From 0b90e0e43d124778a7b80f4aec637a56cada8384 Mon Sep 17 00:00:00 2001 From: danielsagi Date: Thu, 27 May 2021 21:41:43 +0300 Subject: [PATCH] Bugfix - Aws metadata api discovery (#455) * fixed aws metadata bug * added new black reformatting --- kube_hunter/core/events/types.py | 2 +- kube_hunter/modules/discovery/hosts.py | 6 +++--- kube_hunter/modules/hunting/apiserver.py | 22 +++++++++++----------- kube_hunter/modules/hunting/arp.py | 2 +- kube_hunter/modules/hunting/kubelet.py | 2 +- kube_hunter/modules/hunting/secrets.py | 4 ++-- 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/kube_hunter/core/events/types.py b/kube_hunter/core/events/types.py index 6d9e036..29add1b 100644 --- a/kube_hunter/core/events/types.py +++ b/kube_hunter/core/events/types.py @@ -205,7 +205,7 @@ class ReportDispatched(Event): class K8sVersionDisclosure(Vulnerability, Event): - """The kubernetes version could be obtained from the {} endpoint """ + """The kubernetes version could be obtained from the {} endpoint""" def __init__(self, version, from_endpoint, extra_info=""): Vulnerability.__init__( diff --git a/kube_hunter/modules/discovery/hosts.py b/kube_hunter/modules/discovery/hosts.py index 559967a..440a805 100644 --- a/kube_hunter/modules/discovery/hosts.py +++ b/kube_hunter/modules/discovery/hosts.py @@ -200,7 +200,7 @@ class FromPodHostDiscovery(Discovery): # for pod scanning def gateway_discovery(self): - """ Retrieving default gateway of pod, which is usually also a contact point with the host """ + """Retrieving default gateway of pod, which is usually also a contact point with the host""" return [[gateways()["default"][AF_INET][0], "24"]] # querying AWS's interface metadata api v1 | works only from a pod @@ -223,7 +223,7 @@ class FromPodHostDiscovery(Discovery): self.publish_event(AWSMetadataApi(cidr=cidr)) - return cidr, "AWS" + return [(address, subnet)], "AWS" # querying AWS's interface metadata api v2 | works only from a pod def aws_metadata_v2_discovery(self): @@ -252,7 +252,7 @@ class FromPodHostDiscovery(Discovery): self.publish_event(AWSMetadataApi(cidr=cidr)) - return cidr, "AWS" + return [(address, subnet)], "AWS" # querying azure's interface metadata api | works only from a pod def azure_metadata_discovery(self): diff --git a/kube_hunter/modules/hunting/apiserver.py b/kube_hunter/modules/hunting/apiserver.py index f019680..5e4aa96 100644 --- a/kube_hunter/modules/hunting/apiserver.py +++ b/kube_hunter/modules/hunting/apiserver.py @@ -75,28 +75,28 @@ class ApiInfoDisclosure(Vulnerability, Event): class ListPodsAndNamespaces(ApiInfoDisclosure): - """ Accessing pods might give an attacker valuable information""" + """Accessing pods might give an attacker valuable information""" def __init__(self, evidence, using_token): ApiInfoDisclosure.__init__(self, evidence, using_token, "Listing pods") class ListNamespaces(ApiInfoDisclosure): - """ Accessing namespaces might give an attacker valuable information """ + """Accessing namespaces might give an attacker valuable information""" def __init__(self, evidence, using_token): ApiInfoDisclosure.__init__(self, evidence, using_token, "Listing namespaces") class ListRoles(ApiInfoDisclosure): - """ Accessing roles might give an attacker valuable information """ + """Accessing roles might give an attacker valuable information""" def __init__(self, evidence, using_token): ApiInfoDisclosure.__init__(self, evidence, using_token, "Listing roles") class ListClusterRoles(ApiInfoDisclosure): - """ Accessing cluster roles might give an attacker valuable information """ + """Accessing cluster roles might give an attacker valuable information""" def __init__(self, evidence, using_token): ApiInfoDisclosure.__init__(self, evidence, using_token, "Listing cluster roles") @@ -118,7 +118,7 @@ class CreateANamespace(Vulnerability, Event): class DeleteANamespace(Vulnerability, Event): - """ Deleting a namespace might give an attacker the option to affect application behavior """ + """Deleting a namespace might give an attacker the option to affect application behavior""" def __init__(self, evidence): Vulnerability.__init__( @@ -186,7 +186,7 @@ class PatchAClusterRole(Vulnerability, Event): class DeleteARole(Vulnerability, Event): - """ Deleting a role might allow an attacker to affect access to resources in the namespace""" + """Deleting a role might allow an attacker to affect access to resources in the namespace""" def __init__(self, evidence): Vulnerability.__init__( @@ -199,7 +199,7 @@ class DeleteARole(Vulnerability, Event): class DeleteAClusterRole(Vulnerability, Event): - """ Deleting a cluster role might allow an attacker to affect access to resources in the cluster""" + """Deleting a cluster role might allow an attacker to affect access to resources in the cluster""" def __init__(self, evidence): Vulnerability.__init__( @@ -212,7 +212,7 @@ class DeleteAClusterRole(Vulnerability, Event): class CreateAPod(Vulnerability, Event): - """ Creating a new pod allows an attacker to run custom code""" + """Creating a new pod allows an attacker to run custom code""" def __init__(self, evidence): Vulnerability.__init__( @@ -225,7 +225,7 @@ class CreateAPod(Vulnerability, Event): class CreateAPrivilegedPod(Vulnerability, Event): - """ Creating a new PRIVILEGED pod would gain an attacker FULL CONTROL over the cluster""" + """Creating a new PRIVILEGED pod would gain an attacker FULL CONTROL over the cluster""" def __init__(self, evidence): Vulnerability.__init__( @@ -238,7 +238,7 @@ class CreateAPrivilegedPod(Vulnerability, Event): class PatchAPod(Vulnerability, Event): - """ Patching a pod allows an attacker to compromise and control it """ + """Patching a pod allows an attacker to compromise and control it""" def __init__(self, evidence): Vulnerability.__init__( @@ -251,7 +251,7 @@ class PatchAPod(Vulnerability, Event): class DeleteAPod(Vulnerability, Event): - """ Deleting a pod allows an attacker to disturb applications on the cluster """ + """Deleting a pod allows an attacker to disturb applications on the cluster""" def __init__(self, evidence): Vulnerability.__init__( diff --git a/kube_hunter/modules/hunting/arp.py b/kube_hunter/modules/hunting/arp.py index a1a0bbd..6ae8c35 100644 --- a/kube_hunter/modules/hunting/arp.py +++ b/kube_hunter/modules/hunting/arp.py @@ -41,7 +41,7 @@ class ArpSpoofHunter(ActiveHunter): return ans[ARP].hwsrc if ans else None def detect_l3_on_host(self, arp_responses): - """ returns True for an existence of an L3 network plugin """ + """returns True for an existence of an L3 network plugin""" logger.debug("Attempting to detect L3 network plugin using ARP") unique_macs = list({response[ARP].hwsrc for _, response in arp_responses}) diff --git a/kube_hunter/modules/hunting/kubelet.py b/kube_hunter/modules/hunting/kubelet.py index 680502a..3ff85b8 100644 --- a/kube_hunter/modules/hunting/kubelet.py +++ b/kube_hunter/modules/hunting/kubelet.py @@ -303,7 +303,7 @@ class SecureKubeletPortHunter(Hunter): """ class DebugHandlers: - """ all methods will return the handler name if successful """ + """all methods will return the handler name if successful""" def __init__(self, path, pod, session=None): self.path = path + ("/" if not path.endswith("/") else "") diff --git a/kube_hunter/modules/hunting/secrets.py b/kube_hunter/modules/hunting/secrets.py index 8e2f3b6..b505e32 100644 --- a/kube_hunter/modules/hunting/secrets.py +++ b/kube_hunter/modules/hunting/secrets.py @@ -10,7 +10,7 @@ logger = logging.getLogger(__name__) class ServiceAccountTokenAccess(Vulnerability, Event): - """ Accessing the pod service account token gives an attacker the option to use the server API """ + """Accessing the pod service account token gives an attacker the option to use the server API""" def __init__(self, evidence): Vulnerability.__init__( @@ -24,7 +24,7 @@ class ServiceAccountTokenAccess(Vulnerability, Event): class SecretsAccess(Vulnerability, Event): - """ Accessing the pod's secrets within a compromised pod might disclose valuable data to a potential attacker""" + """Accessing the pod's secrets within a compromised pod might disclose valuable data to a potential attacker""" def __init__(self, evidence): Vulnerability.__init__(