From 0aefca4b600e9c62676dd5f29676ab0610e82428 Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek <p.wieczorek2@samsung.com>
Date: Wed, 22 Apr 2020 17:41:29 +0200
Subject: Use correct nmap filters

Both closed and filtered ports should be droppped from scan results to
maintain compatibility with "check_for_nonssl_endpoints.sh" script.

Issue-ID: SECCOM-261
Change-Id: Ic422bebf6e46bcc42a3e5198e7702bb8b901287f
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
---
 test/security/sslendpoints/main.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'test/security')

diff --git a/test/security/sslendpoints/main.go b/test/security/sslendpoints/main.go
index 38950c4f4..331979e38 100644
--- a/test/security/sslendpoints/main.go
+++ b/test/security/sslendpoints/main.go
@@ -7,6 +7,7 @@ import (
 	"os"
 	"path/filepath"
 	"strconv"
+	"strings"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
@@ -123,7 +124,16 @@ func main() {
 		nmap.WithServiceInfo(),
 		nmap.WithTimingTemplate(nmap.TimingAggressive),
 		nmap.WithFilterPort(func(p nmap.Port) bool {
-			return p.Service.Tunnel == "ssl"
+			if p.Service.Tunnel == "ssl" {
+				return false
+			}
+			if strings.HasPrefix(p.State.State, "closed") {
+				return false
+			}
+			if strings.HasPrefix(p.State.State, "filtered") {
+				return false
+			}
+			return true
 		}),
 	)
 	if err != nil {
-- 
cgit 1.2.3-korg