diff options
author | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2020-04-22 17:41:29 +0200 |
---|---|---|
committer | Pawel Wieczorek <p.wieczorek2@samsung.com> | 2020-05-08 13:41:44 +0200 |
commit | 0aefca4b600e9c62676dd5f29676ab0610e82428 (patch) | |
tree | 9febdf7869b9dcac264823581230e1bf0dea7a98 /test | |
parent | 7be9861d562abc762d65a4efd7cf49b493d70206 (diff) |
Use correct nmap filters
Both closed and filtered ports should be droppped from scan results to
maintain compatibility with "check_for_nonssl_endpoints.sh" script.
Issue-ID: SECCOM-261
Change-Id: Ic422bebf6e46bcc42a3e5198e7702bb8b901287f
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/security/sslendpoints/main.go | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/test/security/sslendpoints/main.go b/test/security/sslendpoints/main.go index 38950c4f4..331979e38 100644 --- a/test/security/sslendpoints/main.go +++ b/test/security/sslendpoints/main.go @@ -7,6 +7,7 @@ import ( "os" "path/filepath" "strconv" + "strings" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" @@ -123,7 +124,16 @@ func main() { nmap.WithServiceInfo(), nmap.WithTimingTemplate(nmap.TimingAggressive), nmap.WithFilterPort(func(p nmap.Port) bool { - return p.Service.Tunnel == "ssl" + if p.Service.Tunnel == "ssl" { + return false + } + if strings.HasPrefix(p.State.State, "closed") { + return false + } + if strings.HasPrefix(p.State.State, "filtered") { + return false + } + return true }), ) if err != nil { |