aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--deployment/heat/onap-oom/onap-oom.yaml4
-rw-r--r--deployment/heat/onap-oom/parts/onap-oom-1.yaml4
-rw-r--r--test/mocks/datafilecollector-testharness/dr-sim/dmaapBusController.js91
-rwxr-xr-xtest/security/check_for_jdwp.sh93
4 files changed, 162 insertions, 30 deletions
diff --git a/deployment/heat/onap-oom/onap-oom.yaml b/deployment/heat/onap-oom/onap-oom.yaml
index c2c08f6d9..dfea00418 100644
--- a/deployment/heat/onap-oom/onap-oom.yaml
+++ b/deployment/heat/onap-oom/onap-oom.yaml
@@ -73,7 +73,7 @@ parameters:
rancher_version:
type: string
- default: "1.6.25"
+ default: "1.6.26"
rancher_agent_version:
type: string
@@ -81,7 +81,7 @@ parameters:
kubectl_version:
type: string
- default: "1.11.5"
+ default: "1.11.6"
helm_version:
type: string
diff --git a/deployment/heat/onap-oom/parts/onap-oom-1.yaml b/deployment/heat/onap-oom/parts/onap-oom-1.yaml
index bff17c05b..7ffd2f4d5 100644
--- a/deployment/heat/onap-oom/parts/onap-oom-1.yaml
+++ b/deployment/heat/onap-oom/parts/onap-oom-1.yaml
@@ -70,7 +70,7 @@ parameters:
rancher_version:
type: string
- default: "1.6.25"
+ default: "1.6.26"
rancher_agent_version:
type: string
@@ -78,7 +78,7 @@ parameters:
kubectl_version:
type: string
- default: "1.11.5"
+ default: "1.11.6"
helm_version:
type: string
diff --git a/test/mocks/datafilecollector-testharness/dr-sim/dmaapBusController.js b/test/mocks/datafilecollector-testharness/dr-sim/dmaapBusController.js
index cca85f98b..a1b2770cf 100644
--- a/test/mocks/datafilecollector-testharness/dr-sim/dmaapBusController.js
+++ b/test/mocks/datafilecollector-testharness/dr-sim/dmaapBusController.js
@@ -6,35 +6,38 @@ const stream = require('stream');
var app = express();
var fs = require("fs");
var path = require('path');
-var privateKey = fs.readFileSync('cert/private.key', 'utf8');
+var privateKey = fs.readFileSync('cert/private.key', 'utf8');
var certificate = fs.readFileSync('cert/certificate.crt', 'utf8');
-var credentials = {key: privateKey, cert: certificate};
+var credentials = {
+ key: privateKey,
+ cert: certificate
+};
var parser = new ArgumentParser({
- version: '0.0.1',
- addHelp:true,
- description: 'Datarouter simulator'
- });
+ version: '0.0.1',
+ addHelp: true,
+ description: 'Datarouter simulator'
+});
-parser.addArgument('--tc' , { help: 'TC $NoOfTc' } );
-parser.addArgument('--printtc' ,
- {
- help: 'Print complete usage help',
- action: 'storeTrue'
- }
- );
+parser.addArgument('--tc', {
+ help: 'TC $NoOfTc'
+});
+parser.addArgument('--printtc', {
+ help: 'Print complete usage help',
+ action: 'storeTrue'
+});
var args = parser.parseArgs();
-if (args.tc=="100") {
+if (args.tc == "100") {
console.log("TC: 100")
}
-if (args.tc=="101") {
+if (args.tc == "101") {
console.log("TC: 101")
//preparations
}
-if (args.tc=="102") {
+if (args.tc == "102") {
console.log("TC: 102")
//preparations
}
@@ -47,30 +50,66 @@ if (args.printtc) {
}
var bodyParser = require('body-parser')
-app.use(bodyParser.urlencoded({ extended: false }))
+app.use(bodyParser.urlencoded({
+ extended: false
+}))
// parse application/json
app.use(bodyParser.json())
// parse application/vnd.api+json as json
-app.use(bodyParser.json({ type: 'application/vnd.api+json' }))
+app.use(bodyParser.json({
+ type: 'application/vnd.api+json'
+}))
// parse some custom thing into a Buffer
-app.use(bodyParser.raw({limit:1024*1024*20, type: 'application/octet-stream' }))
+app.use(bodyParser.raw({
+ limit: 1024 * 1024 * 20,
+ type: 'application/octet-stream'
+}))
// parse an HTML body into a string
-app.use(bodyParser.text({ type: 'text/html' }))
-app.get("/",function(req, res){
+app.use(bodyParser.text({
+ type: 'text/html'
+}))
+app.get("/", function (req, res) {
res.send("ok");
})
app.post('/webapi/feeds/', function (req, res) {
- res.send("ok");
+ res.setHeader('Content-Type', 'application/json');
+ var feedName = req.body.feedName;
+ console.log(feedName);
+ res.end(JSON.stringify({
+ "type": "feed",
+ "lastMod": "2019-03-21T16:00:40.489",
+ "status": "VALID",
+ "asprClassification": "unclassified",
+ "feedDescription": "generated for CSIT",
+ "feedId": "3",
+ "feedName": feedName,
+ "feedVersion": "csit",
+ "logURL": "https://dmaap-dr-prov/feedlog/3",
+ "owner": "dgl",
+ "publishURL": "https://dmaap-dr-prov/publish/3",
+ "pubs": [{
+ "lastMod": "2019-01-24T16:00:40.484",
+ "status": "VALID",
+ "dcaeLocationName": "san-francisco",
+ "feedId": "3",
+ "pubId": "3.4gh53",
+ "username": "tmp_i63w8psh6ycnoqu",
+ "userpwd": "6jkc1uwywrc8q4w"
+ }],
+ "subs": [],
+ "subscribeURL": "https://dmaap-dr-prov/subscribe/3",
+ "suspended": false
+ }));
})
var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);
-var httpPort=6665
-var httpsPort=6666
+var httpPort = 6665
+var httpsPort = 6666
httpServer.listen(httpPort);
-console.log("DR-simulator listening (http) at "+httpPort)
+console.log("DR-simulator listening (http) at " + httpPort)
httpsServer.listen(httpsPort);
-console.log("DR-simulator listening (https) at "+httpsPort) \ No newline at end of file
+console.log("DR-simulator listening (https) at " + httpsPort) \ No newline at end of file
diff --git a/test/security/check_for_jdwp.sh b/test/security/check_for_jdwp.sh
new file mode 100755
index 000000000..7bcbade64
--- /dev/null
+++ b/test/security/check_for_jdwp.sh
@@ -0,0 +1,93 @@
+#!/usr/bin/env bash
+
+# COPYRIGHT NOTICE STARTS HERE
+#
+# Copyright 2019 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# COPYRIGHT NOTICE ENDS HERE
+
+# Check all ports exposed by pods to internal network and look for
+# open JDWP ports
+#
+# Dependencies:
+# kubectl + config
+# netcat
+#
+# Return value: Number of discovered JDWP ports
+# Output: List of pods and exposing JDWP interface
+#
+
+if [ "$#" -lt 1 ]; then
+ echo "Usage: $0 <k8s-namespace>"
+ exit 1
+fi
+
+K8S_NAMESPACE=$1
+LOCAL_PORT=12543
+
+list_pods() {
+ kubectl get po --namespace=$K8S_NAMESPACE | grep Running | awk '{print $1}' | grep -v NAME
+}
+
+do_jdwp_handshake() {
+ local ip="127.0.0.1"
+ local port=$1
+ local jdwp_challenge="JDWP-Handshake\n"
+ local jdwp_response="JDWP-Handshake"
+
+ local response=`nc $ip $port <<<$jdwp_challenge`
+ if [[ $response == *"$jdwp_response"* ]]; then
+ return 0
+ fi
+
+ return 1
+}
+# get open ports from procfs as netstat is not always available
+get_open_ports_on_pod() {
+ local pod=$1
+ local open_ports_hex=`kubectl exec --namespace=$K8S_NAMESPACE $pod cat /proc/net/tcp 2>/dev/null| grep -v "local_address" | awk '{ print $2" "$4 }' | grep '0A$' | tr ":" " " | awk '{ print $2 }' | sort | uniq`
+ for hex_port in $open_ports_hex; do
+ echo $((16#$hex_port))
+ done
+}
+
+N_PORTS=0
+
+# go through all pods
+for pod in `list_pods`; do
+ open_ports=`get_open_ports_on_pod $pod`
+ # if there is no open ports just go to next pod
+ if [ -z "$open_ports" ]; then
+ continue
+ fi
+
+ # let's setup a proxy and check every open port
+ for port in $open_ports; do
+ # run proxy
+ kubectl port-forward --namespace=$K8S_NAMESPACE $pod $LOCAL_PORT:$port &>/dev/null &
+ sleep 1
+ proxy_pid=$!
+
+ do_jdwp_handshake $LOCAL_PORT
+ if [ $? -eq 0 ]; then
+ echo $pod $port
+ ((++N_PORTS))
+ fi
+ kill $proxy_pid 2>/dev/null
+ wait $proxy_pid 2>/dev/null
+ done
+done
+
+exit $N_PORTS