From f03d9383fa0f0799888a4dd4c7658e238c314eed Mon Sep 17 00:00:00 2001
From: Federico Di Pierro <nierro92@gmail.com>
Date: Fri, 17 May 2024 16:49:04 +0200
Subject: [PATCH] fix(tests): fixed k8saudit rule that used `contains` on a
 list.

Signed-off-by: Federico Di Pierro <nierro92@gmail.com>
---
 tests/data/rules/k8saudit.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/data/rules/k8saudit.go b/tests/data/rules/k8saudit.go
index 3fa2595..2477c68 100644
--- a/tests/data/rules/k8saudit.go
+++ b/tests/data/rules/k8saudit.go
@@ -347,7 +347,7 @@ var K8SAuditEngineV4K8SAuditRules = run.NewStringFileAccessor(
 
 - rule: ClusterRole With Pod Exec Created
   desc: Detect any attempt to create a Role/ClusterRole that can exec to pods
-  condition: kevt and (role or clusterrole) and kcreate and ka.req.role.rules.resources contains "pods/exec"
+  condition: kevt and (role or clusterrole) and kcreate and ka.req.role.rules.resources intersects ("pods/exec")
   output: Created Role/ClusterRole with pod exec privileges (user=%ka.user.name role=%ka.target.name rules=%ka.req.role.rules)
   priority: WARNING
   source: k8s_audit