From cf0c87bbbe4cfcbfc3c43b9a392e1799d9c09fbe Mon Sep 17 00:00:00 2001
From: Peter Balogh <p.balogh.sa@gmail.com>
Date: Mon, 5 Aug 2024 15:16:57 +0200
Subject: [PATCH] feat: use CIS EKS 1.5.0 by default

---
 cfg/eks-1.5.0/policies.yaml | 4 ++--
 cmd/common_test.go          | 6 ++++++
 cmd/util.go                 | 2 +-
 cmd/util_test.go            | 2 +-
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/cfg/eks-1.5.0/policies.yaml b/cfg/eks-1.5.0/policies.yaml
index 6dd7fbe..69c273b 100644
--- a/cfg/eks-1.5.0/policies.yaml
+++ b/cfg/eks-1.5.0/policies.yaml
@@ -114,8 +114,8 @@ groups:
         text: "Minimize the admission of containers wishing to share the host network namespace (Automated)"
         type: "manual"
         remediation: |
-          Create a PSP as described in the Kubernetes documentation, ensuring that the
-          .spec.hostNetwork field is omitted or set to false.
+          Add policies to each namespace in the cluster which has user workloads to restrict the
+          admission of hostNetwork containers.
         scored: false
 
       - id: 4.2.5
diff --git a/cmd/common_test.go b/cmd/common_test.go
index 53793a0..009462b 100644
--- a/cmd/common_test.go
+++ b/cmd/common_test.go
@@ -460,6 +460,12 @@ func TestValidTargets(t *testing.T) {
 			targets:   []string{"node", "policies", "controlplane", "managedservices"},
 			expected:  true,
 		},
+		{
+			name:      "eks-1.5.0 valid",
+			benchmark: "eks-1.5.0",
+			targets:   []string{"node", "policies", "controlplane", "managedservices"},
+			expected:  true,
+		},
 	}
 
 	for _, c := range cases {
diff --git a/cmd/util.go b/cmd/util.go
index 95c0b26..8f09da0 100644
--- a/cmd/util.go
+++ b/cmd/util.go
@@ -489,7 +489,7 @@ func getPlatformBenchmarkVersion(platform Platform) string {
 	glog.V(3).Infof("getPlatformBenchmarkVersion platform: %s", platform)
 	switch platform.Name {
 	case "eks":
-		return "eks-1.2.0"
+		return "eks-1.5.0"
 	case "gke":
 		switch platform.Version {
 		case "1.15", "1.16", "1.17", "1.18", "1.19":
diff --git a/cmd/util_test.go b/cmd/util_test.go
index 2c24a7a..aea9d64 100644
--- a/cmd/util_test.go
+++ b/cmd/util_test.go
@@ -650,7 +650,7 @@ func Test_getPlatformBenchmarkVersion(t *testing.T) {
 			args: args{
 				platform: Platform{Name: "eks"},
 			},
-			want: "eks-1.2.0",
+			want: "eks-1.5.0",
 		},
 		{
 			name: "gke 1.19",