def test_FromPodHostDiscovery():
with requests_mock.Mocker() as m:
e = RunningAsPodEvent()
config.azure = False
config.remote = None
config.cidr = None
m.get(
"http://169.254.169.254/metadata/instance?api-version=2017-08-01",
status_code=404,
)
f = FromPodHostDiscovery(e)
assert not f.is_azure_pod()
# TODO For now we don't test the traceroute discovery version
# f.execute()
# Test that we generate NewHostEvent for the addresses reported by the Azure Metadata API
config.azure = True
m.get(
"http://169.254.169.254/metadata/instance?api-version=2017-08-01",
text=
'{"network":{"interface":[{"ipv4":{"subnet":[{"address": "3.4.5.6", "prefix": "255.255.255.252"}]}}]}}',
)
assert f.is_azure_pod()
f.execute()
# Test that we don't trigger a HostScanEvent unless either config.remote or config.cidr are configured
config.remote = "1.2.3.4"
f.execute()
config.azure = False
config.remote = None
config.cidr = "1.2.3.4/24"
f.execute()
def test_is_azure_pod_request_fail(self):
f = FromPodHostDiscovery(RunningAsPodEvent())
with requests_mock.Mocker() as m:
m.get(
"http://169.254.169.254/metadata/instance?api-version=2017-08-01",
status_code=404)
result = f.is_azure_pod()
assert not result
def test_is_azure_pod_success(self):
f = FromPodHostDiscovery(RunningAsPodEvent())
with requests_mock.Mocker() as m:
m.get(
"http://169.254.169.254/metadata/instance?api-version=2017-08-01",
text=TestFromPodHostDiscovery._make_response(
("3.4.5.6", "255.255.255.252")),
)
result = f.is_azure_pod()
assert result
def main():
global hunt_started
scan_options = [
config.pod, config.cidr, config.remote, config.interface,
config.k8s_auto_discover_nodes
]
try:
if args.list:
if args.raw_hunter_names:
list_hunters(class_names=True)
else:
list_hunters()
return
if not any(scan_options):
if not interactive_set_config():
return
with hunt_started_lock:
hunt_started = True
handler.publish_event(HuntStarted())
if config.pod:
handler.publish_event(RunningAsPodEvent())
else:
handler.publish_event(HostScanEvent())
# Blocking to see discovery output
handler.join()
except KeyboardInterrupt:
logger.debug("Kube-Hunter stopped by user")
# happens when running a container without interactive option
except EOFError:
logger.error("\033[0;31mPlease run again with -it\033[0m")
finally:
hunt_started_lock.acquire()
if hunt_started:
hunt_started_lock.release()
handler.publish_event(HuntFinished())
handler.join()
handler.free()
logger.debug("Cleaned Queue")
else:
hunt_started_lock.release()
def test_execute_scan_remote(self):
set_config(Config(remote="1.2.3.4"))
f = FromPodHostDiscovery(RunningAsPodEvent())
f.execute()
def test_execute_scan_cidr(self):
set_config(Config(cidr="1.2.3.4/30"))
f = FromPodHostDiscovery(RunningAsPodEvent())
f.execute()
