def test_get_root_values_success():
class_being_tested = MaliciousIntentViaSecureKubeletPort(
create_test_event_type_two(), None)
root_value, root_value_type = class_being_tested.get_root_values(
cat_proc_cmdline)
assert root_value == "Mock" and root_value_type == "LABEL="
def test_process_exposed_existing_privileged_container_failure_when_mkdir():
class_being_tested = MaliciousIntentViaSecureKubeletPort(
create_test_event_type_two(), None)
with requests_mock.Mocker(
session=class_being_tested.event.session) as session_mock:
url = "https://localhost:10250/"
run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
directory_created = "/kube-hunter-mock_" + str(uuid.uuid1())
session_mock.post(run_url +
urllib.parse.quote("cat /proc/cmdline", safe=""),
text=cat_proc_cmdline)
session_mock.post(run_url +
urllib.parse.quote("findfs LABEL=Mock", safe=""),
text="/dev/mock_fs")
session_mock.post(
run_url +
urllib.parse.quote(f"mkdir {directory_created}", safe=""),
text="Permission denied")
return_value = class_being_tested.process_exposed_existing_privileged_container(
url +
"run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu",
number_of_umount_attempts,
number_of_rmdir_attempts,
None,
directory_created,
)
assert return_value["result"] is False
def test_attack_exposed_existing_privileged_container_failure_when_chmod():
class_being_tested = MaliciousIntentViaSecureKubeletPort(
create_test_event_type_two(), None)
with requests_mock.Mocker(
session=class_being_tested.event.session) as session_mock:
directory_created = "/kube-hunter-mock_" + str(uuid.uuid1())
file_name = "kube-hunter-mock" + str(uuid.uuid1())
file_name_with_path = f"{directory_created}/etc/cron.daily/{file_name}"
url = "https://localhost:10250/"
run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
session_mock.post(
run_url +
urllib.parse.quote(f"touch {file_name_with_path}", safe=""),
text="")
session_mock.post(
run_url + urllib.parse.quote(
"chmod {} {}".format("755", file_name_with_path), safe=""),
text="Permission denied",
)
return_value = class_being_tested.attack_exposed_existing_privileged_container(
url +
"run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu",
directory_created,
None,
file_name,
)
assert return_value["result"] is False
def test_check_directory_exists_non_existent_directory():
class_being_tested = MaliciousIntentViaSecureKubeletPort(
create_test_event_type_two(), None)
with requests_mock.Mocker(
session=class_being_tested.event.session) as session_mock:
url = "https://localhost:10250/"
run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
session_mock.post(run_url + urllib.parse.quote("ls Mock", safe=""),
text="ls: Mock: No such file or directory")
return_value = class_being_tested.check_directory_exists(
url +
"run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu",
"Mock")
assert return_value is False
def test_maliciousintentviasecurekubeletport_success():
class_being_tested = MaliciousIntentViaSecureKubeletPort(
create_test_event_type_two(), None)
with requests_mock.Mocker(
session=class_being_tested.event.session) as session_mock:
url = "https://localhost:10250/"
run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
directory_created = "/kube-hunter-mock_" + str(uuid.uuid1())
file_name = "kube-hunter-mock" + str(uuid.uuid1())
file_name_with_path = f"{directory_created}/etc/cron.daily/{file_name}"
session_mock.post(run_url +
urllib.parse.quote("cat /proc/cmdline", safe=""),
text=cat_proc_cmdline)
session_mock.post(run_url +
urllib.parse.quote("findfs LABEL=Mock", safe=""),
text="/dev/mock_fs")
session_mock.post(
run_url +
urllib.parse.quote(f"mkdir {directory_created}", safe=""),
text="")
session_mock.post(run_url + urllib.parse.quote(
"mount {} {}".format("/dev/mock_fs", directory_created), safe=""),
text="")
session_mock.post(run_url + urllib.parse.quote(
f"cat {directory_created}/etc/hostname", safe=""),
text="mockhostname")
session_mock.post(
run_url +
urllib.parse.quote(f"touch {file_name_with_path}", safe=""),
text="")
session_mock.post(run_url + urllib.parse.quote(
"chmod {} {}".format("755", file_name_with_path), safe=""),
text="")
class_being_tested.execute(directory_created, file_name)
message = "The following exposed existing privileged containers have been successfully"
message += " abused by starting/modifying a process in the host."
assert message in class_being_tested.event.evidence
def test_rmdir_command_removed_failed():
class_being_tested = MaliciousIntentViaSecureKubeletPort(
create_test_event_type_two(), None)
with requests_mock.Mocker(
session=class_being_tested.event.session) as session_mock:
url = "https://localhost:10250/"
run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd="
session_mock.post(run_url + urllib.parse.quote("ls Mock", safe=""),
text="mock.txt")
session_mock.post(run_url + urllib.parse.quote("rmdir Mock", safe=""),
text="Permission denied")
return_value = class_being_tested.rmdir_command(
url +
"run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu",
"Mock",
number_of_rmdir_attempts=1,
seconds_to_wait_for_os_command=None,
)
assert return_value is False
def post_request(url, params, expected_return_value, exception=None):
class_being_tested_one = ProveAnonymousAuth(create_test_event_type_one())
with requests_mock.Mocker(
session=class_being_tested_one.event.session) as session_mock:
mock_params = {"text": "mock"} if not exception else {"exc": exception}
session_mock.post(url, **mock_params)
return_value = class_being_tested_one.post_request(url, params)
assert return_value == expected_return_value
class_being_tested_two = MaliciousIntentViaSecureKubeletPort(
create_test_event_type_two())
with requests_mock.Mocker(
session=class_being_tested_two.event.session) as session_mock:
mock_params = {"text": "mock"} if not exception else {"exc": exception}
session_mock.post(url, **mock_params)
return_value = class_being_tested_two.post_request(url, params)
assert return_value == expected_return_value
def test_get_root_values_failure():
class_being_tested = MaliciousIntentViaSecureKubeletPort(
create_test_event_type_two(), None)
root_value, root_value_type = class_being_tested.get_root_values("")
assert root_value is None and root_value_type is None
