Gitiles
Code Review Sign In
gerrit.nordix.org / onap / integration / 3a474afa535a225e47c8f6e287a46dc8ee65f1d7^! / . / test / security
commit3a474afa535a225e47c8f6e287a46dc8ee65f1d7[log] [tgz]
authorPawel Wieczorek <p.wieczorek2@samsung.com>Tue Mar 10 15:22:55 2020 +0100
committerPawel Wieczorek <p.wieczorek2@samsung.com>Tue Mar 10 15:30:04 2020 +0100
tree04ee97a78744e1162d3c5ff94f35638625287e12
parent331e07bb8bc2834801c61ab8a8062a7a39a8d232 [diff]
Drop filtering out services recognized as HTTP

This patch extends tool used to detect plain HTTP ports to report all
non-SSL endpoints. Previously it omitted services not recognized as
HTTP.

Naming changes were made to reflect purpose of this tool better.

Issue-ID: INT-1480
Change-Id: I58a152022d48121bf4b9c6180ddc820dd4a79805
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>

diff --git a/test/security/check_for_http_endpoints.sh b/test/security/check_for_nonssl_endpoints.sh
similarity index 86%
rename from test/security/check_for_http_endpoints.sh
rename to test/security/check_for_nonssl_endpoints.sh
index 5e2fd85..6056e03 100755
--- a/test/security/check_for_http_endpoints.sh
+++ b/test/security/check_for_nonssl_endpoints.sh

@@ -18,21 +18,21 @@
 #
 #   COPYRIGHT NOTICE ENDS HERE
 
-# Check all ports exposed outside of kubernetes cluster looking for plain http
+# Check all ports exposed outside of kubernetes cluster looking for non-SSL
 # endpoints.
 #
 # Dependencies:
 #     nmap
 #     kubectl + config
 #
-# Return value: Number of discovered http ports
-# Output: List of pods exposing http endpoints
+# Return value: Number of discovered non-SSL ports
+# Output: List of pods exposing non-SSL endpoints
 #
 
 usage() {
 	cat <<EOF
-Usage: $(basename $0) <k8s-namespace> [-l <list of HTTP endpoints expected to fail this test>]
-    -l: list of HTTP endpoints expected to fail this test
+Usage: $(basename $0) <k8s-namespace> [-l <list of non-SSL endpoints expected to fail this test>]
+    -l: list of non-SSL endpoints expected to fail this test
 EOF
 	exit ${1:-0}
 }
@@ -53,8 +53,8 @@
 fi
 
 K8S_NAMESPACE=$1
-FILTERED_PORTS_LIST=$(mktemp http_endpoints_XXXXXX)
-XF_RAW_FILE_PATH=$(mktemp raw_filtered_http_endpoints_XXXXXX)
+FILTERED_PORTS_LIST=$(mktemp nonssl_endpoints_XXXXXX)
+XF_RAW_FILE_PATH=$(mktemp raw_filtered_nonssl_endpoints_XXXXXX)
 
 strip_white_list() {
 	if [ ! -f $XF_FILE_PATH ]; then
@@ -94,8 +94,8 @@
 # Concatenate scan result with service name
 RESULTS=`paste <(printf %s "$SVCS") <(printf %s "$SCAN_RESULT") | column -t`
 
-# Find all plain http ports
-HTTP_PORTS=`grep http <<< "$RESULTS" | grep -v ssl/http | tee "$FILTERED_PORTS_LIST"`
+# Find all non-SSL ports
+HTTP_PORTS=`grep -v ssl <<< "$RESULTS" | tee "$FILTERED_PORTS_LIST"`
 
 # Filter out whitelisted endpoints
 while IFS= read -r line; do