Add ESC15 Detections #187
Add ESC15 Detections #187
Conversation
🦙 MegaLinter status:
|
| Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
|---|---|---|---|---|---|
| jscpd | yes | 21 | 2.15s | ||
| editorconfig-checker | 19 | 1 | 0.31s | ||
| powershell | 19 | 16 | 33.14s | ||
| ✅ POWERSHELL | powershell_formatter | 19 | 0 | 20.43s | |
| checkov | yes | 1 | 13.87s | ||
| ✅ REPOSITORY | gitleaks | yes | no | 0.5s | |
| ✅ REPOSITORY | git_diff | yes | no | 0.01s | |
| ✅ REPOSITORY | grype | yes | no | 18.07s | |
| ✅ REPOSITORY | secretlint | yes | no | 0.98s | |
| ✅ REPOSITORY | trivy | yes | no | 6.27s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | 6.27s | |
| ✅ REPOSITORY | trufflehog | yes | no | 6.55s | |
| cspell | 20 | 352 | 10.65s |
See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff
MegaLinter is graciously provided by
|
The code runs successfully. When I ran this in my lab it returned the following hits:
None of these templates are intentionally misconfigured with any of the other ESC. Furthermore, when I requested a certificate for say the User template, I do not see "Application Policies" anywhere in the cert. Are these false positives then? |
Nah, any Schema V1 template can be used to create a certificate with Application Policies attached. Depending on the exact Schema V1 template abused, you could end up with a wide variety of possible issue. Thankfully it's been patched! For those reading: best practices are to create a duplicate of an existing Schema V1 template when creating a new template. This changes the Schema version to 2 and adds more functionality! |
Added ESC15 detections to all the places.
Also added links to Specterops, Compass, and TrustedSec write-ups of all the stuff Locksmith looks for.