When using kube-hunter with --dispatch http and --report json our API fails with 422 unprocessable entity. This is because this piece of code in the dispatcher:
r = requests.request(
dispatch_method, dispatch_url, json=report, headers={"Content-Type": "application/json"}, verify=False
)
is sending a string instead of a dictionary for json argument. That is JSONReporter class should not use json.dumps method:
class JSONReporter(BaseReporter):
def get_report(self, **kwargs):
report = super().get_report(**kwargs)
return json.dumps(report)
# instead:
class JSONReporter(BaseReporter):
def get_report(self, **kwargs):
return super().get_report(**kwargs)
Or at least dispatch method should deserialize the report before sending it to requests: json=json.loads(report).
What happened
When using kube-hunter with --dispatch http and --report json our API fails with 422 unprocessable entity. This is because this piece of code in the dispatcher:
is sending a string instead of a dictionary for
jsonargument. That is JSONReporter class should not usejson.dumpsmethod:Or at least dispatch method should deserialize the report before sending it to
requests:json=json.loads(report).Expected behavior
App should be able to process entity.