* Consider patched versions as not vulnerable by default
Change `--ignore-downstream` to `--ignore-patched-versions` and
invert it's effect.
From now on, kube-hunter will not alert patched components as default
behavior.
Resolves#194
* Rename flag --ignore-patched-versions to --include-patched-versions
* Ignore downstream version flag
This commit adds `--ignore-downstream` flag to kube-hunter.
Enabling the flag will make kube-hunter considering patched versions
as not vulnerable.
Resolves#179
* Add test cases and refine argument description
* added basic metrics server discovery
* improved discovery, and added KNOWN PORTS usage
* improved apiserver decision
* fixed bug with comparison of IP addresses in kubeservicehost
* improved description of api server discovery
* added checks with auth_token on discovery
* fixed bug in version requests and added to tests
* added an abstract 'unrecognized API' event, and a filter for it for classification
* changed filtering to be done on the same event
* fixed verify on session and removed unnecessary enum
* minor changes to comments
* added detailed explanation
* changed version hunting to be on a a new version disclosure vulnerability
* fixed version publish
* added logging and fixed typo
* changed whole way of comparing versions in cve hunter
* changed K8sVersionDisclosure vulnerability to one core vulnerability, that takes an endpoint. changed all usage
* added tests
* merged kubectl cve hunting with apiserver hunting. and simplified the code of apiserver cve hunting
* fixed tests to new names
* changed name of module to cves.py
* drastically improved the cve vulnerble detection utility function. now works with all types of versioning methods
* added packaging in requirementes.txt
* added another test, and improved logic on cve comparison for more complicated versions
* changed CveHunter to subscribe_once, to prevent duplicates duplicates
* fixed tests for new improvements
* removed unnecessary ternary on doc
* removed unnecessary join split
* improved compare function, made it util
* improved cve checking to use mapping
