github/kube-hunter
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-hunter.git synced 2026-05-13 04:36:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed formated json string

Browse Source
This commit is contained in:
oriagmon
2018-10-22 22:58:37 +03:00
parent 5139b21261
commit ab9505a226
1 changed files with 21 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
src/modules/hunting/apiserver.py
View File

@@ -393,26 +393,28 @@ class AccessApiServerViaServiceAccountTokenActive(ActiveHunter):
def create_a_pod(self, namespace):
jsonPod = \
"""
"apiVersion": "v1",
{{"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"metadata": {{
"name": "{random_str}"
},
"spec": {
}},
"spec": {{
"containers": [
{
{{
"name": "{random_str}",
"image": "nginx:1.7.9",
"ports": [
{
{{
"containerPort": 80
}
}}
]
}
}}
]
}
}
""".format(random_str=str(uuid.uuid4())[0:5])
}}
}}
""".format(random_str=(str(uuid.uuid4()))[0:5])
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {token}'.format(token=self.service_account_token)
@@ -422,7 +424,9 @@ class AccessApiServerViaServiceAccountTokenActive(ActiveHunter):
host=self.event.host, port=self.event.port, namespace=namespace),
verify=False, data=jsonPod, headers=headers)
if res.status_code not in [200, 201, 202]: return False
self.self.created_pod_name_evidence = res.content['metadata']['name']
parsed_content = json.loads(res.content.replace('\'', '\"'))
self.created_pod_name_evidence = parsed_content['metadata']['name']
return res.status_code in [200, 201, 202] and res.content != ''
except (requests.exceptions.ConnectionError, KeyError):
return False
@@ -434,7 +438,8 @@ class AccessApiServerViaServiceAccountTokenActive(ActiveHunter):
host=self.event.host, port=self.event.port, name=pod_name, namespace=namespace),
headers={'Authorization': 'Bearer ' + self.service_account_token}, verify=False)
if res.status_code not in [200, 201, 202]: return False
self.deleted_newly_created_pod_evidence = res.content['metadata']['deletionTimestamp']
parsed_content = json.loads(res.content.replace('\'', '\"'))
self.deleted_newly_created_pod_evidence = parsed_content['metadata']['deletionTimestamp']
return res.status_code == 200 and res.content != ''
except (requests.exceptions.ConnectionError, KeyError):
return False
@@ -448,7 +453,8 @@ class AccessApiServerViaServiceAccountTokenActive(ActiveHunter):
host=self.event.host, port=self.event.port, namespace=namespace, name=pod_name),
headers={'Authorization': 'Bearer ' + self.service_account_token}, verify=False, data=patch_data)
if res.status_code not in [200, 201, 202]: return False
self.patched_newly_created_pod = res.content['metadata'] # DECIDE WHAT EVIDENCE HERE
parsed_content = json.loads(res.content.replace('\'', '\"'))
self.patched_newly_created_pod_evidence = parsed_content['metadata']['namespace']
return res.status_code == 200 and res.content != ''
except (requests.exceptions.ConnectionError, KeyError):
return False
@@ -457,19 +463,7 @@ class AccessApiServerViaServiceAccountTokenActive(ActiveHunter):
# 1 Namespaces method:
def create_namespace(self):
# Initialize variables:
json_namespace = \
"""
{
"kind": "Namespace",
"apiVersion": "v1",
"metadata": {
"name": "{random_str}",
"labels": {
"name": "{random_str}"
}
}
}
""".format(random_str=str(uuid.uuid4())[0:5])
json_namespace = '{{"kind":"Namespace","apiVersion":"v1","metadata":{{"name":"{random_str}","labels":{{"name":"{random_str}"}}}}}}'.format(random_str=(str(uuid.uuid4()))[0:5])
headers = {
'Content-Type': 'application/json',
'Authorization': 'Bearer {token}'.format(token=self.service_account_token)