From 48d30cd5199396c3f859b4be2258d9a99a701507 Mon Sep 17 00:00:00 2001
From: Pawel Wieczorek <p.wieczorek2@samsung.com>
Date: Thu, 19 Mar 2020 11:14:18 +0100
Subject: Filter out only open non-SSL ports

This patch ignores closed and filtered ports from scan results. It is
intended to keep "expected failure" list minimal.

Issue-ID: INT-1480
Change-Id: Idb93cf4e19284bc121aa45ea950d28405c29e222
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
---
 test/security/check_for_nonssl_endpoints.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'test/security')

diff --git a/test/security/check_for_nonssl_endpoints.sh b/test/security/check_for_nonssl_endpoints.sh
index 9e98520af..531b24814 100755
--- a/test/security/check_for_nonssl_endpoints.sh
+++ b/test/security/check_for_nonssl_endpoints.sh
@@ -95,7 +95,7 @@ SCAN_RESULT=`nmap $K8S_NODE -sV -p $PORT_LIST 2>/dev/null | grep \tcp`
 RESULTS=`paste <(printf %s "$SVCS") <(printf %s "$SCAN_RESULT") | column -t`
 
 # Find all non-SSL ports
-HTTP_PORTS=`grep -v ssl <<< "$RESULTS" | tee "$FILTERED_PORTS_LIST"`
+HTTP_PORTS=`grep -v ssl <<< "$RESULTS" | grep open | tee "$FILTERED_PORTS_LIST"`
 
 # Filter out whitelisted endpoints
 while IFS= read -r line; do
-- 
cgit 1.2.3-korg