changes as requested

scripts/public/generate_kubeconfig_secrets.sh

@@ -1,7 +1,7 @@
 #*******************************************************************************
 # * Licensed Materials - Property of IBM
 # * IBM Bluemix Container Service, 5737-D43
-# * (C) Copyright IBM Corp. 2017 All Rights Reserved.
+# * (C) Copyright IBM Corp. 2020 All Rights Reserved.
 # * US Government Users Restricted Rights - Use, duplication or 
 # * disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
 #******************************************************************************

scripts/public/generate_kubehunter_secrets.sh

@@ -1,7 +1,7 @@
 #*******************************************************************************
 # * Licensed Materials - Property of IBM
 # * IBM Bluemix Container Service, 5737-D43
-# * (C) Copyright IBM Corp. 2017 All Rights Reserved.
+# * (C) Copyright IBM Corp. 2020 All Rights Reserved.
 # * US Government Users Restricted Rights - Use, duplication or 
 # * disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
 #******************************************************************************

scripts/public/sa_kubehunter_cleanup.sh

@@ -1,7 +1,7 @@
 #*******************************************************************************
 # * Licensed Materials - Property of IBM
 # * IBM Bluemix Container Service, 5737-D43
-# * (C) Copyright IBM Corp. 2017 All Rights Reserved.
+# * (C) Copyright IBM Corp. 2020 All Rights Reserved.
 # * US Government Users Restricted Rights - Use, duplication or 
 # * disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
 #******************************************************************************

scripts/public/sa_kubehunter_install.sh

@@ -1,7 +1,7 @@
 #*******************************************************************************
 # * Licensed Materials - Property of IBM
 # * IBM Bluemix Container Service, 5737-D43
-# * (C) Copyright IBM Corp. 2017 All Rights Reserved.
+# * (C) Copyright IBM Corp. 2020 All Rights Reserved.
 # * US Government Users Restricted Rights - Use, duplication or 
 # * disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
 #******************************************************************************

scripts/redhat/generate_kubehunter_secrets.sh

@@ -1,7 +1,7 @@
 #*******************************************************************************
 # * Licensed Materials - Property of IBM
 # * IBM Bluemix Container Service, 5737-D43
-# * (C) Copyright IBM Corp. 2017 All Rights Reserved.
+# * (C) Copyright IBM Corp. 2020 All Rights Reserved.
 # * US Government Users Restricted Rights - Use, duplication or 
 # * disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
 #******************************************************************************

scripts/redhat/sa_kubehunter_cleanup.sh

@@ -1,7 +1,7 @@
 #*******************************************************************************
 # * Licensed Materials - Property of IBM
 # * IBM Bluemix Container Service, 5737-D43
-# * (C) Copyright IBM Corp. 2017 All Rights Reserved.
+# * (C) Copyright IBM Corp. 2020 All Rights Reserved.
 # * US Government Users Restricted Rights - Use, duplication or 
 # * disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
 #******************************************************************************

scripts/redhat/sa_kubehunter_install.sh

@@ -1,7 +1,7 @@
 #*******************************************************************************
 # * Licensed Materials - Property of IBM
 # * IBM Bluemix Container Service, 5737-D43
-# * (C) Copyright IBM Corp. 2017 All Rights Reserved.
+# * (C) Copyright IBM Corp. 2020 All Rights Reserved.
 # * US Government Users Restricted Rights - Use, duplication or 
 # * disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
 #******************************************************************************

src/ibmcloud/kubeHunterCleanup.py

@@ -77,8 +77,8 @@ def delete_notes(account_id, token, endpoint, notes):
         for note in notes:
             response = findingsAPI.delete_note(
                 account_id=account_id, 
-                provider_id=note['provider_id'], 
-                note_id=note['id']
+                note_id=note['id'],
+                **note
             )
             if response.get_status_code() == 200:
                 logger.info("deleted note: %s" % note['id'])
@@ -135,9 +135,9 @@ def delete_occurrences(account_id, token, endpoint, occurrences):
         findingsAPI.set_service_url(endpoint)
         for occurrence in occurrences:
             response = findingsAPI.delete_occurrence(
-                account_id=account_id, 
-                provider_id=occurrence['provider_id'], 
-                occurrence_id=occurrence['id']
+                account_id=account_id,  
+                occurrence_id=occurrence['id'],
+                **occurrence
             )
             if response.get_status_code() == 200:
                 logger.info("deleted occurrence: %s" % occurrence['id'])

src/ibmcloud/kubeHunterL1Adaptor.py

@@ -179,14 +179,7 @@ def create_note(account_id, token, endpoint):
         for note in vulnerablity_notes_definition["notes"]:
             response = findingsAPI.create_note(
                 account_id=account_id,
-                provider_id=note['provider_id'],
-                short_description=note['short_description'],
-                long_description=note['long_description'],
-                kind=note['kind'],
-                id=note['id'],
-                reported_by=note['reported_by'],
-                finding=note['finding'] if 'finding' in note else None,
-                card=note['card'] if 'card' in note else None
+                **note
             )
             if response.get_status_code() == 200:
                 logger.info("created note: %s" % note['id'])
@@ -240,9 +233,9 @@ def delete_notes(account_id, token, endpoint, notes):
         findingsAPI.set_service_url(endpoint)
         for note in notes:
             response = findingsAPI.delete_note(
-                account_id=account_id, 
-                provider_id=note['provider_id'], 
-                note_id=note['id']
+                account_id=account_id,  
+                note_id=note['id'],
+                **note
             )
             if response.get_status_code() == 200:
                 logger.info("deleted note: %s" % note['id'])
@@ -299,8 +292,8 @@ def delete_occurrences(account_id, token, endpoint, occurrences):
         for occurrence in occurrences:
             response = findingsAPI.delete_occurrence(
                 account_id=account_id, 
-                provider_id=occurrence['provider_id'], 
-                occurrence_id=occurrence['id']
+                occurrence_id=occurrence['id'],
+                **occurrence
             )
             if response.get_status_code() == 200:
                 logger.info("deleted occurrence: %s" % occurrence['id'])
@@ -325,14 +318,7 @@ def createOccurences(account_id, token, endpoint, occurrencesJson):
         for occurrence in occurrencesJson:
             response = findingsAPI.create_occurrence(
                 account_id=account_id,
-                provider_id=occurrence['provider_id'],
-                note_name=occurrence['note_name'],
-                kind=occurrence['kind'],
-                remediation=occurrence['remediation'],
-                context=occurrence['context'],
-                id=occurrence['id'],
-                finding=occurrence['finding'] if 'finding' in occurrence else None,
-                kpi=occurrence['kpi'] if 'kpi' in occurrence else None
+                **occurrence
             )
             if response.get_status_code() == 200:
                 logger.info("created occurrence: %s" % occurrence['id'])
@@ -347,12 +333,12 @@ def executePointInTimeVulnerabilityOccurenceAdapter(apikey, account_id, endpoint
     try:
         create_note(account_id, token, endpoint)
     except:
-        print("ignoring metadata duplicate errors")
+        logger.exception("ignoring metadata duplicate errors")
     try:
         vulnerabilityOccurrences = get_all_kubehunteroccurrences(account_id, token, endpoint)
         delete_occurrences(account_id, token, endpoint, vulnerabilityOccurrences)
     except:
-        print("ignoring metadata duplicate errors")
+        logger.exception("ignoring metadata duplicate errors")
     createOccurences(account_id, token, endpoint, vulnerabilitiesReportedByPartner["insights"])
     occurrences = get_all_kubehunteroccurrences(account_id, token, endpoint)
     return occurrences

src/ibmcloud/updateKubeHunterCard_entryPt.sh

@@ -1,7 +1,7 @@
 #*******************************************************************************
 # * Licensed Materials - Property of IBM
 # * IBM Bluemix Container Service, 5737-D43
-# * (C) Copyright IBM Corp. 2017 All Rights Reserved.
+# * (C) Copyright IBM Corp. 2020 All Rights Reserved.
 # * US Government Users Restricted Rights - Use, duplication or 
 # * disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
 #******************************************************************************

src/ibmcloud/update_kubehuntercard.sh

@@ -1,7 +1,7 @@
 #*******************************************************************************
 # * Licensed Materials - Property of IBM
 # * IBM Bluemix Container Service, 5737-D43
-# * (C) Copyright IBM Corp. 2017 All Rights Reserved.
+# * (C) Copyright IBM Corp. 2020 All Rights Reserved.
 # * US Government Users Restricted Rights - Use, duplication or 
 # * disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
 #******************************************************************************

src/redhat-openshift/kubeHunterAdaptor.py

@@ -8,54 +8,32 @@
 import string
 import random
 from kubeHunterResultsParser import fetchVulList
-from kubeHunterL1Adaptor import postToSA
-
-
-# Change the context according to your service
-
-def obtain_iam_token(api_key, token_url):
-    if not api_key:
-        raise Exception("obtain_uaa_token: missing api key")
-
-    headers = {
-        'Content-Type': 'application/x-www-form-urlencoded',
-        'Accept': 'application/json',
-    }
-
-    body = 'grant_type=urn%3Aibm%3Aparams%3Aoauth%3Agrant-type%3Aapikey&apikey=' + api_key + '&response_type=cloud_iam'
-
-    try:
-        response = requests.post(token_url, data=body, headers=headers)
-        response.raise_for_status()
-    except requests.exceptions.HTTPError as err:
-        logger.exception("An unexpected error was encountered while obtaining IAM token" + str(err))
-        return None
-    if response.status_code == 200 and response.json()['access_token']:
-        return response.json()['access_token']        
+from kubeHunterL1Adaptor import postToSA      
 
 def adaptInsightsToOccurence(category,vulnerability,evidence,location,description, account_id , cluster_name):
 	finding_type = ""
-	provider_id = ""	
-	if category.strip() == "Information Disclosure" :
+	provider_id = ""
+    category = "".join(category.split()).strip()	
+	if category == "Information Disclosure" :
 		finding_type = "kubehunterredhat-information-disclosure"
 		provider_id = "kubeHunterRedhatInformationDisclosure"
-	elif category.strip() == "Remote Code Execution" :
+	elif category == "Remote Code Execution" :
 		finding_type = "kubehunterredhat-remote-code-execution"
 		provider_id = "kubeHunterRedhatRemoteCodeExecutor"		
-	elif category.strip() == "Identity Theft" :
+	elif category == "Identity Theft" :
 		finding_type = "kubehunterredhat-identity-and-access"
 		provider_id = "kubeHunterRedhatIdentityAndAccess"	
 
-	elif category.strip() == "Unauthenticated Access" :
+	elif category == "Unauthenticated Access" :
 		finding_type = "kubehunterredhat-identity-and-access"
 		provider_id = "kubeHunterRedhatIdentityAndAccess"		
-	elif category.strip() == "Access Risk" :
+	elif category == "Access Risk" :
 		finding_type = "kubehunterredhat-identity-and-access"
 		provider_id = "kubeHunterRedhatIdentityAndAccess"				
-	elif category.strip() == "Privilege Escalation" :
+	elif category == "Privilege Escalation" :
 		finding_type = "kubehunterredhat-identity-and-access"
 		provider_id = "kubeHunterRedhatIdentityAndAccess"	
-	elif category.strip() == "Denial of Service" :
+	elif category == "Denial of Service" :
 		finding_type = "kubehunterredhat-denial-of-service"
 		provider_id = "kubeHunterRedhatDenialofService"