Filter out only open non-SSL ports

This patch ignores closed and filtered ports from scan results. It is
intended to keep "expected failure" list minimal.

Issue-ID: INT-1480
Change-Id: Idb93cf4e19284bc121aa45ea950d28405c29e222
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>

diff --git a/test/security/check_for_nonssl_endpoints.sh b/test/security/check_for_nonssl_endpoints.sh
index 9e98520..531b248 100755 (executable)
--- a/test/security/check_for_nonssl_endpoints.sh
+++ b/test/security/check_for_nonssl_endpoints.sh
@@ -95,7 +95,7 @@ SCAN_RESULT=`nmap $K8S_NODE -sV -p $PORT_LIST 2>/dev/null | grep \tcp`
 RESULTS=`paste <(printf %s "$SVCS") <(printf %s "$SCAN_RESULT") | column -t`
 
 # Find all non-SSL ports
-HTTP_PORTS=`grep -v ssl <<< "$RESULTS" | tee "$FILTERED_PORTS_LIST"`
+HTTP_PORTS=`grep -v ssl <<< "$RESULTS" | grep open | tee "$FILTERED_PORTS_LIST"`
 
 # Filter out whitelisted endpoints
 while IFS= read -r line; do