Adding unit test

tall unittest-prettify

@@ -0,0 +1,241 @@
+*   4b14c08 (HEAD -> unit-test, origin/master, origin/HEAD, master) Merge pull request #54 from 2niknatan/master
+|\  
+| * 53c4854 Supporting aws on docker
+* | b0790b1 Update README.md
+* | 46b74c6 Merge pull request #53 from 2niknatan/master
+|\| 
+| * c315afe Printing error message when no kind was entered to '-aars' flag
+|/  
+*   7e67ead Merge pull request #52 from 2niknatan/master
+|\  
+| * e519c50 Fixing duplicates in '-rp' flag.
+|/  
+*   5442b99 Merge pull request #51 from AlonBenHorin/patch-4
+|\  
+| * b919b8e Update api_client.py
+|/  
+*   319d8d4 Merge pull request #49 from 2niknatan/master
+|\  
+| * dd86504 Fixing '-rp' flag.
+|/  
+* 171c5a3 Update README.md
+* 1bb7d22 Update README.md
+* 1827de2 Update README.md
+* c0d472f Update README.md
+* 30f9cf7 Update README.md
+* 194fcaf Adding secret creation to support version +1.24
+*   5e7395a Merge pull request #47 from 2niknatan/master
+|\  
+| * 201efce Fixing hang in some environments.
+|/  
+*   125f370 Merge pull request #46 from 2niknatan/master
+|\  
+| * cf2070a Fixing the path to '/opt/kubiscan/config_bak' like in the Dockerfile
+|/  
+*   f3f83a2 Merge pull request #45 from 2niknatan/master
+|\  
+| * b04638b Adding an environment variable to docker file and changing 'running_in_container' function accordingly.  Handling exceptions so the program will not crush.  Adding a tag to the 'docker run' command in the 'docker_run.sh' script.
+|/  
+* f71e710 Update docker_run.sh
+*   d4f3cc5 Merge pull request #43 from AlonBenHorin/patch-3
+|\  
+| * 97fbfc0 Update README.md
+|/  
+*   e607c9a Merge pull request #42 from AlonBenHorin/patch-2
+|\  
+| * 9527479 Update README.md
+|/  
+*   af84ea1 Merge pull request #41 from AlonBenHorin/patch-1
+|\  
+| * 22bba70 Update utils.py
+|/  
+*   3afcc49 Merge pull request #40 from 2niknatan/master
+|\  
+| * dca7e31 Fixing pull request #18 and adding bash script to run a container.
+* | 41ce1a8 Update KubiScan.py
+|/  
+* 70faf47 Update KubiScan.py
+* 583422f Update api_client.py
+* c97d268 Update api_client.py
+*   8de6e1c Merge branch 'simplify-dockerfile-parameterize-paths'
+|\  
+| * 733b14e Update README for Dockerfile changes + conf vars
+| * d8cc77b Add KUBISCAN_CONFIG_PATH to bypass Docker checks
+| * 524f400 Add .yaml extention to CONF_PATH default
+| * b198f6e Implement KUBISCAN_{VOLUME,CONFIG_BACKUP}_PATH var
+| * 0933e75 Refactor Dockerfile for security and simplicity
+| * 116c640 Pin Python packages + remove unused packages
+| * 08db12a Reduce deps used in kubectl examples
+* |   796a33c Merge pull request #39 from 2niknatan/master
+|\ \  
+| * | 2068158 Adding comments about the 'or []'
+|/ /  
+* |   0788e20 Merge pull request #34 from snorwin/fix-subjects-none-error
+|\ \  
+| * | 1395fa7 Fix iteration for rolebindings without subjects
+* | |   8d3b9f9 Merge pull request #37 from 2niknatan/master
+|\ \ \  
+| * | | e45639e Added error check for secret data
+* | | | 3b05e3c Merge pull request #36 from 2niknatan/master
+|\| | | 
+| * | | 54f21bf Fixing the risky pods switch
+* | | | 0d54e34 Merge pull request #35 from 2niknatan/master
+|\| | | 
+| * | | 64a5c5e Changing the function 'running_in_docker_container' to 'running_in_container'. Not the function checks if running in a general container, no necessarily docker container.
+| * | | c8b346e Changing the function 'running_in_docker_container' to 'running_in_container'. Not the function checks if running in a general container, no necessarily docker container.
+| * | | 8587c84 Adding namespace feature
+* | | |   655c0ca Merge pull request #31 from snorwin/fix-dockerfile
+|\ \ \ \  
+| * | | | fd971e8 Explicitly install pip3 for alpine based image
+| | |/ /  
+| |/| |   
+* | | |   a5f95a3 Merge pull request #33 from 2niknatan/master
+|\ \ \ \  
+| |/ / /  
+|/| / /   
+| |/ /    
+| * | f1656a2 Adding namespace feature
+| * | b578d32 Adding namespace feature
+* | | 7edfba8 Merge pull request #30 from 2niknatan/master
+|\| | 
+| * | 3ef8d5a Fixed bug with missing configuration object when using token
+|/ /  
+* |   f9871cc Merge pull request #19 from jpts/tls-warning-fix
+|\ \  
+| * | 8311618 Fix TLS warnings when using a token
+* | | 8a559e7 Update version of API
+* | | 439b3c9 Update NOTICES.txt
+* | | a5d30ff Added "nodes/proxy" permission as risky (#29)
+* | | cb2afeb Update README.md
+* | |   bfb9306 Merge pull request #25 from g3rzi/master
+|\ \ \  
+| * | | 8c9f698 Update api_client.py
+| * | | 9ae0622 Support in kube config file
+| * | | b041b6a Update KubiScan.py
+| * | | af8c086 Added support for kube config file
+| * | | dcbb87e Added support in config file
+|/ / /  
+* | | 1719ddd Fix error with 'get_default_copy()'
+* | |   02204b7 Merge pull request #24 from k-popov/master
+|\ \ \  
+| * \ \   e39b171 Merge branch 'master' into master
+| |\ \ \  
+| |/ / /  
+|/| | |   
+* | | |   c596031 Merge pull request #23 from gparvin/run-in-container-ocp
+|\ \ \ \  
+| * | | | 3ab4cf6 fix problem running kubiscan in container on openshift cluster
+| * | | | 156af12 fix 'NoneType' object is not iterable when running on OpenShift
+|/ / / /  
+| * | | 1b1ea9a Fix api client always connecting to localhost regardless of options
+| * | | 217e2f7 Check for source_rules and target_rules before iterating over them
+|/ / /  
+* | | c364ee0 Update README.md
+* | | 205484e Update license
+* | | a4be273 Update LICENSE
+* | | 283917e Update README.md
+* | | f029123 Update README.md
+* | | 5293cd7 Update README.md
+* | |   1b8648c Merge pull request #20 from cyberark/v.1.5.1
+|\ \ \  
+| |/ /  
+|/| |   
+| * | a93402f Handle pod.spec.volumes with None
+| * | 59a1d03 Handle pod.spec.volumes with None
+|/ /  
+* | c20370a Fix SyntaxWarning for 'is not' with literals
+* | 81834c6 Fix TabError
+* | dccec30 Fix missing namespace for service account #10
+|/  
+*   2531bbd Merge pull request #17 from disconnect3d/patch-3
+|\  
+| * 3ba74af Fix --pods-secrets-env example
+|/  
+* bed6dc0 Minor variable name change (#11)
+*   9eda197 Merge pull request #14 from disconnect3d/patch-1
+|\  
+| * 8dfb38b Support Py version where async is keyword: fix #11
+* | d4471d1 Added check to see if '/proc/self/cgroup' exist (#15)
+* |   83b82fd Merge pull request #16 from disconnect3d/patch-2
+|\ \  
+| * | 233de70 Use yaml.safe_load instead of yaml.load
+| |/  
+* / be53501 Update new version 1.5
+|/  
+* 35d6c04 Update KubiScan.py
+* 5f757b9 Added the mounted path inside the container (#9)
+* 322322a Added support to printing volumes with hostPaths mounted to container (#9)
+* c67dc08 Added support on hostPaths in containers (#9)
+* 2233c9d Fix in indents in risk YAML file (#10)
+* 6bcecb3 Removed debug printing for pod name
+* 1a1b1a4 Added printing of hostPorts and hostNetwork information (#9)
+* e0efb04 Added support on hostNetwork and hostPorts (#9)
+* d17fbe8 Added parsing for pod's spec for hostPID and hostIPC (#9)
+* ca3ede5 Added check for hostPID and hostIPC (case #9)
+* be60afc Added release and license images
+* ad55e1c Fix checking if inside a docker container
+* e282871 Suggestion to use VolumeMount
+* 9e9b646 Fix bug to get RoleBindings of "User" subjects
+* 68822bf Increase version
+* 5aff6b8 Added catch for 404 in function get_roles_associated_to_subject
+* f543474 Added support on privileged containers #9
+* cce2bae Support on privileged containers #9
+* f950f31 Added pod namespace to risky containers info
+* d0876ea Added missing verb in kubiscan token permissions
+* 1048a2a Update new version: 1.1
+* 40f1df2 Removed unnecessary prints
+* 718e864 Added option to read token from the containers or ETCD (#7)
+* 9cb20d8 Added function to decode base64 jwt token (#7)
+* 438713f Added option to read token from the containers or ETCD (#7)
+* 486b711 Added missing verb (#7)
+* aea492e Fixed wrong resource name (#7)
+* da0aa8c Fixing SyntaxError: EOL while scanning string literal
+* fcb2b64 Adding support to filter risky pods by namespace (#7)
+* 9a54790 Adding support to filter risky pods by namespace (#7)
+* e86f58f Update `-dt` switch documentation (#7)
+* 607f904 Added switch for priority (#7)
+* aeade54 Added comment on other possible way to get JWT tokens
+* 0ecf659 Adding support to different contexts (#8)
+* 9f82fd5 Adding support to different contexts (#8)
+* ba9a28d Dockerfile support for lightweight alpine image #4
+* 1f0332a Dockerfile support for lightweight alpine image #4
+* 191edf4 Remove Loader=yaml.FullLoader temporarily
+* e0acb2d Fixing PyYAML yaml.load(input) Deprecation
+*   7be3a0d Merge pull request #6 from mindfulmonk/patch-1
+|\  
+| * d9490de Strip newlines from files
+|/  
+* 11de797 Fix bug with decoding token with 0x82 byte (issue #3)
+* 5349e97 Fix for ClusterRoleBinding without a 'subjects' field
+* ba5b59c Added resources that can also create a pod
+* 2c71a9d Update requirements.txt
+* ed5e13f Adding requirements.txt (issue #2)
+* 7f9de69 Fix indentation level
+* 7b01dd3 Added support to ClusterRoles with 'None' rules
+* 45475d7 Support to list_cluster_role with 'None' rules
+* 00a6059 ClusterRoleBinding doesn't have timestamp
+* f3e649f Update README.md
+* 9b2b139 Update README.md
+* 015c469 Update README.md
+* 6d51599 Update README.md
+* 1e02a34 Update README.md
+* e7f0ebd Update examples.txt
+* 8562df4 Update README.md
+* 547c364 Update README.md
+* 68ea0d0 Update README.md
+* 64e1f16 Update README.md
+* fb2bacf Update README.md
+* 8ee3a66 Update README.md
+* 3fcd033 Update NOTICES.txt
+* aee9734 Update NOTICES.txt
+* c4a95aa Create NOTICES.txt
+* bead83a Update api_client_temp.py
+* 0ab203e Update api_client_temp.py
+* e8016ed Update README.md
+* 7c741bc Update README.md
+* 399cb72 Update README.md
+* 79ef2e4 Update README.md
+* 36aa839 Update README.md
+* fbf09e8 Update README.md
+* d761a97 Initial commit
+* 1529d0b Initial commit

unit_test.py

@@ -0,0 +1,61 @@
+import unittest
+from engine import utils, privleged_containers
+from engine.privleged_containers import get_privileged_containers
+from api import api_client
+
+list_of_risky_containers = ["test1-yes", "test3-yes", "test5ac2-yes", "test6a-yes", "test6b-yes",
+                            "test7c2-yes", "test8c-yes"]
+list_of_not_risky_containers = ["test5ac1-no", "test1-no", "test2b-no", "test7c1-no"]
+
+list_of_risky_users = ["kubiscan-sa"]
+list_of_not_risky_users = ["kubiscan-sa2", "default"]
+
+list_of_privileged_pods = ["etcd-minikube", "kube-apiserver-minikube", "kube-controller-manager-minikube",
+                           "kube-scheduler-minikube", "storage-provisioner"]
+
+
+def get_containers_by_names():
+    risky_pods = utils.get_risky_pods()
+    risky_containers_by_name = []
+    for risky_pod in risky_pods or []:
+        for container in risky_pod.containers:
+            risky_containers_by_name.append(container.name)
+    return risky_containers_by_name
+
+
+def get_risky_users_by_name():
+    risky_users = utils.get_all_risky_subjects()
+    risky_users_by_name = []
+    for risky_user in risky_users:
+        risky_users_by_name.append(risky_user.user_info.name)
+    return risky_users_by_name
+
+
+class TestKubiScan(unittest.TestCase):
+    api_client.api_init()
+
+    def test_get_risky_pods(self):
+        risky_containers_by_name = get_containers_by_names()
+        for container in list_of_risky_containers:
+            self.assertIn(container, risky_containers_by_name)
+        for container in list_of_not_risky_containers:
+            self.assertNotIn(container, risky_containers_by_name)
+
+    def test_get_all_risky_roles(self):
+        risky_users_by_name = get_risky_users_by_name()
+        for user in list_of_risky_users:
+            self.assertIn(user, risky_users_by_name)
+        for user in list_of_not_risky_users:
+            self.assertNotIn(user, risky_users_by_name)
+
+    def test_get_privileged_containers(self):
+        pods = get_privileged_containers()
+        string_list_of_privileged_pods = []
+        for pod in pods:
+            string_list_of_privileged_pods.append(pod.metadata.name)
+        for pod_name in list_of_privileged_pods:
+            self.assertIn(pod_name, string_list_of_privileged_pods)
+
+
+if __name__ == '__main__':
+    unittest.main()