Use correct nmap filters

Both closed and filtered ports should be droppped from scan results to
maintain compatibility with "check_for_nonssl_endpoints.sh" script.

Issue-ID: SECCOM-261
Change-Id: Ic422bebf6e46bcc42a3e5198e7702bb8b901287f
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>

diff --git a/test/security/sslendpoints/main.go b/test/security/sslendpoints/main.go
index 38950c4..331979e 100644 (file)
--- a/test/security/sslendpoints/main.go
+++ b/test/security/sslendpoints/main.go
@@ -7,6 +7,7 @@ import (
        "os"
        "path/filepath"
        "strconv"
+       "strings"
 
        metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
        "k8s.io/client-go/kubernetes"
@@ -123,7 +124,16 @@ func main() {
                nmap.WithServiceInfo(),
                nmap.WithTimingTemplate(nmap.TimingAggressive),
                nmap.WithFilterPort(func(p nmap.Port) bool {
-                       return p.Service.Tunnel == "ssl"
+                       if p.Service.Tunnel == "ssl" {
+                               return false
+                       }
+                       if strings.HasPrefix(p.State.State, "closed") {
+                               return false
+                       }
+                       if strings.HasPrefix(p.State.State, "filtered") {
+                               return false
+                       }
+                       return true
                }),
        )
        if err != nil {