mirror of
https://github.com/aquasecurity/kube-hunter.git
synced 2026-05-13 04:36:58 +00:00
36e87807e6
2. started working on results table. 3. *added convention* from now on, every vulnerability/service event, should have a __doc__ that describes them. notice the new get_name(), component, and explain() attributes that needs to be implemented as well.
47 lines
1.6 KiB
Python
47 lines
1.6 KiB
Python
from enum import Enum
|
|
from ..types import Hunter
|
|
|
|
from requests import get
|
|
|
|
from ..events import handler
|
|
from ..discovery.dashboard import KubeDashboardEvent
|
|
from ..discovery.proxy import KubeProxyEvent
|
|
|
|
class Service(Enum):
|
|
DASHBOARD = "kubernetes-dashboard"
|
|
|
|
@handler.subscribe(KubeProxyEvent)
|
|
class KubeProxy(Hunter):
|
|
def __init__(self, event):
|
|
self.event = event
|
|
self.api_url = "http://{host}:{port}/api/v1".format(host=self.event.host, port=self.event.port)
|
|
|
|
def execute(self):
|
|
for namespace, services in self.services.items():
|
|
for service in services:
|
|
curr_path = "api/v1/namespaces/{ns}/services/{sv}/proxy".format(ns=namespace,sv=service) # TODO: check if /proxy is a convention on other services
|
|
if service == Service.DASHBOARD:
|
|
self.publish_event(KubeDashboardEvent(path=curr_path, secure=False))
|
|
|
|
@property
|
|
def namespaces(self):
|
|
resource_json = get(self.api_url + "/namespaces").json()
|
|
return self.extract_names(resource_json)
|
|
|
|
@property
|
|
def services(self):
|
|
# map between namespaces and service names
|
|
services = dict()
|
|
for namespace in self.namespaces:
|
|
resource_path = "/namespaces/{ns}/services".format(ns=namespace)
|
|
resource_json = get(self.api_url + resource_path).json()
|
|
services[namespace] = self.extract_names(resource_json)
|
|
return services
|
|
|
|
@staticmethod
|
|
def extract_names(resource_json):
|
|
names = list()
|
|
for item in resource_json["items"]:
|
|
names.append(item["metadata"]["name"])
|
|
return names
|