* moved report output into dispatchers, stdout by default with config option of http(s)
* notes in arg config on how to configure http dispatcher
* removed some debug log visibility indicators
* missing import
* env vars more descriptive: KUBEHUNTER_HTTP_DISPATCH_METHOD and KUBEHUNTER_HTTP_DISPATCH_URL
* optimisation: delayed instantiation of the dispatcher until after selection to avoid instantiating unnecessarily
* refactor: config selection as per reporter selection
* bugfix: fall-back to default required if unknown reporter or dispatcher specified
* swapping urllib3 for requests
* corrected visibility levels for logging
* moving dispatchers into a file in reporters rather than it's own place to fit with theme and support dynamic module loading
* added an implementation for scanning api server from env variable, without duplications, when running as pod
* fixed issue with convertion of ip address
* added pods data on ExposedPodsHandler event, for later use
* added /var/log write mount hunter. in 'mounts' module. also an active hunter which exploits run handler as well
* removed unnecesary variables
* changed active hunter description
* minor changes to vulnerability descriptions
* 1. added /logs Active hunter and tester.
2. changed kubelet handlers enum to be accessible as KubeletHandlers
3. added kubelet requests session to the event chain, for active hunters to use.
* added usage of event.session in the run active hunter
* changed kubelet run handler test to be not state-changing
* changed fake_container name to be more random
* changed run handler to GET and check for method not allowed
* removed python2 from readme and travis
* changed except on caps hunter to except PermissionError, supports only from python3
* removed python2 support in main file
* changed cvehunter to use res.text in place of res.content (python3 returnes a bytes object for content)
* added hunter for Capabilities, and a check for NET_RAW
* changed to Hunter from Discovery
* added description for hunter
* changed from PermissionError on net_raw check. for python2 support
* Clarify vulnerability description
Stating that this vulnerability only becomes a problem if a pod gets compromised
* added event filtering mechanism, as well as a detailed explanation in src/README
* changed filter search to run only once for each event, also now returning None to indicate keeping of event
* expanded explanation of filtering in readme
* Tiny typo
* made changes for better readability, also filter should now return None to indicate throwing of event
* changed apply filters loop to be simple and running on each publish.
* changed README
* added reassuring of parent event after filters
* moved event filtering to another function, now supporting trhoeing of event mid loop
* added note in README about event.previous
* Tiny text corrections
* More accurate comment
"Throwing an event" can actually mean triggering it (which is different from "throwing it _away_"). But I went for "discarded" here to be completely clear
* Remove superflous space that had crept in
* added a new hunter for CVE-2019-11246
* added KubectlClient component
* overriden location function on event to display a 'local machine' location
* added clarification about kubectl version --client operation
* Fix tiny typo
It reads better without the comma
* removed unnecessary debug message
* added CVE hunter for kubectl to allow more CVE checking.
Event can now implement 'location()' method that return string representing events logical location.
In events chain, the 'newest' event available location method will be used. This is because we compose (chain) events.
Core changed to support it.
Added 'location()' method to relevant event classes.
Reports are now using vulnerability.location() to retrieve location.
There is no need to check for pods or roles under a specific namespace (even the default one) because if we’re allowed to see them we’ll have found them through the wider check for viewing all items
