Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for pod.spec.volumes with None #20

Merged
merged 2 commits into from Jun 4, 2020
Merged

Fix for pod.spec.volumes with None #20

merged 2 commits into from Jun 4, 2020

Conversation

g3rzi
Copy link
Contributor

@g3rzi g3rzi commented Jun 4, 2020

In some scenarios, pod can have empty volumes field under it specs, in such case we are not checking if the volumes is None and therefore result with a panic like that:

 Traceback (most recent call last):
   File "/KubiScan/KubiScan.py", line 635, in <module>
     main()
   File "/KubiScan/KubiScan.py", line 568, in main
     print_all_risky_containers(priority=args.priority, namespace=args.namespace, read_token_from_container=args.deep)
   File "/KubiScan/KubiScan.py", line 113, in print_all_risky_containers
     pods = engine.utils.get_risky_pods(namespace, read_token_from_container)
   File "/KubiScan/engine/utils.py", line 350, in get_risky_pods
     risky_containers = get_risky_containers(pod, risky_users, deep_analysis)
   File "/KubiScan/engine/utils.py", line 331, in get_risky_containers
     for volume in pod.spec.volumes:
 TypeError: 'NoneType' object is not iterable

Reproduce:
Create a pod with this YAML:

apiVersion: v1
kind: Pod
metadata:
 name: super-user-pod
spec:
 containers:
 - image: busybox:1.28
   imagePullPolicy: IfNotPresent
   name: redis
   resources: {}
   securityContext:
     capabilities:
       add:
       - SYS_ADMIN
 dnsPolicy: ClusterFirst
 enableServiceLinks: true
 restartPolicy: Always
 automountServiceAccountToken: false

To fix it, I added support for empty pod.spec.volumes in two places:

This should solve case: Python error not handled when command result is empty #12

@g3rzi g3rzi merged commit 1b8648c into master Jun 4, 2020
@g3rzi g3rzi deleted the v.1.5.1 branch June 4, 2020 10:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant