aboutsummaryrefslogtreecommitdiffstats
path: root/test/security
AgeCommit message (Collapse)AuthorFilesLines
2019-06-20k8s: Add basic structure for validation toolPawel Wieczorek5-0/+58
This patch introduces CLI utility for checking if Kubernetes cluster follows security recommendations. Provided Makefile simplifies setup process by setting appropriate environment variables for the build. Further information can be found in README. Provided symlink allows proper document rendering on VCS hosting site. Issue-ID: SECCOM-235 Change-Id: I4a1337c9834322ee4fd742a9ccb979b9bc505f75 Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
2019-05-29Search endpoint script fail silentlyLucjan Bryndza1-0/+11
When nmap or other commands are not installed on the system script fail silently without any information Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com> Change-Id: I599b987e223f88617aefa2c0de6cdcbbf3ff50b7 Issue-ID: SECCOM-231
2019-05-10Don't treat error reply as a proper JDWP handshakeKrzysztof Opasiak1-1/+2
As it turned out thanks to Yan Yang some ONAP services tend to return a propr JDWP handshake as a part of their error message. Let's filter out those services by checking number of lines returned by the server. We expect that proper JDWP handshake won't be longer than a single line. Issue-ID: SECCOM-231 Change-Id: I4b8950ebdf5fe118ec5f2dd5f4de583211784fb2 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2019-05-06Don't wait forever for jdwp responseKrzysztof Opasiak1-1/+2
Some of web services do not send any data when challenged with JDWP challenge. This makes the script waiting forever for response. To fix that let's introduce 10s timeout (experimental value) and replace empty string with a new line to avoid bash warnings. Issue-ID: SECCOM-231 Change-Id: I35546c001c5c54f298e8a4e346c2cf5d41e230ac Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2019-04-25Make the script working on Dublin releaseKrzysztof Opasiak1-1/+1
With the introduction of RKE instead of rancher format of pod description has slightly changed (annotations). Let's addjust our security tests to work correctly with recent ONAP release. Issue-ID: SECCOM-231 Change-Id: I49cdfcae9ce41a2b4bd4969958eddfaffe75b437 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2019-04-25User first node for port scanning instead of last oneKrzysztof Opasiak1-1/+1
It is more obvious to use first node in cluster instead of last one. Additionally in some cases nodes listed in the end may not expose all open ports (like it is in integration lab). Issue-ID: SECCOM-231 Change-Id: I200998b2e7b3a6de9b5f464e59e3b7dbbc0a656c Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2019-03-21Add script which looks for open JDWP portsKrzysztof Opasiak1-0/+93
ONAP should not expose any open JDWP ports even inside a cluser. Let's start enforcing this by adding test script to integration which will find all open JDWP ports. Based on initial work by: Radoslaw Zeszczuk <r.zeszczuk@samsung.com> Issue-ID: SECCOM-231 Change-Id: Ica46faad55850c74ed24728d54f6afdb3301a6d2 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
2019-03-21Add script which checks for http portsKrzysztof Opasiak1-0/+68
ONAP should not exposed any http ports, https should be used instead. Let's start enforcing this by adding test script to integration which will find all http ports exposed outside of cluster. Issue-ID: SECCOM-231 Change-Id: I88e4b7890aaaa1bea06b496a6f97f4d5e9771215 Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>