mirror of
https://github.com/lunchcat/sif.git
synced 2026-07-09 21:52:07 -07:00
570592c317
modules/recon/airflow-api-exposure.yaml flags an exposed Apache Airflow webserver through its unauthenticated health endpoint, keyed on the metadatabase and scheduler health blocks, then extracts the scheduler heartbeat. modules/recon/flink-api-exposure.yaml flags an exposed Apache Flink dashboard, keyed on the flink version paired with the slot total that a generic overview does not carry, then extracts the flink version. modules/recon/kafka-connect-api-exposure.yaml flags an exposed Kafka Connect rest api, keyed on the kafka cluster id paired with the version, then extracts the version. internal/modules/data_pipeline_api_exposure_test.go drives the three modules end to end through ExecuteHTTPModule and asserts the leak alongside the near misses a strict review wants pinned: each service with one keying field missing, a generic health response, a plain 200 and a 404. verify: go test ./internal/modules, each matcher and extractor proven to bite (break -> red, restore -> green).