def proveanonymousauth_success(anonymous_auth_enabled_event,
security_context_definition_to_test):
global counter
counter = 0
with requests_mock.Mocker(
session=anonymous_auth_enabled_event.session) as session_mock:
url = "https://" + anonymous_auth_enabled_event.host + ":10250/"
listing_pods_url = url + "pods"
run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
session_mock.get(
listing_pods_url,
text=pod_list_with_privileged_container.replace(
"{security_context_definition_to_test}",
security_context_definition_to_test),
)
session_mock.post(
run_url + urllib.parse.quote(
"cat /var/run/secrets/kubernetes.io/serviceaccount/token",
safe=""),
text=service_account_token,
)
session_mock.post(run_url + "env", text=env)
class_being_tested = ProveAnonymousAuth(anonymous_auth_enabled_event)
class_being_tested.execute()
assert "The following containers have been successfully breached." in class_being_tested.event.evidence
assert counter == 1
def test_get_request_valid_url():
class_being_tested = ProveAnonymousAuth(create_test_event_type_one())
with requests_mock.Mocker(
session=class_being_tested.event.session) as session_mock:
url = "https://localhost:10250/mock"
session_mock.get(url, text="mock")
return_value = class_being_tested.get_request(url)
assert return_value == "mock"
def test_get_request_invalid_url():
class_being_tested = ProveAnonymousAuth(create_test_event_type_one())
with requests_mock.Mocker(
session=class_being_tested.event.session) as session_mock:
url = "https://localhost:10250/[mock]"
session_mock.get(url, exc=requests.exceptions.InvalidURL)
return_value = class_being_tested.get_request(url)
assert return_value.startswith("Exception: ")
def test_proveanonymousauth_connectivity_issues():
class_being_tested = ProveAnonymousAuth(create_test_event_type_one())
with requests_mock.Mocker(
session=class_being_tested.event.session) as session_mock:
url = "https://" + class_being_tested.event.host + ":10250/"
listing_pods_url = url + "pods"
session_mock.get(listing_pods_url,
exc=requests.exceptions.ConnectionError)
class_being_tested.execute()
assert class_being_tested.event.evidence == ""
def test_has_no_error_nor_exception_result_without_exception_and_without_error(
):
mock_result = "Mock."
return_value = ProveAnonymousAuth.has_no_error_nor_exception(mock_result)
assert return_value is True
def post_request(url, params, expected_return_value, exception=None):
class_being_tested_one = ProveAnonymousAuth(create_test_event_type_one())
with requests_mock.Mocker(
session=class_being_tested_one.event.session) as session_mock:
mock_params = {"text": "mock"} if not exception else {"exc": exception}
session_mock.post(url, **mock_params)
return_value = class_being_tested_one.post_request(url, params)
assert return_value == expected_return_value
class_being_tested_two = MaliciousIntentViaSecureKubeletPort(
create_test_event_type_two())
with requests_mock.Mocker(
session=class_being_tested_two.event.session) as session_mock:
mock_params = {"text": "mock"} if not exception else {"exc": exception}
session_mock.post(url, **mock_params)
return_value = class_being_tested_two.post_request(url, params)
assert return_value == expected_return_value
def test_has_no_error_nor_exception_result_with_exception_and_with_error():
mock_result = "Exception: Mock. Mock exited with error."
return_value = ProveAnonymousAuth.has_no_error_nor_exception(mock_result)
assert return_value is False
def test_has_no_error_result_with_error():
mock_result = "Mock exited with error."
return_value = ProveAnonymousAuth.has_no_error(mock_result)
assert return_value is False
def test_has_no_exception_result_with_exception():
mock_result = "Exception: Mock."
return_value = ProveAnonymousAuth.has_no_exception(mock_result)
assert return_value is False
