diff --git a/backend/netfetch b/backend/netfetch index e490f82..70eb459 100755 Binary files a/backend/netfetch and b/backend/netfetch differ diff --git a/backend/pkg/k8s/target-scanner.go b/backend/pkg/k8s/target-scanner.go index 7132c83..f910851 100644 --- a/backend/pkg/k8s/target-scanner.go +++ b/backend/pkg/k8s/target-scanner.go @@ -3,7 +3,6 @@ package k8s import ( "context" "fmt" - "strings" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -59,7 +58,7 @@ func GetAllNonSystemNamespaces(dynamicClient dynamic.Interface) ([]string, error } // ListPodsTargetedByNetworkPolicy lists all pods targeted by the given network policy in the specified namespace. -func ListPodsTargetedByNetworkPolicy(cynamicClient dynamic.Interface, policy *unstructured.Unstructured, namespace string) ([]string, error) { +func ListPodsTargetedByNetworkPolicy(dynamicClient dynamic.Interface, policy *unstructured.Unstructured, namespace string) ([]string, error) { // Retrieve the PodSelector (matchLabels) podSelector, found, err := unstructured.NestedMap(policy.Object, "spec", "podSelector", "matchLabels") if err != nil { @@ -91,106 +90,3 @@ func ListPodsTargetedByNetworkPolicy(cynamicClient dynamic.Interface, policy *un return targetedPods, nil } - -// DescribeNetworkPolicyRules provides a human-readable description of network policy rules. -func DescribeNetworkPolicyRules(policy *unstructured.Unstructured) string { - var descriptions []string - - // Parse Ingress Rules - ingressRules, _, _ := unstructured.NestedSlice(policy.Object, "spec", "ingress") - if len(ingressRules) > 0 { - for _, rule := range ingressRules { - descriptions = append(descriptions, fmt.Sprintf("Allows ingress from %s", describeRule(rule))) - } - } else { - descriptions = append(descriptions, "Blocks all ingress traffic") - } - - // Parse Egress Rules - egressRules, _, _ := unstructured.NestedSlice(policy.Object, "spec", "egress") - if len(egressRules) > 0 { - for _, rule := range egressRules { - descriptions = append(descriptions, fmt.Sprintf("Allows egress to %s", describeRule(rule))) - } - } else { - descriptions = append(descriptions, "Blocks all egress traffic") - } - - return strings.Join(descriptions, "; ") -} - -// describeRule provides a summary of a single ingress or egress rule. -func describeRule(rule interface{}) string { - ruleMap, ok := rule.(map[string]interface{}) - if !ok { - return "unknown source/destination" - } - - var sources []string - - if from, ok := ruleMap["from"].([]interface{}); ok { - for _, fromRule := range from { - source := describeSource(fromRule) - sources = append(sources, source) - } - } - - if to, ok := ruleMap["to"].([]interface{}); ok { - for _, toRule := range to { - destination := describeSource(toRule) - sources = append(sources, destination) - } - } - - return strings.Join(sources, ", ") -} - -// describeSource converts a source/destination object to a human-readable string. -func describeSource(source interface{}) string { - sourceMap, ok := source.(map[string]interface{}) - if !ok { - return "unknown" - } - - var descriptions []string - - if podSelector, ok := sourceMap["podSelector"].(map[string]interface{}); ok { - descriptions = append(descriptions, fmt.Sprintf("pods matching %s", describeSelector(podSelector))) - } - - if namespaceSelector, ok := sourceMap["namespaceSelector"].(map[string]interface{}); ok { - descriptions = append(descriptions, fmt.Sprintf("namespaces matching %s", describeSelector(namespaceSelector))) - } - - if ipBlock, ok := sourceMap["ipBlock"].(map[string]interface{}); ok { - if cidr, ok := ipBlock["cidr"].(string); ok { - description := fmt.Sprintf("CIDR %s", cidr) - - if except, ok := ipBlock["except"].([]interface{}); ok { - var exceptions []string - for _, ex := range except { - if cidrEx, ok := ex.(string); ok { - exceptions = append(exceptions, cidrEx) - } - } - if len(exceptions) > 0 { - description += fmt.Sprintf(" except %s", strings.Join(exceptions, ", ")) - } - } - descriptions = append(descriptions, description) - } - } - - return strings.Join(descriptions, ", ") -} - -// describeSelector converts a map of labels into a human-readable selector string. -func describeSelector(selector map[string]interface{}) string { - var parts []string - for key, value := range selector { - if strVal, ok := value.(string); ok { - parts = append(parts, fmt.Sprintf("%s=%s", key, strVal)) - } - } - return strings.Join(parts, ", ") -}