Change all direct use of requests to use the event's session object

aquasecurity / kube-hunter

Hunt for security weaknesses in Kubernetes clusters

Apache License 2.0

4.66k stars 578 forks source link

Change all direct use of requests to use the event's session object #462

Open danielsagi opened 3 years ago

danielsagi commented 3 years ago

What would you like to be added

On some hunters, we still directly use requests.get This should not be the case, all events should have a Session object. which we set authorization on it on early stages. Hunters should not manually specify headers on requests.

sgaist commented 2 years ago

Hi,

Thanks for this interesting project.

I would like to take help with the move from direct request to session however something is not clear: should the session object be directly created in the Event base class ?

For example:

ApiServiceDiscovery has it's own session.
SecureKubeletPortHunter copies its session to the event.
ProveRunHandler uses the one from the event and does not have any notion of session.