blob: 0facbff69d34d12aa9c65bda6f9a3c80c081f628 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
#!/usr/bin/env bash
# COPYRIGHT NOTICE STARTS HERE
#
# Copyright 2019 Samsung Electronics Co., Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# COPYRIGHT NOTICE ENDS HERE
# Check all ports exposed by pods to internal network and look for
# open JDWP ports
#
# Dependencies:
# kubectl + config
# netcat
#
# Return value: Number of discovered JDWP ports
# Output: List of pods and exposing JDWP interface
#
if [ "$#" -lt 1 ]; then
echo "Usage: $0 <k8s-namespace>"
exit 1
fi
K8S_NAMESPACE=$1
LOCAL_PORT=12543
list_pods() {
kubectl get po --namespace=$K8S_NAMESPACE | grep Running | awk '{print $1}' | grep -v NAME
}
do_jdwp_handshake() {
local ip="127.0.0.1"
local port=$1
local jdwp_challenge="JDWP-Handshake\n"
local jdwp_response="JDWP-Handshake"
# 10s timeout to avoid hangs when service doesn't answer at all
local response=`nc -w 10 $ip $port <<<$jdwp_challenge | tr '\0' '\n'`
if [[ $response == *"$jdwp_response"* ]]; then
return 0
fi
return 1
}
# get open ports from procfs as netstat is not always available
get_open_ports_on_pod() {
local pod=$1
local open_ports_hex=`kubectl exec --namespace=$K8S_NAMESPACE $pod cat /proc/net/tcp 2>/dev/null| grep -v "local_address" | awk '{ print $2" "$4 }' | grep '0A$' | tr ":" " " | awk '{ print $2 }' | sort | uniq`
for hex_port in $open_ports_hex; do
echo $((16#$hex_port))
done
}
N_PORTS=0
# go through all pods
for pod in `list_pods`; do
open_ports=`get_open_ports_on_pod $pod`
# if there is no open ports just go to next pod
if [ -z "$open_ports" ]; then
continue
fi
# let's setup a proxy and check every open port
for port in $open_ports; do
# run proxy
kubectl port-forward --namespace=$K8S_NAMESPACE $pod $LOCAL_PORT:$port &>/dev/null &
sleep 1
proxy_pid=$!
do_jdwp_handshake $LOCAL_PORT
if [ $? -eq 0 ]; then
echo $pod $port
((++N_PORTS))
fi
kill $proxy_pid 2>/dev/null
wait $proxy_pid 2>/dev/null
done
done
exit $N_PORTS
|