3 # COPYRIGHT NOTICE STARTS HERE
5 # Copyright 2019 Samsung Electronics Co., Ltd.
7 # Licensed under the Apache License, Version 2.0 (the "License");
8 # you may not use this file except in compliance with the License.
9 # You may obtain a copy of the License at
11 # http://www.apache.org/licenses/LICENSE-2.0
13 # Unless required by applicable law or agreed to in writing, software
14 # distributed under the License is distributed on an "AS IS" BASIS,
15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 # See the License for the specific language governing permissions and
17 # limitations under the License.
19 # COPYRIGHT NOTICE ENDS HERE
21 # Check all ports exposed by pods to internal network and look for
28 # Return value: Number of discovered JDWP ports
29 # Output: List of pods and exposing JDWP interface
33 Usage: $(basename $0) <k8s-namespace> [-l <white list file>]
34 -l: jdpw white list ports file
39 if [ "$#" -lt 1 ]; then
46 FILTERED_PORTS_LIST=$(mktemp jdpw_ports_XXXXXX)
47 WL_RAW_FILE_PATH=$(mktemp raw_filtered_ports_XXXXXX)
50 # init filtered port list file
51 if [ ! -f $WL_FILE_PATH ];then
55 grep -o '^[^#]*' $WL_FILE_PATH > $WL_RAW_FILE_PATH
62 -h|--help|help) usage;;
63 -l) WL_FILE_PATH=$3;manage_white_list;shift;;
70 kubectl get po --namespace=$K8S_NAMESPACE | grep Running | awk '{print $1}' | grep -v NAME
76 local jdwp_challenge="JDWP-Handshake\n"
77 local jdwp_response="JDWP-Handshake"
79 # 10s timeout to avoid hangs when service doesn't answer at all
80 local response=`nc -w 10 $ip $port <<<$jdwp_challenge | tr '\0' '\n'`
81 local n_response_lines=`echo "$response" | wc -l`
82 if [[ "$n_response_lines" -le 1 ]] && [[ $response == *"$jdwp_response"* ]]; then
88 # get open ports from procfs as netstat is not always available
89 get_open_ports_on_pod() {
91 local open_ports_hex=`kubectl exec --namespace=$K8S_NAMESPACE $pod cat /proc/net/tcp 2>/dev/null| grep -v "local_address" | awk '{ print $2" "$4 }' | grep '0A$' | tr ":" " " | awk '{ print $2 }' | sort | uniq`
92 for hex_port in $open_ports_hex; do
93 echo $((16#$hex_port))
97 echo "------------------------------------------------------------------------"
99 if [ -s $XL_FILE_PATH ]; then
100 echo -e "--------------------\e[0;31m WARNING \e[0;m XFail List ----------------------------"
102 echo "------------------------------------------------------------------------"
107 # go through all pods
108 for pod in `list_pods`; do
109 open_ports=`get_open_ports_on_pod $pod`
110 # if there is no open ports just go to next pod
111 if [ -z "$open_ports" ]; then
115 # let's setup a proxy and check every open port
116 for port in $open_ports; do
118 kubectl port-forward --namespace=$K8S_NAMESPACE $pod $LOCAL_PORT:$port &>/dev/null &
122 do_jdwp_handshake $LOCAL_PORT
123 if [ $? -eq 0 ]; then
124 echo $pod $port | tee $FILTERED_PORTS_LIST
127 kill $proxy_pid 2>/dev/null
128 wait $proxy_pid 2>/dev/null
132 while IFS= read -r line; do
133 # for each line we test if it is in the white list with a regular expression
134 while IFS= read -r wl_line; do
135 wl_name=$(echo $wl_line | awk {'print $1'})
136 wl_port=$(echo $wl_line | awk {'print $2'})
137 if grep -e $wl_name.*$wl_port <<< "$line";then
138 # Found in white list, exclude it
139 sed -i "/$line/d" $FILTERED_PORTS_LIST
141 done < $WL_RAW_FILE_PATH
142 done < $FILTERED_PORTS_LIST
144 N_FILTERED_PORTS_LIST=$(cat $FILTERED_PORTS_LIST |wc -l)
145 echo "------------------------------------"
146 echo "Nb error pod(s): $N_FILTERED_PORTS_LIST"
147 cat $FILTERED_PORTS_LIST
149 exit $N_FILTERED_PORTS_LIST