search

aquasecurity / kube-hunter

Hunt for security weaknesses in Kubernetes clusters
Apache License 2.0
4.75k stars 585 forks source link

Add new --report ndjson argument for flattening json output, resolves #326 #327

Closed shellw closed 3 years ago

shellw commented 4 years ago

Description

This PR adds an ndjson reporting option. This allows the results to be flattened into individual json dictionaries (for each unique combination of nodes, services, and vulnerabilities). Each json dictionary will be delimited by a new line in the output. Having this reporting option will make aggregating data and querying logs easier.

Contribution Guidelines

Please Read through the Contribution Guidelines.

Fixed Issues

Please mention any issues fixed in the PR by referencing it properly in the commit message. Resolves #326

"BEFORE" and "AFTER" output

To verify that the change works as desired, please include an output of terminal before and after the changes under headings "BEFORE" and "AFTER".

BEFORE

Any Terminal Output Before Changes.

AFTER

python3 kube_hunter --cidr 1.2.3.4/32 --log INFO --report ndjson

Note that data here just reflects sample data with placeholder numbers: 

2020-03-23 17: 11: 38, 111 INFO kube_hunter.modules.report.collector Started hunting
2020-03-23 17: 11: 38, 111 INFO kube_hunter.modules.report.collector Discovering Open Kubernetes Services
2020-03-23 17: 11: 39, 222 INFO kube_hunter.modules.report.collector Found open service "API Server" at 1.2.3.4: 11111
2020-03-23 17: 11: 39, 333 INFO kube_hunter.modules.report.collector Found vulnerability "K8s Version Disclosure" in 1.2.3.4: 11111
{
    "node_location": "1.2.3.4",
    "node_type": "Node/Master",
    "service_service": "API Server",
    "service_location": "1.2.3.4:11111",
    "service_description": "The API server is in charge of all operations on the cluster.",
    "vulnerability_location": "1.2.3.4:11111",
    "vulnerability_vid": "KHV002",
    "vulnerability_category": "Information Disclosure",
    "vulnerability_severity": "medium",
    "vulnerability_vulnerability": "K8s Version Disclosure",
    "vulnerability_description": "The kubernetes version could be obtained from the /version endpoint ",
    "vulnerability_evidence": "redacted",
    "vulnerability_hunter": "Api Version Hunter"
}

Contribution checklist

Notes

Please mention if you have not checked any of the above boxes.

codecov-io commented 4 years ago

Codecov Report

Merging #327 into master will decrease coverage by 1.51%. The diff coverage is 9.83%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #327      +/-   ##
==========================================
- Coverage   59.56%   58.05%   -1.52%     
==========================================
  Files          41       42       +1     
  Lines        1939     2000      +61     
==========================================
+ Hits         1155     1161       +6     
- Misses        784      839      +55
Impacted Files Coverage Δ
kube_hunter/conf/parser.py 100% <ø> (ø) :arrow_up:
kube_hunter/modules/report/factory.py 100% <100%> (ø) :arrow_up:
kube_hunter/modules/report/ndjson.py 8.33% <8.33%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update e7585f4...b640ce4. Read the comment docs.

iyehuda commented 4 years ago

Hi @shellw !

Thanks for your contribution. Please fix formatting issues (using flake8) on your new added code.

danielsagi commented 3 years ago

Hi @shellw We would love to see this get implemented. Can you make the proposed adjustments so we could merge?

danielsagi commented 3 years ago

Closing due to inactivity.