Python error not handled when command result is empty
JnMik opened this issue · comments
Hello !
Here's the commands I used that triggered the error
python3 /KubiScan/KubiScan.py -ho $KUBERNETES_ENDPOINT:$PORT -t /token -c /ca.crt -rp
or
python3 /KubiScan/KubiScan.py -ho $KUBERNETES_ENDPOINT:$PORT -t /token -c /ca.crt -pp
Traceback (most recent call last):
File "/KubiScan/KubiScan.py", line 635, in <module>
main()
File "/KubiScan/KubiScan.py", line 568, in main
print_all_risky_containers(priority=args.priority, namespace=args.namespace, read_token_from_container=args.deep)
File "/KubiScan/KubiScan.py", line 113, in print_all_risky_containers
pods = engine.utils.get_risky_pods(namespace, read_token_from_container)
File "/KubiScan/engine/utils.py", line 350, in get_risky_pods
risky_containers = get_risky_containers(pod, risky_users, deep_analysis)
File "/KubiScan/engine/utils.py", line 331, in get_risky_containers
for volume in pod.spec.volumes:
TypeError: 'NoneType' object is not iterable
Not sure if this happen with the other commands because when I run them they actually returning a result.
Cheers !
Hey @JnMik,
Thank you for reporting !
I will check it and update you when it will be solved.
I think I know what will solve it but it will need to wait for after 4.12 because I am presenting demos of this tool and I don't want to add fixes that might affect the demos.
Sorry for the delay,
I saw that the problem is in this here:
Line 333 in c20370a
This is because we are not handling the case where pod.spec.volumes is None.
I was able to reproduce it with this YAML:
apiVersion: v1
kind: Pod
metadata:
name: super-user-pod
spec:
containers:
- image: busybox:1.28
imagePullPolicy: IfNotPresent
name: redis
resources: {}
securityContext:
capabilities:
add:
- SYS_ADMIN
dnsPolicy: ClusterFirst
enableServiceLinks: true
restartPolicy: Always
automountServiceAccountToken: false
I can now work on solution for this and I will update.
I tested it and it works :)
If you still having issues, reopen this case.