New rule: Helm chart: Unlimited ingress

RE: Detect security misconfigurations in Helm files
= Planned for 10.X LTS

If you define an authenticated API, and some internal endpoints which do not require authentication, and then you expose “uri: /” instead of “uri: /api”, then the internal endpoints will be accessible externally by accident.

Example code to match, from …/templates/ingress.yaml:
http:
- match:
- uri:

rewrite:
uri: /