def proveanonymousauth_success(anonymous_auth_enabled_event, security_context_definition_to_test): global counter counter = 0 with requests_mock.Mocker( session=anonymous_auth_enabled_event.session) as session_mock: url = "https://" + anonymous_auth_enabled_event.host + ":10250/" listing_pods_url = url + "pods" run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd=" session_mock.get( listing_pods_url, text=pod_list_with_privileged_container.replace( "{security_context_definition_to_test}", security_context_definition_to_test), ) session_mock.post( run_url + urllib.parse.quote( "cat /var/run/secrets/kubernetes.io/serviceaccount/token", safe=""), text=service_account_token, ) session_mock.post(run_url + "env", text=env) class_being_tested = ProveAnonymousAuth(anonymous_auth_enabled_event) class_being_tested.execute() assert "The following containers have been successfully breached." in class_being_tested.event.evidence assert counter == 1
def test_get_request_valid_url(): class_being_tested = ProveAnonymousAuth(create_test_event_type_one()) with requests_mock.Mocker( session=class_being_tested.event.session) as session_mock: url = "https://localhost:10250/mock" session_mock.get(url, text="mock") return_value = class_being_tested.get_request(url) assert return_value == "mock"
def test_get_request_invalid_url(): class_being_tested = ProveAnonymousAuth(create_test_event_type_one()) with requests_mock.Mocker( session=class_being_tested.event.session) as session_mock: url = "https://localhost:10250/[mock]" session_mock.get(url, exc=requests.exceptions.InvalidURL) return_value = class_being_tested.get_request(url) assert return_value.startswith("Exception: ")
def test_proveanonymousauth_connectivity_issues(): class_being_tested = ProveAnonymousAuth(create_test_event_type_one()) with requests_mock.Mocker( session=class_being_tested.event.session) as session_mock: url = "https://" + class_being_tested.event.host + ":10250/" listing_pods_url = url + "pods" session_mock.get(listing_pods_url, exc=requests.exceptions.ConnectionError) class_being_tested.execute() assert class_being_tested.event.evidence == ""
def test_has_no_error_nor_exception_result_without_exception_and_without_error( ): mock_result = "Mock." return_value = ProveAnonymousAuth.has_no_error_nor_exception(mock_result) assert return_value is True
def post_request(url, params, expected_return_value, exception=None): class_being_tested_one = ProveAnonymousAuth(create_test_event_type_one()) with requests_mock.Mocker( session=class_being_tested_one.event.session) as session_mock: mock_params = {"text": "mock"} if not exception else {"exc": exception} session_mock.post(url, **mock_params) return_value = class_being_tested_one.post_request(url, params) assert return_value == expected_return_value class_being_tested_two = MaliciousIntentViaSecureKubeletPort( create_test_event_type_two()) with requests_mock.Mocker( session=class_being_tested_two.event.session) as session_mock: mock_params = {"text": "mock"} if not exception else {"exc": exception} session_mock.post(url, **mock_params) return_value = class_being_tested_two.post_request(url, params) assert return_value == expected_return_value
def test_has_no_error_nor_exception_result_with_exception_and_with_error(): mock_result = "Exception: Mock. Mock exited with error." return_value = ProveAnonymousAuth.has_no_error_nor_exception(mock_result) assert return_value is False
def test_has_no_error_result_with_error(): mock_result = "Mock exited with error." return_value = ProveAnonymousAuth.has_no_error(mock_result) assert return_value is False
def test_has_no_exception_result_with_exception(): mock_result = "Exception: Mock." return_value = ProveAnonymousAuth.has_no_exception(mock_result) assert return_value is False