diff options
Diffstat (limited to 'test/security/sslendpoints/main.go')
-rw-r--r-- | test/security/sslendpoints/main.go | 50 |
1 files changed, 48 insertions, 2 deletions
diff --git a/test/security/sslendpoints/main.go b/test/security/sslendpoints/main.go index e5a76eb78..8c136d5c4 100644 --- a/test/security/sslendpoints/main.go +++ b/test/security/sslendpoints/main.go @@ -1,6 +1,7 @@ package main import ( + "encoding/csv" "flag" "log" "os" @@ -18,17 +19,47 @@ import ( const ( ipv4AddrType = "ipv4" + + xfailComma = ' ' + xfailComment = '#' + xfailFields = 2 +) + +var ( + kubeconfig *string + xfailName *string ) func main() { - var kubeconfig *string if home := os.Getenv("HOME"); home != "" { kubeconfig = flag.String("kubeconfig", filepath.Join(home, ".kube", "config"), "(optional) absolute path to the kubeconfig file") } else { kubeconfig = flag.String("kubeconfig", "", "absolute path to the kubeconfig file") } + xfailName = flag.String("xfail", "", "(optional) absolute path to the expected failures file") flag.Parse() + var xfails [][]string + if *xfailName != "" { + xfailFile, err := os.Open(*xfailName) + if err != nil { + log.Printf("Unable to open expected failures file: %v", err) + log.Println("All non-SSL NodePorts will be reported") + } + defer xfailFile.Close() + + r := csv.NewReader(xfailFile) + r.Comma = xfailComma + r.Comment = xfailComment + r.FieldsPerRecord = xfailFields + + xfails, err = r.ReadAll() + if err != nil { + log.Printf("Unable to read expected failures file: %v", err) + log.Println("All non-SSL NodePorts will be reported") + } + } + // use the current context in kubeconfig config, err := clientcmd.BuildConfigFromFlags("", *kubeconfig) if err != nil { @@ -67,7 +98,22 @@ func main() { os.Exit(0) } - // TODO: filter out expected failures here before running the scan + // filter out expected failures here before running the scan + for _, xfail := range xfails { + port, err := strconv.Atoi(xfail[1]) + if err != nil { + log.Printf("Unable to parse port expected to fail: %v", err) + continue + } + service, ok := nodeports[uint16(port)] + if !ok { + continue + } + if service != xfail[0] { + continue + } + delete(nodeports, uint16(port)) + } // extract ports for running the scan var ports []string |