Update kubernetes_pod_create_or_modify_host_path_vol_mount_query.yml (#…

…983)

Missing a tick in the hostPath where for /var/run/docker.sock

Co-authored-by: Ariel Ropek <[email protected]>

queries/kubernetes_queries/kubernetes_pod_create_or_modify_host_path_vol_mount_query.yml

@@ -14,7 +14,7 @@ Query: >
                  WHERE
                  verb IN ('create', 'update', 'patch')
                  AND objectRef:resource = 'pods'
-                 AND request_object:spec:volumes[0]:hostPath:path ilike ANY (/var/run/docker.sock','/var/run/crio/crio.sock','/var/lib/kubelet','/var/lib/kubelet/pki','/var/lib/docker/overlay2','/etc/kubernetes','/etc/kubernetes/manifests','/etc/kubernetes/pki','/home/admin')                  
+                 AND request_object:spec:volumes[0]:hostPath:path ilike ANY ('/var/run/docker.sock','/var/run/crio/crio.sock','/var/lib/kubelet','/var/lib/kubelet/pki','/var/lib/docker/overlay2','/etc/kubernetes','/etc/kubernetes/manifests','/etc/kubernetes/pki','/home/admin')                  
                  AND p_occurs_since('30 minutes')
                  --insert allow-list for expected workloads that require a sensitive mount
                  LIMIT 10