diff options
| author |   Cédric Ollivier <cedric.ollivier@orange.com> | 2022-10-14 14:35:19 +0200 |
|---|---|---|
| committer | Cédric Ollivier <cedric.ollivier@orange.com> | 2022-10-14 14:37:20 +0200 |
| commit | bcbb4229786b152acbfda4e595847e5ba066a069 (patch) | |
| tree | 50ada9497df1cfc706017644c979f6c489ba576f | |
| parent | 48b45f073927ce9a4680c59c99fcf68971bd67e8 (diff) | |
By default just print all vulnerabilities
It's the behavior expected by RA2.
Please change it via testcases.yaml if needed.
Change-Id: I84b02fa273f63ea1930bd356739243756032533d
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
(cherry picked from commit cf40e38be4d85c235a9d85a15f7fa326ebf356e6)
| -rw-r--r-- | docker/security/testcases.yaml | 2 | ||||
| -rw-r--r-- | functest_kubernetes/security/security.py | 15 |
2 files changed, 5 insertions, 12 deletions
diff --git a/docker/security/testcases.yaml b/docker/security/testcases.yaml index 7af54a3f..855f59fa 100644 --- a/docker/security/testcases.yaml +++ b/docker/security/testcases.yaml @@ -13,8 +13,6 @@ tiers: vulnerabilities run: name: kube_hunter - args: - severity: high - case_name: kube_bench_master project_name: functest diff --git a/functest_kubernetes/security/security.py b/functest_kubernetes/security/security.py index cfbb391e..f03845a4 100644 --- a/functest_kubernetes/security/security.py +++ b/functest_kubernetes/security/security.py @@ -147,7 +147,7 @@ class KubeHunter(SecurityTesting): msg = prettytable.PrettyTable( header_style='upper', padding_width=5, field_names=['category', 'vulnerability', 'severity']) - severity = kwargs.get("severity", "high") + severity = kwargs.get("severity", "none") if severity == "low": allowed_severity = [] elif severity == "medium": @@ -156,16 +156,11 @@ class KubeHunter(SecurityTesting): allowed_severity = ["low", "medium"] else: self.__logger.warning( - "Selecting high as default severity (%s is incorrect)", - kwargs.get("severity", "high")) - severity = "high" - allowed_severity = ["low", "medium"] + "Just printing all vulnerabilities as " + "no severity criteria given") + allowed_severity = ["low", "medium", "high"] for vulnerability in self.details["vulnerabilities"]: - if vulnerability["severity"] in allowed_severity: - self.__logger.warning( - "Skipping %s (severity is configured as %s)", - vulnerability["vulnerability"], severity) - else: + if vulnerability["severity"] not in allowed_severity: self.result = 0 msg.add_row( [vulnerability["category"], vulnerability["vulnerability"], |