From e4c9beb653bc77fd6d338a4f83cfd80c77515209 Mon Sep 17 00:00:00 2001
From: daniel_sagi <daniel.sagi@aquasec.com>
Date: Tue, 12 Jun 2018 12:57:29 +0300
Subject: [PATCH] added prove of running pods

---
 src/modules/hunting/kubelet.py | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/src/modules/hunting/kubelet.py b/src/modules/hunting/kubelet.py
index caf86c9..421be10 100644
--- a/src/modules/hunting/kubelet.py
+++ b/src/modules/hunting/kubelet.py
@@ -278,7 +278,20 @@ class ProvePodsHandler(ActiveHunter):
             port=self.event.port), 
             verify=False)
             .text)['items']
-        self.event.evidence = "pods: {}".format(len(pods_data))
+        self.event.evidence = "bound pods: {}".format(len(pods_data))
+
+@handler.subscribe(ExposedRunningPodsHandler)
+class ProveRunningPodsHandler(ActiveHunter):
+    def __init__(self, event):
+        self.event = event
+    
+    def execute(self):
+        pods_data = json.loads(requests.get("https://{host}:{port}/runningpods".format(
+            host=self.event.host, 
+            port=self.event.port), 
+            verify=False)
+            .text)['items']
+        self.event.evidence = "running pods: {}".format(len(pods_data))
 
 @handler.subscribe(ExposedContainerLogsHandler)
 class ProveContainerLogsHandler(ActiveHunter):
@@ -302,4 +315,4 @@ class ProveContainerLogsHandler(ActiveHunter):
                         container_data["name"],
                         str(output.text)
                     )
-                    break
\ No newline at end of file
+                    break