aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPawel Wieczorek <p.wieczorek2@samsung.com>2020-04-22 17:41:29 +0200
committerPawel Wieczorek <p.wieczorek2@samsung.com>2020-05-08 13:41:44 +0200
commit0aefca4b600e9c62676dd5f29676ab0610e82428 (patch)
tree9febdf7869b9dcac264823581230e1bf0dea7a98
parent7be9861d562abc762d65a4efd7cf49b493d70206 (diff)
Use correct nmap filters
Both closed and filtered ports should be droppped from scan results to maintain compatibility with "check_for_nonssl_endpoints.sh" script. Issue-ID: SECCOM-261 Change-Id: Ic422bebf6e46bcc42a3e5198e7702bb8b901287f Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
-rw-r--r--test/security/sslendpoints/main.go12
1 files changed, 11 insertions, 1 deletions
diff --git a/test/security/sslendpoints/main.go b/test/security/sslendpoints/main.go
index 38950c4f4..331979e38 100644
--- a/test/security/sslendpoints/main.go
+++ b/test/security/sslendpoints/main.go
@@ -7,6 +7,7 @@ import (
"os"
"path/filepath"
"strconv"
+ "strings"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
@@ -123,7 +124,16 @@ func main() {
nmap.WithServiceInfo(),
nmap.WithTimingTemplate(nmap.TimingAggressive),
nmap.WithFilterPort(func(p nmap.Port) bool {
- return p.Service.Tunnel == "ssl"
+ if p.Service.Tunnel == "ssl" {
+ return false
+ }
+ if strings.HasPrefix(p.State.State, "closed") {
+ return false
+ }
+ if strings.HasPrefix(p.State.State, "filtered") {
+ return false
+ }
+ return true
}),
)
if err != nil {