*.steps[] |
| Checkov ID | CKV_CIRCLECIPIPELINES_7 |