arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-02-20 11:32:13 +00:00
Code Issues Releases Wiki Activity

Slightly more robust looking for running executables

Browse Source
This commit is contained in:
Liz Rice 2017-08-30 17:48:12 +01:00
parent 9114e139cf
commit 0bc00e0036
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
cmd/util.go
View File

@ -87,7 +87,19 @@ func verifyBin(bin string, psFunc func(string) string) bool {
proc := strings.Fields(bin)[0] proc := strings.Fields(bin)[0]
out := psFunc(proc) out := psFunc(proc)
return strings.Contains(out, bin) if !strings.Contains(out, bin) {
return false
}
// Make sure we're not just matching on a partial word (e.g. if we're looking for apiserver, don't match on kube-apiserver)
// This will give a false positive for matching "one two" against "zero one two-x" but it will do for now
for _, f := range strings.Fields(out) {
if f == proc {
return true
}
}
return false
} }
// findExecutable looks through a list of possible executable names and finds the first one that's running // findExecutable looks through a list of possible executable names and finds the first one that's running