From 618a8a5bac574bf5f1914c14151db579c9bc033f Mon Sep 17 00:00:00 2001
From: Cédric Ollivier <cedric.ollivier@orange.com>
Date: Fri, 14 Oct 2022 14:35:19 +0200
Subject: By default just print all vulnerabilities
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

It's the behavior expected by RA2.
Please change it via testcases.yaml if needed.

Change-Id: I84b02fa273f63ea1930bd356739243756032533d
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
(cherry picked from commit cf40e38be4d85c235a9d85a15f7fa326ebf356e6)
---
 docker/security/testcases.yaml           |  2 --
 functest_kubernetes/security/security.py | 15 +++++----------
 2 files changed, 5 insertions(+), 12 deletions(-)

diff --git a/docker/security/testcases.yaml b/docker/security/testcases.yaml
index 7af54a3f..855f59fa 100644
--- a/docker/security/testcases.yaml
+++ b/docker/security/testcases.yaml
@@ -13,8 +13,6 @@ tiers:
           vulnerabilities
         run:
           name: kube_hunter
-          args:
-            severity: high
 
       - case_name: kube_bench_master
         project_name: functest
diff --git a/functest_kubernetes/security/security.py b/functest_kubernetes/security/security.py
index cfbb391e..f03845a4 100644
--- a/functest_kubernetes/security/security.py
+++ b/functest_kubernetes/security/security.py
@@ -147,7 +147,7 @@ class KubeHunter(SecurityTesting):
             msg = prettytable.PrettyTable(
                 header_style='upper', padding_width=5,
                 field_names=['category', 'vulnerability', 'severity'])
-            severity = kwargs.get("severity", "high")
+            severity = kwargs.get("severity", "none")
             if severity == "low":
                 allowed_severity = []
             elif severity == "medium":
@@ -156,16 +156,11 @@ class KubeHunter(SecurityTesting):
                 allowed_severity = ["low", "medium"]
             else:
                 self.__logger.warning(
-                    "Selecting high as default severity (%s is incorrect)",
-                    kwargs.get("severity", "high"))
-                severity = "high"
-                allowed_severity = ["low", "medium"]
+                    "Just printing all vulnerabilities as "
+                    "no severity criteria given")
+                allowed_severity = ["low", "medium", "high"]
             for vulnerability in self.details["vulnerabilities"]:
-                if vulnerability["severity"] in allowed_severity:
-                    self.__logger.warning(
-                        "Skipping %s (severity is configured as %s)",
-                        vulnerability["vulnerability"], severity)
-                else:
+                if vulnerability["severity"] not in allowed_severity:
                     self.result = 0
                 msg.add_row(
                     [vulnerability["category"], vulnerability["vulnerability"],
-- 
cgit 1.2.3-korg