Exemplo n.º 1
0
def test_get_root_values_success():
    class_being_tested = MaliciousIntentViaSecureKubeletPort(
        create_test_event_type_two(), None)
    root_value, root_value_type = class_being_tested.get_root_values(
        cat_proc_cmdline)

    assert root_value == "Mock" and root_value_type == "LABEL="
Exemplo n.º 2
0
def test_process_exposed_existing_privileged_container_failure_when_mkdir():
    class_being_tested = MaliciousIntentViaSecureKubeletPort(
        create_test_event_type_two(), None)

    with requests_mock.Mocker(
            session=class_being_tested.event.session) as session_mock:
        url = "https://localhost:10250/"
        run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
        directory_created = "/kube-hunter-mock_" + str(uuid.uuid1())

        session_mock.post(run_url +
                          urllib.parse.quote("cat /proc/cmdline", safe=""),
                          text=cat_proc_cmdline)
        session_mock.post(run_url +
                          urllib.parse.quote("findfs LABEL=Mock", safe=""),
                          text="/dev/mock_fs")
        session_mock.post(
            run_url +
            urllib.parse.quote(f"mkdir {directory_created}", safe=""),
            text="Permission denied")

        return_value = class_being_tested.process_exposed_existing_privileged_container(
            url +
            "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu",
            number_of_umount_attempts,
            number_of_rmdir_attempts,
            None,
            directory_created,
        )

        assert return_value["result"] is False
Exemplo n.º 3
0
def test_attack_exposed_existing_privileged_container_failure_when_chmod():
    class_being_tested = MaliciousIntentViaSecureKubeletPort(
        create_test_event_type_two(), None)

    with requests_mock.Mocker(
            session=class_being_tested.event.session) as session_mock:
        directory_created = "/kube-hunter-mock_" + str(uuid.uuid1())
        file_name = "kube-hunter-mock" + str(uuid.uuid1())
        file_name_with_path = f"{directory_created}/etc/cron.daily/{file_name}"

        url = "https://localhost:10250/"
        run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
        session_mock.post(
            run_url +
            urllib.parse.quote(f"touch {file_name_with_path}", safe=""),
            text="")
        session_mock.post(
            run_url + urllib.parse.quote(
                "chmod {} {}".format("755", file_name_with_path), safe=""),
            text="Permission denied",
        )

        return_value = class_being_tested.attack_exposed_existing_privileged_container(
            url +
            "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu",
            directory_created,
            None,
            file_name,
        )

        assert return_value["result"] is False
Exemplo n.º 4
0
def test_check_directory_exists_non_existent_directory():
    class_being_tested = MaliciousIntentViaSecureKubeletPort(
        create_test_event_type_two(), None)

    with requests_mock.Mocker(
            session=class_being_tested.event.session) as session_mock:
        url = "https://localhost:10250/"
        run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
        session_mock.post(run_url + urllib.parse.quote("ls Mock", safe=""),
                          text="ls: Mock: No such file or directory")

        return_value = class_being_tested.check_directory_exists(
            url +
            "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu",
            "Mock")

        assert return_value is False
Exemplo n.º 5
0
def test_maliciousintentviasecurekubeletport_success():
    class_being_tested = MaliciousIntentViaSecureKubeletPort(
        create_test_event_type_two(), None)

    with requests_mock.Mocker(
            session=class_being_tested.event.session) as session_mock:
        url = "https://localhost:10250/"
        run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
        directory_created = "/kube-hunter-mock_" + str(uuid.uuid1())
        file_name = "kube-hunter-mock" + str(uuid.uuid1())
        file_name_with_path = f"{directory_created}/etc/cron.daily/{file_name}"

        session_mock.post(run_url +
                          urllib.parse.quote("cat /proc/cmdline", safe=""),
                          text=cat_proc_cmdline)
        session_mock.post(run_url +
                          urllib.parse.quote("findfs LABEL=Mock", safe=""),
                          text="/dev/mock_fs")
        session_mock.post(
            run_url +
            urllib.parse.quote(f"mkdir {directory_created}", safe=""),
            text="")
        session_mock.post(run_url + urllib.parse.quote(
            "mount {} {}".format("/dev/mock_fs", directory_created), safe=""),
                          text="")
        session_mock.post(run_url + urllib.parse.quote(
            f"cat {directory_created}/etc/hostname", safe=""),
                          text="mockhostname")
        session_mock.post(
            run_url +
            urllib.parse.quote(f"touch {file_name_with_path}", safe=""),
            text="")
        session_mock.post(run_url + urllib.parse.quote(
            "chmod {} {}".format("755", file_name_with_path), safe=""),
                          text="")

        class_being_tested.execute(directory_created, file_name)

        message = "The following exposed existing privileged containers have been successfully"
        message += " abused by starting/modifying a process in the host."

        assert message in class_being_tested.event.evidence
Exemplo n.º 6
0
def test_rmdir_command_removed_failed():
    class_being_tested = MaliciousIntentViaSecureKubeletPort(
        create_test_event_type_two(), None)

    with requests_mock.Mocker(
            session=class_being_tested.event.session) as session_mock:
        url = "https://localhost:10250/"
        run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
        session_mock.post(run_url + urllib.parse.quote("ls Mock", safe=""),
                          text="mock.txt")
        session_mock.post(run_url + urllib.parse.quote("rmdir Mock", safe=""),
                          text="Permission denied")

        return_value = class_being_tested.rmdir_command(
            url +
            "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu",
            "Mock",
            number_of_rmdir_attempts=1,
            seconds_to_wait_for_os_command=None,
        )

        assert return_value is False
Exemplo n.º 7
0
def post_request(url, params, expected_return_value, exception=None):
    class_being_tested_one = ProveAnonymousAuth(create_test_event_type_one())

    with requests_mock.Mocker(
            session=class_being_tested_one.event.session) as session_mock:
        mock_params = {"text": "mock"} if not exception else {"exc": exception}
        session_mock.post(url, **mock_params)

        return_value = class_being_tested_one.post_request(url, params)

        assert return_value == expected_return_value

    class_being_tested_two = MaliciousIntentViaSecureKubeletPort(
        create_test_event_type_two())

    with requests_mock.Mocker(
            session=class_being_tested_two.event.session) as session_mock:
        mock_params = {"text": "mock"} if not exception else {"exc": exception}
        session_mock.post(url, **mock_params)

        return_value = class_being_tested_two.post_request(url, params)

        assert return_value == expected_return_value
Exemplo n.º 8
0
def test_get_root_values_failure():
    class_being_tested = MaliciousIntentViaSecureKubeletPort(
        create_test_event_type_two(), None)
    root_value, root_value_type = class_being_tested.get_root_values("")

    assert root_value is None and root_value_type is None