From 447cf5222b2fa0d33a52804e058a53fa1e8ee81e Mon Sep 17 00:00:00 2001 From: root Date: Wed, 16 Nov 2022 13:27:54 +0200 Subject: [PATCH 1/2] Adding unit test --- tall unittest-prettify | 241 +++++++++++++++++++++++++++++++++++++ unit_test.py | 61 ++++++++++ unit_test/kubectl_apply.sh | 203 +++++++++++++++++++++++++++++++ unit_test/kubiscan-sa | 28 +++++ unit_test/kubiscan-sa2 | 28 +++++ unit_test/readme | 14 +++ 6 files changed, 575 insertions(+) create mode 100755 tall unittest-prettify create mode 100755 unit_test.py create mode 100755 unit_test/kubectl_apply.sh create mode 100755 unit_test/kubiscan-sa create mode 100755 unit_test/kubiscan-sa2 create mode 100644 unit_test/readme diff --git a/tall unittest-prettify b/tall unittest-prettify new file mode 100755 index 0000000..d0fe0e1 --- /dev/null +++ b/tall unittest-prettify @@ -0,0 +1,241 @@ +* 4b14c08 (HEAD -> unit-test, origin/master, origin/HEAD, master) Merge pull request #54 from 2niknatan/master +|\ +| * 53c4854 Supporting aws on docker +* | b0790b1 Update README.md +* | 46b74c6 Merge pull request #53 from 2niknatan/master +|\| +| * c315afe Printing error message when no kind was entered to '-aars' flag +|/ +* 7e67ead Merge pull request #52 from 2niknatan/master +|\ +| * e519c50 Fixing duplicates in '-rp' flag. +|/ +* 5442b99 Merge pull request #51 from AlonBenHorin/patch-4 +|\ +| * b919b8e Update api_client.py +|/ +* 319d8d4 Merge pull request #49 from 2niknatan/master +|\ +| * dd86504 Fixing '-rp' flag. +|/ +* 171c5a3 Update README.md +* 1bb7d22 Update README.md +* 1827de2 Update README.md +* c0d472f Update README.md +* 30f9cf7 Update README.md +* 194fcaf Adding secret creation to support version +1.24 +* 5e7395a Merge pull request #47 from 2niknatan/master +|\ +| * 201efce Fixing hang in some environments. +|/ +* 125f370 Merge pull request #46 from 2niknatan/master +|\ +| * cf2070a Fixing the path to '/opt/kubiscan/config_bak' like in the Dockerfile +|/ +* f3f83a2 Merge pull request #45 from 2niknatan/master +|\ +| * b04638b Adding an environment variable to docker file and changing 'running_in_container' function accordingly. Handling exceptions so the program will not crush. Adding a tag to the 'docker run' command in the 'docker_run.sh' script. +|/ +* f71e710 Update docker_run.sh +* d4f3cc5 Merge pull request #43 from AlonBenHorin/patch-3 +|\ +| * 97fbfc0 Update README.md +|/ +* e607c9a Merge pull request #42 from AlonBenHorin/patch-2 +|\ +| * 9527479 Update README.md +|/ +* af84ea1 Merge pull request #41 from AlonBenHorin/patch-1 +|\ +| * 22bba70 Update utils.py +|/ +* 3afcc49 Merge pull request #40 from 2niknatan/master +|\ +| * dca7e31 Fixing pull request #18 and adding bash script to run a container. +* | 41ce1a8 Update KubiScan.py +|/ +* 70faf47 Update KubiScan.py +* 583422f Update api_client.py +* c97d268 Update api_client.py +* 8de6e1c Merge branch 'simplify-dockerfile-parameterize-paths' +|\ +| * 733b14e Update README for Dockerfile changes + conf vars +| * d8cc77b Add KUBISCAN_CONFIG_PATH to bypass Docker checks +| * 524f400 Add .yaml extention to CONF_PATH default +| * b198f6e Implement KUBISCAN_{VOLUME,CONFIG_BACKUP}_PATH var +| * 0933e75 Refactor Dockerfile for security and simplicity +| * 116c640 Pin Python packages + remove unused packages +| * 08db12a Reduce deps used in kubectl examples +* | 796a33c Merge pull request #39 from 2niknatan/master +|\ \ +| * | 2068158 Adding comments about the 'or []' +|/ / +* | 0788e20 Merge pull request #34 from snorwin/fix-subjects-none-error +|\ \ +| * | 1395fa7 Fix iteration for rolebindings without subjects +* | | 8d3b9f9 Merge pull request #37 from 2niknatan/master +|\ \ \ +| * | | e45639e Added error check for secret data +* | | | 3b05e3c Merge pull request #36 from 2niknatan/master +|\| | | +| * | | 54f21bf Fixing the risky pods switch +* | | | 0d54e34 Merge pull request #35 from 2niknatan/master +|\| | | +| * | | 64a5c5e Changing the function 'running_in_docker_container' to 'running_in_container'. Not the function checks if running in a general container, no necessarily docker container. +| * | | c8b346e Changing the function 'running_in_docker_container' to 'running_in_container'. Not the function checks if running in a general container, no necessarily docker container. +| * | | 8587c84 Adding namespace feature +* | | | 655c0ca Merge pull request #31 from snorwin/fix-dockerfile +|\ \ \ \ +| * | | | fd971e8 Explicitly install pip3 for alpine based image +| | |/ / +| |/| | +* | | | a5f95a3 Merge pull request #33 from 2niknatan/master +|\ \ \ \ +| |/ / / +|/| / / +| |/ / +| * | f1656a2 Adding namespace feature +| * | b578d32 Adding namespace feature +* | | 7edfba8 Merge pull request #30 from 2niknatan/master +|\| | +| * | 3ef8d5a Fixed bug with missing configuration object when using token +|/ / +* | f9871cc Merge pull request #19 from jpts/tls-warning-fix +|\ \ +| * | 8311618 Fix TLS warnings when using a token +* | | 8a559e7 Update version of API +* | | 439b3c9 Update NOTICES.txt +* | | a5d30ff Added "nodes/proxy" permission as risky (#29) +* | | cb2afeb Update README.md +* | | bfb9306 Merge pull request #25 from g3rzi/master +|\ \ \ +| * | | 8c9f698 Update api_client.py +| * | | 9ae0622 Support in kube config file +| * | | b041b6a Update KubiScan.py +| * | | af8c086 Added support for kube config file +| * | | dcbb87e Added support in config file +|/ / / +* | | 1719ddd Fix error with 'get_default_copy()' +* | | 02204b7 Merge pull request #24 from k-popov/master +|\ \ \ +| * \ \ e39b171 Merge branch 'master' into master +| |\ \ \ +| |/ / / +|/| | | +* | | | c596031 Merge pull request #23 from gparvin/run-in-container-ocp +|\ \ \ \ +| * | | | 3ab4cf6 fix problem running kubiscan in container on openshift cluster +| * | | | 156af12 fix 'NoneType' object is not iterable when running on OpenShift +|/ / / / +| * | | 1b1ea9a Fix api client always connecting to localhost regardless of options +| * | | 217e2f7 Check for source_rules and target_rules before iterating over them +|/ / / +* | | c364ee0 Update README.md +* | | 205484e Update license +* | | a4be273 Update LICENSE +* | | 283917e Update README.md +* | | f029123 Update README.md +* | | 5293cd7 Update README.md +* | | 1b8648c Merge pull request #20 from cyberark/v.1.5.1 +|\ \ \ +| |/ / +|/| | +| * | a93402f Handle pod.spec.volumes with None +| * | 59a1d03 Handle pod.spec.volumes with None +|/ / +* | c20370a Fix SyntaxWarning for 'is not' with literals +* | 81834c6 Fix TabError +* | dccec30 Fix missing namespace for service account #10 +|/ +* 2531bbd Merge pull request #17 from disconnect3d/patch-3 +|\ +| * 3ba74af Fix --pods-secrets-env example +|/ +* bed6dc0 Minor variable name change (#11) +* 9eda197 Merge pull request #14 from disconnect3d/patch-1 +|\ +| * 8dfb38b Support Py version where async is keyword: fix #11 +* | d4471d1 Added check to see if '/proc/self/cgroup' exist (#15) +* | 83b82fd Merge pull request #16 from disconnect3d/patch-2 +|\ \ +| * | 233de70 Use yaml.safe_load instead of yaml.load +| |/ +* / be53501 Update new version 1.5 +|/ +* 35d6c04 Update KubiScan.py +* 5f757b9 Added the mounted path inside the container (#9) +* 322322a Added support to printing volumes with hostPaths mounted to container (#9) +* c67dc08 Added support on hostPaths in containers (#9) +* 2233c9d Fix in indents in risk YAML file (#10) +* 6bcecb3 Removed debug printing for pod name +* 1a1b1a4 Added printing of hostPorts and hostNetwork information (#9) +* e0efb04 Added support on hostNetwork and hostPorts (#9) +* d17fbe8 Added parsing for pod's spec for hostPID and hostIPC (#9) +* ca3ede5 Added check for hostPID and hostIPC (case #9) +* be60afc Added release and license images +* ad55e1c Fix checking if inside a docker container +* e282871 Suggestion to use VolumeMount +* 9e9b646 Fix bug to get RoleBindings of "User" subjects +* 68822bf Increase version +* 5aff6b8 Added catch for 404 in function get_roles_associated_to_subject +* f543474 Added support on privileged containers #9 +* cce2bae Support on privileged containers #9 +* f950f31 Added pod namespace to risky containers info +* d0876ea Added missing verb in kubiscan token permissions +* 1048a2a Update new version: 1.1 +* 40f1df2 Removed unnecessary prints +* 718e864 Added option to read token from the containers or ETCD (#7) +* 9cb20d8 Added function to decode base64 jwt token (#7) +* 438713f Added option to read token from the containers or ETCD (#7) +* 486b711 Added missing verb (#7) +* aea492e Fixed wrong resource name (#7) +* da0aa8c Fixing SyntaxError: EOL while scanning string literal +* fcb2b64 Adding support to filter risky pods by namespace (#7) +* 9a54790 Adding support to filter risky pods by namespace (#7) +* e86f58f Update `-dt` switch documentation (#7) +* 607f904 Added switch for priority (#7) +* aeade54 Added comment on other possible way to get JWT tokens +* 0ecf659 Adding support to different contexts (#8) +* 9f82fd5 Adding support to different contexts (#8) +* ba9a28d Dockerfile support for lightweight alpine image #4 +* 1f0332a Dockerfile support for lightweight alpine image #4 +* 191edf4 Remove Loader=yaml.FullLoader temporarily +* e0acb2d Fixing PyYAML yaml.load(input) Deprecation +* 7be3a0d Merge pull request #6 from mindfulmonk/patch-1 +|\ +| * d9490de Strip newlines from files +|/ +* 11de797 Fix bug with decoding token with 0x82 byte (issue #3) +* 5349e97 Fix for ClusterRoleBinding without a 'subjects' field +* ba5b59c Added resources that can also create a pod +* 2c71a9d Update requirements.txt +* ed5e13f Adding requirements.txt (issue #2) +* 7f9de69 Fix indentation level +* 7b01dd3 Added support to ClusterRoles with 'None' rules +* 45475d7 Support to list_cluster_role with 'None' rules +* 00a6059 ClusterRoleBinding doesn't have timestamp +* f3e649f Update README.md +* 9b2b139 Update README.md +* 015c469 Update README.md +* 6d51599 Update README.md +* 1e02a34 Update README.md +* e7f0ebd Update examples.txt +* 8562df4 Update README.md +* 547c364 Update README.md +* 68ea0d0 Update README.md +* 64e1f16 Update README.md +* fb2bacf Update README.md +* 8ee3a66 Update README.md +* 3fcd033 Update NOTICES.txt +* aee9734 Update NOTICES.txt +* c4a95aa Create NOTICES.txt +* bead83a Update api_client_temp.py +* 0ab203e Update api_client_temp.py +* e8016ed Update README.md +* 7c741bc Update README.md +* 399cb72 Update README.md +* 79ef2e4 Update README.md +* 36aa839 Update README.md +* fbf09e8 Update README.md +* d761a97 Initial commit +* 1529d0b Initial commit diff --git a/unit_test.py b/unit_test.py new file mode 100755 index 0000000..d3c5a2f --- /dev/null +++ b/unit_test.py @@ -0,0 +1,61 @@ +import unittest +from engine import utils, privleged_containers +from engine.privleged_containers import get_privileged_containers +from api import api_client + +list_of_risky_containers = ["test1-yes", "test3-yes", "test5ac2-yes", "test6a-yes", "test6b-yes", + "test7c2-yes", "test8c-yes"] +list_of_not_risky_containers = ["test5ac1-no", "test1-no", "test2b-no", "test7c1-no"] + +list_of_risky_users = ["kubiscan-sa"] +list_of_not_risky_users = ["kubiscan-sa2", "default"] + +list_of_privileged_pods = ["etcd-minikube", "kube-apiserver-minikube", "kube-controller-manager-minikube", + "kube-scheduler-minikube", "storage-provisioner"] + + +def get_containers_by_names(): + risky_pods = utils.get_risky_pods() + risky_containers_by_name = [] + for risky_pod in risky_pods or []: + for container in risky_pod.containers: + risky_containers_by_name.append(container.name) + return risky_containers_by_name + + +def get_risky_users_by_name(): + risky_users = utils.get_all_risky_subjects() + risky_users_by_name = [] + for risky_user in risky_users: + risky_users_by_name.append(risky_user.user_info.name) + return risky_users_by_name + + +class TestKubiScan(unittest.TestCase): + api_client.api_init() + + def test_get_risky_pods(self): + risky_containers_by_name = get_containers_by_names() + for container in list_of_risky_containers: + self.assertIn(container, risky_containers_by_name) + for container in list_of_not_risky_containers: + self.assertNotIn(container, risky_containers_by_name) + + def test_get_all_risky_roles(self): + risky_users_by_name = get_risky_users_by_name() + for user in list_of_risky_users: + self.assertIn(user, risky_users_by_name) + for user in list_of_not_risky_users: + self.assertNotIn(user, risky_users_by_name) + + def test_get_privileged_containers(self): + pods = get_privileged_containers() + string_list_of_privileged_pods = [] + for pod in pods: + string_list_of_privileged_pods.append(pod.metadata.name) + for pod_name in list_of_privileged_pods: + self.assertIn(pod_name, string_list_of_privileged_pods) + + +if __name__ == '__main__': + unittest.main() diff --git a/unit_test/kubectl_apply.sh b/unit_test/kubectl_apply.sh new file mode 100755 index 0000000..ae82170 --- /dev/null +++ b/unit_test/kubectl_apply.sh @@ -0,0 +1,203 @@ +#!/bin/bash +GREEN='\033[3;92m' +BCYAN='\033[1;96m' +UCYAN='\033[4;96m' +NO_COLOR='\033[0m' + + +if [ "$1" = "-h" ]; +then + echo -e "${UCYAN}How to run unit-test:${NO_COLOR}" + echo -e "${BCYAN}$(cat readme)${NO_COLOR}" + exit 0 +fi + +DEFAULT_SECRET=$(kubectl get sa default -o=jsonpath='{.secrets[0].name}') +echo -e "${GREEN}Creating kubiscan-sa...${NO_COLOR}" +kubectl apply -f kubiscan-sa +echo -e "${GREEN}Creating kubiscan-sa2...${NO_COLOR}" +kubectl apply -f kubiscan-sa2 +KUBISCAN_SA_SECRET=$(kubectl get sa kubiscan-sa -o=jsonpath='{.secrets[0].name}') +KUBISCAN_SA2_SECRET=$(kubectl get sa kubiscan-sa2 -o=jsonpath='{.secrets[0].name}') +echo -e "${BCYAN}kubiscan-sa secret: "$KUBISCAN_SA_SECRET", kubiscan-sa2 secret: "$KUBISCAN_SA2_SECRET ${NO_COLOR}"" + +echo -e "${GREEN}Creating test1-yes pod...${NO_COLOR}" +kubectl apply -f - << EOF +apiVersion: v1 +kind: Pod +metadata: + name: test1-yes +spec: + serviceAccountName: kubiscan-sa + containers: + - name: test1-yes + image: nginx +EOF + +echo -e "${GREEN}Creating test5-yes pod...${NO_COLOR}" +kubectl apply -f - << EOF +apiVersion: v1 +kind: Pod +metadata: + name: test5a-yes + namespace: default +spec: + serviceAccountName: kubiscan-sa + containers: + - image: nginx + name: test5ac1-no + volumeMounts: + - name: secret-volume + readOnly: true + mountPath: "/var/run/secrets/kubernetes.io/serviceaccount" + - image: nginx + name: test5ac2-yes + volumes: + - name: secret-volume + secret: + secretName: "$DEFAULT_SECRET" +EOF + +echo -e "${GREEN}Creating test8-yes pod...${NO_COLOR}" +kubectl apply -f - << EOF +apiVersion: v1 +kind: Pod +metadata: + name: test8-yes + namespace: default +spec: + serviceAccountName: kubiscan-sa + containers: + - image: nginx + name: test8c-yes + volumeMounts: + - name: secret-volume + readOnly: true + mountPath: "/var/run/secrets/kubernetes.io/serviceaccount" + - name: secret-volume2 + mountPath: "/var/run/secrets/tokens" + volumes: + - name: secret-volume + secret: + secretName: "$KUBISCAN_SA_SECRET" + - name: secret-volume2 + secret: + secretName: "$KUBISCAN_SA2_SECRET" +EOF + +echo -e "${GREEN}Creating test1-no pod...${NO_COLOR}" +kubectl apply -f - <" + "cd KubiScan/for_unit_test/" + "./kubectl_apply.sh" +[6] For the unit-test run the following command: + python3 -m pytest -v unit_test.py From afdb59a81e3e3e123516a016c1d4378487800721 Mon Sep 17 00:00:00 2001 From: Eviatar Gerzi Date: Sun, 27 Nov 2022 09:54:32 +0200 Subject: [PATCH 2/2] Delete tall unittest-prettify --- tall unittest-prettify | 241 ----------------------------------------- 1 file changed, 241 deletions(-) delete mode 100755 tall unittest-prettify diff --git a/tall unittest-prettify b/tall unittest-prettify deleted file mode 100755 index d0fe0e1..0000000 --- a/tall unittest-prettify +++ /dev/null @@ -1,241 +0,0 @@ -* 4b14c08 (HEAD -> unit-test, origin/master, origin/HEAD, master) Merge pull request #54 from 2niknatan/master -|\ -| * 53c4854 Supporting aws on docker -* | b0790b1 Update README.md -* | 46b74c6 Merge pull request #53 from 2niknatan/master -|\| -| * c315afe Printing error message when no kind was entered to '-aars' flag -|/ -* 7e67ead Merge pull request #52 from 2niknatan/master -|\ -| * e519c50 Fixing duplicates in '-rp' flag. -|/ -* 5442b99 Merge pull request #51 from AlonBenHorin/patch-4 -|\ -| * b919b8e Update api_client.py -|/ -* 319d8d4 Merge pull request #49 from 2niknatan/master -|\ -| * dd86504 Fixing '-rp' flag. -|/ -* 171c5a3 Update README.md -* 1bb7d22 Update README.md -* 1827de2 Update README.md -* c0d472f Update README.md -* 30f9cf7 Update README.md -* 194fcaf Adding secret creation to support version +1.24 -* 5e7395a Merge pull request #47 from 2niknatan/master -|\ -| * 201efce Fixing hang in some environments. -|/ -* 125f370 Merge pull request #46 from 2niknatan/master -|\ -| * cf2070a Fixing the path to '/opt/kubiscan/config_bak' like in the Dockerfile -|/ -* f3f83a2 Merge pull request #45 from 2niknatan/master -|\ -| * b04638b Adding an environment variable to docker file and changing 'running_in_container' function accordingly. Handling exceptions so the program will not crush. Adding a tag to the 'docker run' command in the 'docker_run.sh' script. -|/ -* f71e710 Update docker_run.sh -* d4f3cc5 Merge pull request #43 from AlonBenHorin/patch-3 -|\ -| * 97fbfc0 Update README.md -|/ -* e607c9a Merge pull request #42 from AlonBenHorin/patch-2 -|\ -| * 9527479 Update README.md -|/ -* af84ea1 Merge pull request #41 from AlonBenHorin/patch-1 -|\ -| * 22bba70 Update utils.py -|/ -* 3afcc49 Merge pull request #40 from 2niknatan/master -|\ -| * dca7e31 Fixing pull request #18 and adding bash script to run a container. -* | 41ce1a8 Update KubiScan.py -|/ -* 70faf47 Update KubiScan.py -* 583422f Update api_client.py -* c97d268 Update api_client.py -* 8de6e1c Merge branch 'simplify-dockerfile-parameterize-paths' -|\ -| * 733b14e Update README for Dockerfile changes + conf vars -| * d8cc77b Add KUBISCAN_CONFIG_PATH to bypass Docker checks -| * 524f400 Add .yaml extention to CONF_PATH default -| * b198f6e Implement KUBISCAN_{VOLUME,CONFIG_BACKUP}_PATH var -| * 0933e75 Refactor Dockerfile for security and simplicity -| * 116c640 Pin Python packages + remove unused packages -| * 08db12a Reduce deps used in kubectl examples -* | 796a33c Merge pull request #39 from 2niknatan/master -|\ \ -| * | 2068158 Adding comments about the 'or []' -|/ / -* | 0788e20 Merge pull request #34 from snorwin/fix-subjects-none-error -|\ \ -| * | 1395fa7 Fix iteration for rolebindings without subjects -* | | 8d3b9f9 Merge pull request #37 from 2niknatan/master -|\ \ \ -| * | | e45639e Added error check for secret data -* | | | 3b05e3c Merge pull request #36 from 2niknatan/master -|\| | | -| * | | 54f21bf Fixing the risky pods switch -* | | | 0d54e34 Merge pull request #35 from 2niknatan/master -|\| | | -| * | | 64a5c5e Changing the function 'running_in_docker_container' to 'running_in_container'. Not the function checks if running in a general container, no necessarily docker container. -| * | | c8b346e Changing the function 'running_in_docker_container' to 'running_in_container'. Not the function checks if running in a general container, no necessarily docker container. -| * | | 8587c84 Adding namespace feature -* | | | 655c0ca Merge pull request #31 from snorwin/fix-dockerfile -|\ \ \ \ -| * | | | fd971e8 Explicitly install pip3 for alpine based image -| | |/ / -| |/| | -* | | | a5f95a3 Merge pull request #33 from 2niknatan/master -|\ \ \ \ -| |/ / / -|/| / / -| |/ / -| * | f1656a2 Adding namespace feature -| * | b578d32 Adding namespace feature -* | | 7edfba8 Merge pull request #30 from 2niknatan/master -|\| | -| * | 3ef8d5a Fixed bug with missing configuration object when using token -|/ / -* | f9871cc Merge pull request #19 from jpts/tls-warning-fix -|\ \ -| * | 8311618 Fix TLS warnings when using a token -* | | 8a559e7 Update version of API -* | | 439b3c9 Update NOTICES.txt -* | | a5d30ff Added "nodes/proxy" permission as risky (#29) -* | | cb2afeb Update README.md -* | | bfb9306 Merge pull request #25 from g3rzi/master -|\ \ \ -| * | | 8c9f698 Update api_client.py -| * | | 9ae0622 Support in kube config file -| * | | b041b6a Update KubiScan.py -| * | | af8c086 Added support for kube config file -| * | | dcbb87e Added support in config file -|/ / / -* | | 1719ddd Fix error with 'get_default_copy()' -* | | 02204b7 Merge pull request #24 from k-popov/master -|\ \ \ -| * \ \ e39b171 Merge branch 'master' into master -| |\ \ \ -| |/ / / -|/| | | -* | | | c596031 Merge pull request #23 from gparvin/run-in-container-ocp -|\ \ \ \ -| * | | | 3ab4cf6 fix problem running kubiscan in container on openshift cluster -| * | | | 156af12 fix 'NoneType' object is not iterable when running on OpenShift -|/ / / / -| * | | 1b1ea9a Fix api client always connecting to localhost regardless of options -| * | | 217e2f7 Check for source_rules and target_rules before iterating over them -|/ / / -* | | c364ee0 Update README.md -* | | 205484e Update license -* | | a4be273 Update LICENSE -* | | 283917e Update README.md -* | | f029123 Update README.md -* | | 5293cd7 Update README.md -* | | 1b8648c Merge pull request #20 from cyberark/v.1.5.1 -|\ \ \ -| |/ / -|/| | -| * | a93402f Handle pod.spec.volumes with None -| * | 59a1d03 Handle pod.spec.volumes with None -|/ / -* | c20370a Fix SyntaxWarning for 'is not' with literals -* | 81834c6 Fix TabError -* | dccec30 Fix missing namespace for service account #10 -|/ -* 2531bbd Merge pull request #17 from disconnect3d/patch-3 -|\ -| * 3ba74af Fix --pods-secrets-env example -|/ -* bed6dc0 Minor variable name change (#11) -* 9eda197 Merge pull request #14 from disconnect3d/patch-1 -|\ -| * 8dfb38b Support Py version where async is keyword: fix #11 -* | d4471d1 Added check to see if '/proc/self/cgroup' exist (#15) -* | 83b82fd Merge pull request #16 from disconnect3d/patch-2 -|\ \ -| * | 233de70 Use yaml.safe_load instead of yaml.load -| |/ -* / be53501 Update new version 1.5 -|/ -* 35d6c04 Update KubiScan.py -* 5f757b9 Added the mounted path inside the container (#9) -* 322322a Added support to printing volumes with hostPaths mounted to container (#9) -* c67dc08 Added support on hostPaths in containers (#9) -* 2233c9d Fix in indents in risk YAML file (#10) -* 6bcecb3 Removed debug printing for pod name -* 1a1b1a4 Added printing of hostPorts and hostNetwork information (#9) -* e0efb04 Added support on hostNetwork and hostPorts (#9) -* d17fbe8 Added parsing for pod's spec for hostPID and hostIPC (#9) -* ca3ede5 Added check for hostPID and hostIPC (case #9) -* be60afc Added release and license images -* ad55e1c Fix checking if inside a docker container -* e282871 Suggestion to use VolumeMount -* 9e9b646 Fix bug to get RoleBindings of "User" subjects -* 68822bf Increase version -* 5aff6b8 Added catch for 404 in function get_roles_associated_to_subject -* f543474 Added support on privileged containers #9 -* cce2bae Support on privileged containers #9 -* f950f31 Added pod namespace to risky containers info -* d0876ea Added missing verb in kubiscan token permissions -* 1048a2a Update new version: 1.1 -* 40f1df2 Removed unnecessary prints -* 718e864 Added option to read token from the containers or ETCD (#7) -* 9cb20d8 Added function to decode base64 jwt token (#7) -* 438713f Added option to read token from the containers or ETCD (#7) -* 486b711 Added missing verb (#7) -* aea492e Fixed wrong resource name (#7) -* da0aa8c Fixing SyntaxError: EOL while scanning string literal -* fcb2b64 Adding support to filter risky pods by namespace (#7) -* 9a54790 Adding support to filter risky pods by namespace (#7) -* e86f58f Update `-dt` switch documentation (#7) -* 607f904 Added switch for priority (#7) -* aeade54 Added comment on other possible way to get JWT tokens -* 0ecf659 Adding support to different contexts (#8) -* 9f82fd5 Adding support to different contexts (#8) -* ba9a28d Dockerfile support for lightweight alpine image #4 -* 1f0332a Dockerfile support for lightweight alpine image #4 -* 191edf4 Remove Loader=yaml.FullLoader temporarily -* e0acb2d Fixing PyYAML yaml.load(input) Deprecation -* 7be3a0d Merge pull request #6 from mindfulmonk/patch-1 -|\ -| * d9490de Strip newlines from files -|/ -* 11de797 Fix bug with decoding token with 0x82 byte (issue #3) -* 5349e97 Fix for ClusterRoleBinding without a 'subjects' field -* ba5b59c Added resources that can also create a pod -* 2c71a9d Update requirements.txt -* ed5e13f Adding requirements.txt (issue #2) -* 7f9de69 Fix indentation level -* 7b01dd3 Added support to ClusterRoles with 'None' rules -* 45475d7 Support to list_cluster_role with 'None' rules -* 00a6059 ClusterRoleBinding doesn't have timestamp -* f3e649f Update README.md -* 9b2b139 Update README.md -* 015c469 Update README.md -* 6d51599 Update README.md -* 1e02a34 Update README.md -* e7f0ebd Update examples.txt -* 8562df4 Update README.md -* 547c364 Update README.md -* 68ea0d0 Update README.md -* 64e1f16 Update README.md -* fb2bacf Update README.md -* 8ee3a66 Update README.md -* 3fcd033 Update NOTICES.txt -* aee9734 Update NOTICES.txt -* c4a95aa Create NOTICES.txt -* bead83a Update api_client_temp.py -* 0ab203e Update api_client_temp.py -* e8016ed Update README.md -* 7c741bc Update README.md -* 399cb72 Update README.md -* 79ef2e4 Update README.md -* 36aa839 Update README.md -* fbf09e8 Update README.md -* d761a97 Initial commit -* 1529d0b Initial commit