def proveanonymousauth_success(anonymous_auth_enabled_event, security_context_definition_to_test): global counter counter = 0 with requests_mock.Mocker( session=anonymous_auth_enabled_event.session) as session_mock: url = "https://" + anonymous_auth_enabled_event.host + ":10250/" listing_pods_url = url + "pods" run_url = url + "run/kube-hunter-privileged/kube-hunter-privileged-deployment-86dc79f945-sjjps/ubuntu?cmd=" session_mock.get( listing_pods_url, text=pod_list_with_privileged_container.replace( "{security_context_definition_to_test}", security_context_definition_to_test), ) session_mock.post( run_url + urllib.parse.quote( "cat /var/run/secrets/kubernetes.io/serviceaccount/token", safe=""), text=service_account_token, ) session_mock.post(run_url + "env", text=env) class_being_tested = ProveAnonymousAuth(anonymous_auth_enabled_event) class_being_tested.execute() assert "The following containers have been successfully breached." in class_being_tested.event.evidence assert counter == 1
def test_proveanonymousauth_connectivity_issues(): class_being_tested = ProveAnonymousAuth(create_test_event_type_one()) with requests_mock.Mocker( session=class_being_tested.event.session) as session_mock: url = "https://" + class_being_tested.event.host + ":10250/" listing_pods_url = url + "pods" session_mock.get(listing_pods_url, exc=requests.exceptions.ConnectionError) class_being_tested.execute() assert class_being_tested.event.evidence == ""