search

aquasecurity / kube-hunter

Hunt for security weaknesses in Kubernetes clusters
Apache License 2.0
4.75k stars 585 forks source link

Updated logging init logic to not log on setting --log=none #323

Closed jnschaeffer closed 4 years ago

jnschaeffer commented 4 years ago

Description

This updates __init__.py in the conf package to disable logging if --log is set to none.

Contribution Guidelines

Please Read through the Contribution Guidelines.

Fixed Issues

Fixes #322

"BEFORE" and "AFTER" output

To verify that the change works as desired, please include an output of terminal before and after the changes under headings "BEFORE" and "AFTER".

BEFORE

$ python kube-hunter.py --log none
2020-03-09 22:28:14,333 WARNING root Unknown log level selected, using info
Choose one of the options below:
1. Remote scanning      (scans one or more specific IPs or DNS names)
2. Interface scanning   (scans subnets on all local network interfaces)
3. IP range scanning    (scans a given IP range)
Your choice:
$ python kube-hunter.py --log foo
2020-03-09 22:30:11,285 WARNING root Unknown log level selected, using info
Choose one of the options below:
1. Remote scanning      (scans one or more specific IPs or DNS names)
2. Interface scanning   (scans subnets on all local network interfaces)
3. IP range scanning    (scans a given IP range)
Your choice:
$ python kube-hunter.py --log debug
2020-03-09 22:30:28,319 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.report.collector.Collector'> subscribed to <class 'kube_hunter.core.events.types.common.Vulnerability'>
2020-03-09 22:30:28,319 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.report.collector.Collector'> subscribed to <class 'kube_hunter.core.events.types.common.Service'>
2020-03-09 22:30:28,319 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.report.collector.SendFullReport'> subscribed to <class 'kube_hunter.core.events.types.common.HuntFinished'>
2020-03-09 22:30:28,319 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.report.collector.StartedInfo'> subscribed to <class 'kube_hunter.core.events.types.common.HuntStarted'>
2020-03-09 22:30:28,382 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.discovery.kubectl.KubectlClientDiscovery'> subscribed to <class 'kube_hunter.core.events.types.common.HuntStarted'>
2020-03-09 22:30:28,382 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.discovery.ports.PortDiscovery'> subscribed to <class 'kube_hunter.core.events.types.common.NewHostEvent'>
2020-03-09 22:30:28,383 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.discovery.proxy.KubeProxy'> subscribed to <class 'kube_hunter.core.events.types.common.OpenPortEvent'>
...

AFTER

$ python kube-hunter.py --log none
Choose one of the options below:
1. Remote scanning      (scans one or more specific IPs or DNS names)
2. Interface scanning   (scans subnets on all local network interfaces)
3. IP range scanning    (scans a given IP range)
Your choice:
$ python kube-hunter.py --log foo
WARNING:root:Unknown log level selected, using info
Choose one of the options below:
1. Remote scanning      (scans one or more specific IPs or DNS names)
2. Interface scanning   (scans subnets on all local network interfaces)
3. IP range scanning    (scans a given IP range)
Your choice:
$ python kube-hunter.py --log debug
2020-03-09 22:31:10,300 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.report.collector.Collector'> subscribed to <class 'kube_hunter.core.events.types.common.Vulnerability'>
2020-03-09 22:31:10,300 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.report.collector.Collector'> subscribed to <class 'kube_hunter.core.events.types.common.Service'>
2020-03-09 22:31:10,300 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.report.collector.SendFullReport'> subscribed to <class 'kube_hunter.core.events.types.common.HuntFinished'>
2020-03-09 22:31:10,300 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.report.collector.StartedInfo'> subscribed to <class 'kube_hunter.core.events.types.common.HuntStarted'>
2020-03-09 22:31:10,362 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.discovery.kubectl.KubectlClientDiscovery'> subscribed to <class 'kube_hunter.core.events.types.common.HuntStarted'>
2020-03-09 22:31:10,362 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.discovery.ports.PortDiscovery'> subscribed to <class 'kube_hunter.core.events.types.common.NewHostEvent'>
2020-03-09 22:31:10,363 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.discovery.proxy.KubeProxy'> subscribed to <class 'kube_hunter.core.events.types.common.OpenPortEvent'>
2020-03-09 22:31:10,363 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.discovery.kubelet.KubeletDiscovery'> subscribed to <class 'kube_hunter.core.events.types.common.OpenPortEvent'>
2020-03-09 22:31:10,363 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.discovery.dashboard.KubeDashboard'> subscribed to <class 'kube_hunter.core.events.types.common.OpenPortEvent'>
2020-03-09 22:31:10,364 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.discovery.etcd.EtcdRemoteAccess'> subscribed to <class 'kube_hunter.core.events.types.common.OpenPortEvent'>
2020-03-09 22:31:10,372 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.discovery.hosts.FromPodHostDiscovery'> subscribed to <class 'kube_hunter.modules.discovery.hosts.RunningAsPodEvent'>
2020-03-09 22:31:10,372 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.discovery.hosts.HostDiscovery'> subscribed to <class 'kube_hunter.modules.discovery.hosts.HostScanEvent'>
2020-03-09 22:31:10,372 DEBUG kube_hunter.core.events.handler <class 'kube_hunter.modules.discovery.apiserver.ApiServiceDiscovery'> subscribed to <class 'kube_hunter.core.events.types.common.OpenPortEvent'>

Contribution checklist

Notes

I'm not sure how, or if, the __init__.py for this package can be tested.

codecov-io commented 4 years ago

Codecov Report

Merging #323 into master will increase coverage by 0.34%. The diff coverage is 94.59%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #323      +/-   ##
==========================================
+ Coverage   60.16%   60.50%   +0.34%     
==========================================
  Files          41       42       +1     
  Lines        1968     1985      +17     
==========================================
+ Hits         1184     1201      +17     
  Misses        784      784
Impacted Files Coverage Δ
kube_hunter/conf/parser.py 95.23% <80.00%> (-4.77%) :arrow_down:
kube_hunter/modules/discovery/hosts.py 79.83% <95.23%> (+2.44%) :arrow_up:
kube_hunter/conf/__init__.py 100.00% <100.00%> (ø)
kube_hunter/conf/logging.py 100.00% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 124a51d...901110d. Read the comment docs.

jnschaeffer commented 4 years ago

Just saw this got updated! Thanks for taking this on; sorry I forgot to respond to the comments 😅