aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docker/security/testcases.yaml2
-rw-r--r--functest_kubernetes/security/security.py15
2 files changed, 5 insertions, 12 deletions
diff --git a/docker/security/testcases.yaml b/docker/security/testcases.yaml
index 7af54a3f..855f59fa 100644
--- a/docker/security/testcases.yaml
+++ b/docker/security/testcases.yaml
@@ -13,8 +13,6 @@ tiers:
vulnerabilities
run:
name: kube_hunter
- args:
- severity: high
- case_name: kube_bench_master
project_name: functest
diff --git a/functest_kubernetes/security/security.py b/functest_kubernetes/security/security.py
index cfbb391e..f03845a4 100644
--- a/functest_kubernetes/security/security.py
+++ b/functest_kubernetes/security/security.py
@@ -147,7 +147,7 @@ class KubeHunter(SecurityTesting):
msg = prettytable.PrettyTable(
header_style='upper', padding_width=5,
field_names=['category', 'vulnerability', 'severity'])
- severity = kwargs.get("severity", "high")
+ severity = kwargs.get("severity", "none")
if severity == "low":
allowed_severity = []
elif severity == "medium":
@@ -156,16 +156,11 @@ class KubeHunter(SecurityTesting):
allowed_severity = ["low", "medium"]
else:
self.__logger.warning(
- "Selecting high as default severity (%s is incorrect)",
- kwargs.get("severity", "high"))
- severity = "high"
- allowed_severity = ["low", "medium"]
+ "Just printing all vulnerabilities as "
+ "no severity criteria given")
+ allowed_severity = ["low", "medium", "high"]
for vulnerability in self.details["vulnerabilities"]:
- if vulnerability["severity"] in allowed_severity:
- self.__logger.warning(
- "Skipping %s (severity is configured as %s)",
- vulnerability["vulnerability"], severity)
- else:
+ if vulnerability["severity"] not in allowed_severity:
self.result = 0
msg.add_row(
[vulnerability["category"], vulnerability["vulnerability"],