From: Pawel Wieczorek <p.wieczorek2@samsung.com>
Date: Tue, 10 Mar 2020 14:22:55 +0000 (+0100)
Subject: Drop filtering out services recognized as HTTP
X-Git-Tag: 6.0.0-ONAP~155
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=3a474afa535a225e47c8f6e287a46dc8ee65f1d7;p=integration.git

Drop filtering out services recognized as HTTP

This patch extends tool used to detect plain HTTP ports to report all
non-SSL endpoints. Previously it omitted services not recognized as
HTTP.

Naming changes were made to reflect purpose of this tool better.

Issue-ID: INT-1480
Change-Id: I58a152022d48121bf4b9c6180ddc820dd4a79805
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
---

diff --git a/test/security/check_for_http_endpoints.sh b/test/security/check_for_nonssl_endpoints.sh
similarity index 86%
rename from test/security/check_for_http_endpoints.sh
rename to test/security/check_for_nonssl_endpoints.sh
index 5e2fd85ec..6056e0371 100755
--- a/test/security/check_for_http_endpoints.sh
+++ b/test/security/check_for_nonssl_endpoints.sh
@@ -18,21 +18,21 @@
 #
 #   COPYRIGHT NOTICE ENDS HERE
 
-# Check all ports exposed outside of kubernetes cluster looking for plain http
+# Check all ports exposed outside of kubernetes cluster looking for non-SSL
 # endpoints.
 #
 # Dependencies:
 #     nmap
 #     kubectl + config
 #
-# Return value: Number of discovered http ports
-# Output: List of pods exposing http endpoints
+# Return value: Number of discovered non-SSL ports
+# Output: List of pods exposing non-SSL endpoints
 #
 
 usage() {
 	cat <<EOF
-Usage: $(basename $0) <k8s-namespace> [-l <list of HTTP endpoints expected to fail this test>]
-    -l: list of HTTP endpoints expected to fail this test
+Usage: $(basename $0) <k8s-namespace> [-l <list of non-SSL endpoints expected to fail this test>]
+    -l: list of non-SSL endpoints expected to fail this test
 EOF
 	exit ${1:-0}
 }
@@ -53,8 +53,8 @@ if [ "$#" -lt 1 ]; then
 fi
 
 K8S_NAMESPACE=$1
-FILTERED_PORTS_LIST=$(mktemp http_endpoints_XXXXXX)
-XF_RAW_FILE_PATH=$(mktemp raw_filtered_http_endpoints_XXXXXX)
+FILTERED_PORTS_LIST=$(mktemp nonssl_endpoints_XXXXXX)
+XF_RAW_FILE_PATH=$(mktemp raw_filtered_nonssl_endpoints_XXXXXX)
 
 strip_white_list() {
 	if [ ! -f $XF_FILE_PATH ]; then
@@ -94,8 +94,8 @@ SCAN_RESULT=`nmap $K8S_NODE -sV -p $PORT_LIST 2>/dev/null | grep \tcp`
 # Concatenate scan result with service name
 RESULTS=`paste <(printf %s "$SVCS") <(printf %s "$SCAN_RESULT") | column -t`
 
-# Find all plain http ports
-HTTP_PORTS=`grep http <<< "$RESULTS" | grep -v ssl/http | tee "$FILTERED_PORTS_LIST"`
+# Find all non-SSL ports
+HTTP_PORTS=`grep -v ssl <<< "$RESULTS" | tee "$FILTERED_PORTS_LIST"`
 
 # Filter out whitelisted endpoints
 while IFS= read -r line; do