Documentation ¶
Index ¶
- Constants
- Variables
- func Register(edge Builder, flags RegistrationFlag)
- type BaseContainerEscape
- type BaseEdge
- type Builder
- type ContainerAttach
- func (e *ContainerAttach) Label() string
- func (e *ContainerAttach) Name() string
- func (e *ContainerAttach) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *ContainerAttach) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- func (e *ContainerAttach) Traversal() types.EdgeTraversal
- type DependentBuilder
- type EndpointExploitExternal
- func (e *EndpointExploitExternal) Label() string
- func (e *EndpointExploitExternal) Name() string
- func (e *EndpointExploitExternal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *EndpointExploitExternal) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, ...) error
- type EndpointExploitInternal
- func (e *EndpointExploitInternal) Label() string
- func (e *EndpointExploitInternal) Name() string
- func (e *EndpointExploitInternal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *EndpointExploitInternal) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, ...) error
- type EscapeCorePattern
- func (e *EscapeCorePattern) Label() string
- func (e *EscapeCorePattern) Name() string
- func (e *EscapeCorePattern) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *EscapeCorePattern) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type EscapeModuleLoad
- func (e *EscapeModuleLoad) Label() string
- func (e *EscapeModuleLoad) Name() string
- func (e *EscapeModuleLoad) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *EscapeModuleLoad) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type EscapeNsenter
- type EscapePrivMount
- func (e *EscapePrivMount) Label() string
- func (e *EscapePrivMount) Name() string
- func (e *EscapePrivMount) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *EscapePrivMount) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type EscapeSysPtrace
- func (e *EscapeSysPtrace) Label() string
- func (e *EscapeSysPtrace) Name() string
- func (e *EscapeSysPtrace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *EscapeSysPtrace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type EscapeVarLogSymlink
- func (e *EscapeVarLogSymlink) Dependencies() []string
- func (e *EscapeVarLogSymlink) Label() string
- func (e *EscapeVarLogSymlink) Name() string
- func (e *EscapeVarLogSymlink) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *EscapeVarLogSymlink) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- func (e *EscapeVarLogSymlink) Traversal() types.EdgeTraversal
- type ExploitHostRead
- func (e *ExploitHostRead) Label() string
- func (e *ExploitHostRead) Name() string
- func (e *ExploitHostRead) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *ExploitHostRead) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type ExploitHostTraverse
- func (e *ExploitHostTraverse) Label() string
- func (e *ExploitHostTraverse) Name() string
- func (e *ExploitHostTraverse) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *ExploitHostTraverse) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, ...) error
- type ExploitHostWrite
- func (e *ExploitHostWrite) Label() string
- func (e *ExploitHostWrite) Name() string
- func (e *ExploitHostWrite) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *ExploitHostWrite) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type IdentityAssumeContainer
- func (e *IdentityAssumeContainer) Label() string
- func (e *IdentityAssumeContainer) Name() string
- func (e *IdentityAssumeContainer) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *IdentityAssumeContainer) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type IdentityAssumeNode
- func (e *IdentityAssumeNode) Label() string
- func (e *IdentityAssumeNode) Name() string
- func (e *IdentityAssumeNode) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *IdentityAssumeNode) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, ...) error
- type PermissionDiscover
- func (e *PermissionDiscover) Label() string
- func (e *PermissionDiscover) Name() string
- func (e *PermissionDiscover) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *PermissionDiscover) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, ...) error
- type PodAttach
- type PodCreate
- func (e *PodCreate) BatchSize() int
- func (e *PodCreate) Label() string
- func (e *PodCreate) Name() string
- func (e *PodCreate) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *PodCreate) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- func (e *PodCreate) Traversal() types.EdgeTraversal
- type PodExec
- func (e *PodExec) BatchSize() int
- func (e *PodExec) Label() string
- func (e *PodExec) Name() string
- func (e *PodExec) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *PodExec) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- func (e *PodExec) Traversal() types.EdgeTraversal
- type PodExecNamespace
- func (e *PodExecNamespace) Label() string
- func (e *PodExecNamespace) Name() string
- func (e *PodExecNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *PodExecNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type PodPatch
- func (e *PodPatch) BatchSize() int
- func (e *PodPatch) Label() string
- func (e *PodPatch) Name() string
- func (e *PodPatch) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *PodPatch) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- func (e *PodPatch) Traversal() types.EdgeTraversal
- type PodPatchNamespace
- func (e *PodPatchNamespace) Label() string
- func (e *PodPatchNamespace) Name() string
- func (e *PodPatchNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *PodPatchNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type RegistrationFlag
- type Registry
- type RoleBindCrbCrCr
- func (e *RoleBindCrbCrCr) Label() string
- func (e *RoleBindCrbCrCr) Name() string
- func (e *RoleBindCrbCrCr) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *RoleBindCrbCrCr) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, ...) error
- func (e *RoleBindCrbCrCr) Traversal() types.EdgeTraversal
- type RoleBindCrbCrR
- func (e *RoleBindCrbCrR) Label() string
- func (e *RoleBindCrbCrR) Name() string
- func (e *RoleBindCrbCrR) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *RoleBindCrbCrR) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, ...) error
- func (e *RoleBindCrbCrR) Traversal() types.EdgeTraversal
- type RoleBindRbRbR
- type SharePSNamespace
- func (e *SharePSNamespace) Label() string
- func (e *SharePSNamespace) Name() string
- func (e *SharePSNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *SharePSNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type TokenBruteforce
- func (e *TokenBruteforce) BatchSize() int
- func (e *TokenBruteforce) Label() string
- func (e *TokenBruteforce) Name() string
- func (e *TokenBruteforce) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *TokenBruteforce) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- func (e *TokenBruteforce) Traversal() types.EdgeTraversal
- type TokenBruteforceNamespace
- func (e *TokenBruteforceNamespace) Label() string
- func (e *TokenBruteforceNamespace) Name() string
- func (e *TokenBruteforceNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *TokenBruteforceNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type TokenList
- func (e *TokenList) BatchSize() int
- func (e *TokenList) Label() string
- func (e *TokenList) Name() string
- func (e *TokenList) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *TokenList) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- func (e *TokenList) Traversal() types.EdgeTraversal
- type TokenListNamespace
- func (e *TokenListNamespace) Label() string
- func (e *TokenListNamespace) Name() string
- func (e *TokenListNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *TokenListNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type TokenSteal
- type VolumeAccess
- type VolumeDiscover
- func (e *VolumeDiscover) Label() string
- func (e *VolumeDiscover) Name() string
- func (e *VolumeDiscover) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *VolumeDiscover) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
Constants ¶
const (
ClusterRoleBindName = "RoleBindClusteRoleBindingbClusterRoleClusterRole"
)
const (
RoleBindCrbCrRName = "RoleBindClusteRoleBindingbClusterRoleRole"
)
const (
RoleBindLabel = "ROLE_BIND"
)
const (
RoleBindspaceName = "RoleBindRoleBindingbRoleBindingRole"
)
Variables ¶
var P = gremlin.P
var ProcMountList = bson.A{
"/",
"/proc",
"/proc/sys",
"/proc/sys/kernel",
}
var SafeWriteMountList = bson.A{ "/var/run/datadog-agent", "/etc/datadog-agent", "/etc/datadog-agent/auth", "/opt/datadog-agent/run", "/etc/datadog", "/run/xtables\\.lock", "/opt/datadog/heapdumps", "/var/datadog/dumps", primitive.Regex{Pattern: "^/mnt/disks"}, primitive.Regex{Pattern: "^/sys/kernel/debug"}, primitive.Regex{Pattern: "^/tmp?.*"}, primitive.Regex{Pattern: "^/var/run/.*"}, primitive.Regex{Pattern: "^/mnt/.*"}, primitive.Regex{Pattern: "^/var/lib/datadog-agent/.*"}, primitive.Regex{Pattern: "^/var/tmp/datadog-agent/.*"}, primitive.Regex{Pattern: "^/run/udev"}, primitive.Regex{Pattern: "^/lib/udev"}, primitive.Regex{Pattern: "^/etc/udev"}, primitive.Regex{Pattern: "^/data/[a-zA-Z0-9\\-]*/shared"}, }
SafeWriteMountList represent common safe mounts that are deemed not exploitable. Paths are normalized by K8s to remove the trailing slash.
var TokenMountList = bson.A{ "/", "/var", "/var/lib", "/var/lib/kubelet", "/var/lib/kubelet/pods", primitive.Regex{Pattern: "^/var/lib/kubelet/pods/.*"}, }
TokenMountList represent ounts that grant access to the pod service account tokens that reside in /var/lib/kubelet/pods/<uid>/volumes/kubernetes.io~projected/<name>/. Paths are normalized by K8s to remove the trailing slash.
var UnsafeReadMountlist = bson.A{ "/", "/home", primitive.Regex{Pattern: "^/home/[a-zA-Z0-9]*/\\.ssh$"}, "/root", "/root/.ssh", "/proc", "/etc", }
UnsafeReadMountlist represents dangerous mounts that can be abused to read secrets granting execution on the host. Paths are normalized by K8s to remove the trailing slash.
Functions ¶
func Register ¶
func Register(edge Builder, flags RegistrationFlag)
Register loads the provided edge into the registry.
Types ¶
type BaseContainerEscape ¶
type BaseContainerEscape struct {
BaseEdge
}
func (*BaseContainerEscape) Traversal ¶
func (e *BaseContainerEscape) Traversal() types.EdgeTraversal
type BaseEdge ¶
type BaseEdge struct {
// contains filtered or unexported fields
}
func (*BaseEdge) Initialize ¶
func (e *BaseEdge) Initialize(cfg *config.EdgeBuilderConfig, runtime *config.DynamicConfig) error
func (*BaseEdge) Traversal ¶
func (e *BaseEdge) Traversal() types.EdgeTraversal
type Builder ¶
type Builder interface { // Initialize intializes an edge builder from the application config Initialize(cfg *config.EdgeBuilderConfig, runtime *config.DynamicConfig) error // Name returns the unique name for the edge builder. This must be unique. Name() string // Label returns the label for the edge (convention is all uppercase i.e EDGE_NAME). Label() string // BatchSize returns the batch size of bulk inserts (and threshold for triggering a flush). BatchSize() int // Traversal returns a graph traversal function that enables creating edges from an input array of TraversalInput objects. Traversal() types.EdgeTraversal // Processor transforms an object queued for writing to a format suitable for consumption by the Traversal function. Processor(context.Context, *converter.ObjectIDConverter, any) (any, error) // Stream will query the store db for the data required to create an edge and stream to graph DB via callbacks. // Each query result is encapsulated within an DataContainer and transformed to a TraversalInput via a call to // the edge's Processor function. Invoking the complete callback signals the end of the stream. Stream(ctx context.Context, store storedb.Provider, cache cache.CacheReader, process types.ProcessEntryCallback, complete types.CompleteQueryCallback) error }
type ContainerAttach ¶
type ContainerAttach struct {
BaseEdge
}
func (*ContainerAttach) Label ¶
func (e *ContainerAttach) Label() string
func (*ContainerAttach) Name ¶
func (e *ContainerAttach) Name() string
func (*ContainerAttach) Processor ¶
func (e *ContainerAttach) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*ContainerAttach) Stream ¶
func (e *ContainerAttach) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
func (*ContainerAttach) Traversal ¶
func (e *ContainerAttach) Traversal() types.EdgeTraversal
type DependentBuilder ¶ added in v0.2.2
type DependentBuilder interface { Builder // Dependencies returns the edge labels of all dependencies. Dependencies() []string }
DependentBuilder interface defines objects used to construct edges with dependencies on other edges in the graph. Dependent edges are built last and their dependencies cannot be dependent edges themselves.
type EndpointExploitExternal ¶
type EndpointExploitExternal struct {
BaseEdge
}
func (*EndpointExploitExternal) Label ¶
func (e *EndpointExploitExternal) Label() string
func (*EndpointExploitExternal) Name ¶
func (e *EndpointExploitExternal) Name() string
func (*EndpointExploitExternal) Processor ¶
func (e *EndpointExploitExternal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*EndpointExploitExternal) Stream ¶
func (e *EndpointExploitExternal) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type EndpointExploitInternal ¶
type EndpointExploitInternal struct {
BaseEdge
}
func (*EndpointExploitInternal) Label ¶
func (e *EndpointExploitInternal) Label() string
func (*EndpointExploitInternal) Name ¶
func (e *EndpointExploitInternal) Name() string
func (*EndpointExploitInternal) Processor ¶
func (e *EndpointExploitInternal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*EndpointExploitInternal) Stream ¶
func (e *EndpointExploitInternal) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type EscapeCorePattern ¶ added in v1.5.1
type EscapeCorePattern struct {
BaseContainerEscape
}
func (*EscapeCorePattern) Label ¶ added in v1.5.1
func (e *EscapeCorePattern) Label() string
func (*EscapeCorePattern) Name ¶ added in v1.5.1
func (e *EscapeCorePattern) Name() string
func (*EscapeCorePattern) Processor ¶ added in v1.5.1
func (e *EscapeCorePattern) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*EscapeCorePattern) Stream ¶ added in v1.5.1
func (e *EscapeCorePattern) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type EscapeModuleLoad ¶
type EscapeModuleLoad struct {
BaseContainerEscape
}
func (*EscapeModuleLoad) Label ¶
func (e *EscapeModuleLoad) Label() string
func (*EscapeModuleLoad) Name ¶
func (e *EscapeModuleLoad) Name() string
func (*EscapeModuleLoad) Processor ¶
func (e *EscapeModuleLoad) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
Processor delegates the processing tasks to the generic containerEscapeProcessor.
func (*EscapeModuleLoad) Stream ¶
func (e *EscapeModuleLoad) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type EscapeNsenter ¶
type EscapeNsenter struct {
BaseContainerEscape
}
func (*EscapeNsenter) Label ¶
func (e *EscapeNsenter) Label() string
func (*EscapeNsenter) Name ¶
func (e *EscapeNsenter) Name() string
func (*EscapeNsenter) Processor ¶
func (e *EscapeNsenter) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
Processor delegates the processing tasks to the generic containerEscapeProcessor.
func (*EscapeNsenter) Stream ¶
func (e *EscapeNsenter) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type EscapePrivMount ¶
type EscapePrivMount struct {
BaseContainerEscape
}
func (*EscapePrivMount) Label ¶
func (e *EscapePrivMount) Label() string
func (*EscapePrivMount) Name ¶
func (e *EscapePrivMount) Name() string
func (*EscapePrivMount) Processor ¶
func (e *EscapePrivMount) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
Processor delegates the processing tasks to the generic containerEscapeProcessor.
func (*EscapePrivMount) Stream ¶
func (e *EscapePrivMount) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type EscapeSysPtrace ¶
type EscapeSysPtrace struct {
BaseContainerEscape
}
func (*EscapeSysPtrace) Label ¶
func (e *EscapeSysPtrace) Label() string
func (*EscapeSysPtrace) Name ¶
func (e *EscapeSysPtrace) Name() string
func (*EscapeSysPtrace) Processor ¶
func (e *EscapeSysPtrace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
Processor delegates the processing tasks to the generic containerEscapeProcessor.
func (*EscapeSysPtrace) Stream ¶
func (e *EscapeSysPtrace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type EscapeVarLogSymlink ¶ added in v1.1.0
type EscapeVarLogSymlink struct {
BaseContainerEscape
}
func (*EscapeVarLogSymlink) Dependencies ¶ added in v1.1.0
func (e *EscapeVarLogSymlink) Dependencies() []string
List of needed edges to run the traversal query
func (*EscapeVarLogSymlink) Label ¶ added in v1.1.0
func (e *EscapeVarLogSymlink) Label() string
func (*EscapeVarLogSymlink) Name ¶ added in v1.1.0
func (e *EscapeVarLogSymlink) Name() string
func (*EscapeVarLogSymlink) Processor ¶ added in v1.1.0
func (e *EscapeVarLogSymlink) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*EscapeVarLogSymlink) Stream ¶ added in v1.1.0
func (e *EscapeVarLogSymlink) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
func (*EscapeVarLogSymlink) Traversal ¶ added in v1.1.0
func (e *EscapeVarLogSymlink) Traversal() types.EdgeTraversal
type ExploitHostRead ¶
type ExploitHostRead struct {
BaseEdge
}
func (*ExploitHostRead) Label ¶
func (e *ExploitHostRead) Label() string
func (*ExploitHostRead) Name ¶
func (e *ExploitHostRead) Name() string
func (*ExploitHostRead) Processor ¶
func (e *ExploitHostRead) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*ExploitHostRead) Stream ¶
func (e *ExploitHostRead) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type ExploitHostTraverse ¶
type ExploitHostTraverse struct {
BaseEdge
}
func (*ExploitHostTraverse) Label ¶
func (e *ExploitHostTraverse) Label() string
func (*ExploitHostTraverse) Name ¶
func (e *ExploitHostTraverse) Name() string
func (*ExploitHostTraverse) Processor ¶
func (e *ExploitHostTraverse) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*ExploitHostTraverse) Stream ¶
func (e *ExploitHostTraverse) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, process types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type ExploitHostWrite ¶
type ExploitHostWrite struct {
BaseEdge
}
func (*ExploitHostWrite) Label ¶
func (e *ExploitHostWrite) Label() string
func (*ExploitHostWrite) Name ¶
func (e *ExploitHostWrite) Name() string
func (*ExploitHostWrite) Processor ¶
func (e *ExploitHostWrite) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*ExploitHostWrite) Stream ¶
func (e *ExploitHostWrite) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type IdentityAssumeContainer ¶
type IdentityAssumeContainer struct {
BaseEdge
}
func (*IdentityAssumeContainer) Label ¶
func (e *IdentityAssumeContainer) Label() string
func (*IdentityAssumeContainer) Name ¶
func (e *IdentityAssumeContainer) Name() string
func (*IdentityAssumeContainer) Processor ¶
func (e *IdentityAssumeContainer) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*IdentityAssumeContainer) Stream ¶
func (e *IdentityAssumeContainer) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type IdentityAssumeNode ¶
type IdentityAssumeNode struct {
BaseEdge
}
func (*IdentityAssumeNode) Label ¶
func (e *IdentityAssumeNode) Label() string
func (*IdentityAssumeNode) Name ¶
func (e *IdentityAssumeNode) Name() string
func (*IdentityAssumeNode) Processor ¶
func (e *IdentityAssumeNode) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*IdentityAssumeNode) Stream ¶
func (e *IdentityAssumeNode) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type PermissionDiscover ¶
type PermissionDiscover struct {
BaseEdge
}
func (*PermissionDiscover) Label ¶
func (e *PermissionDiscover) Label() string
func (*PermissionDiscover) Name ¶
func (e *PermissionDiscover) Name() string
func (*PermissionDiscover) Processor ¶
func (e *PermissionDiscover) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*PermissionDiscover) Stream ¶
func (e *PermissionDiscover) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type PodAttach ¶
type PodAttach struct {
BaseEdge
}
func (*PodAttach) Stream ¶
func (e *PodAttach) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type PodCreate ¶
type PodCreate struct {
BaseEdge
}
func (*PodCreate) Stream ¶
func (e *PodCreate) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that have pod/create or equivalent wildcard permissions.
func (*PodCreate) Traversal ¶
func (e *PodCreate) Traversal() types.EdgeTraversal
type PodExec ¶
type PodExec struct {
BaseEdge
}
func (*PodExec) Stream ¶
func (e *PodExec) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that are NOT namespaced and have pod/exec or equivalent wildcard permissions.
func (*PodExec) Traversal ¶
func (e *PodExec) Traversal() types.EdgeTraversal
type PodExecNamespace ¶
type PodExecNamespace struct {
BaseEdge
}
func (*PodExecNamespace) Label ¶
func (e *PodExecNamespace) Label() string
func (*PodExecNamespace) Name ¶
func (e *PodExecNamespace) Name() string
func (*PodExecNamespace) Processor ¶
func (e *PodExecNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*PodExecNamespace) Stream ¶
func (e *PodExecNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that are namespaced and have pod/exec or equivalent wildcard permissions and matching pods. Matching pods are defined as all pods that share the role namespace or non-namespaced pods.
type PodPatch ¶
type PodPatch struct {
BaseEdge
}
func (*PodPatch) Stream ¶
func (e *PodPatch) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that have pod/patch or equivalent wildcard permissions.
func (*PodPatch) Traversal ¶
func (e *PodPatch) Traversal() types.EdgeTraversal
type PodPatchNamespace ¶
type PodPatchNamespace struct {
BaseEdge
}
func (*PodPatchNamespace) Label ¶
func (e *PodPatchNamespace) Label() string
func (*PodPatchNamespace) Name ¶
func (e *PodPatchNamespace) Name() string
func (*PodPatchNamespace) Processor ¶
func (e *PodPatchNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*PodPatchNamespace) Stream ¶
func (e *PodPatchNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that are namespaced and have pod/exec or equivalent wildcard permissions and matching pods. Matching pods are defined as all pods that share the role namespace or non-namespaced pods.
type RegistrationFlag ¶
type RegistrationFlag uint8
const ( RegisterDefault RegistrationFlag = 1 << iota // Default edge RegisterGraphMutation // Edge can mutate the graph RegisterGraphDependency // Edge has a dependency on default/mutating edges )
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
Registry holds details of edges (i.e attacks) registered in KubeHound.
func (*Registry) Dependent ¶ added in v0.2.2
func (r *Registry) Dependent() map[string]DependentBuilder
Dependent returns the map of registered edge builders with default edge dependencies.
type RoleBindCrbCrCr ¶ added in v1.2.0
type RoleBindCrbCrCr struct {
BaseEdge
}
func (*RoleBindCrbCrCr) Label ¶ added in v1.2.0
func (e *RoleBindCrbCrCr) Label() string
func (*RoleBindCrbCrCr) Name ¶ added in v1.2.0
func (e *RoleBindCrbCrCr) Name() string
func (*RoleBindCrbCrCr) Processor ¶ added in v1.2.0
func (e *RoleBindCrbCrCr) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*RoleBindCrbCrCr) Stream ¶ added in v1.2.0
func (e *RoleBindCrbCrCr) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
func (*RoleBindCrbCrCr) Traversal ¶ added in v1.2.0
func (e *RoleBindCrbCrCr) Traversal() types.EdgeTraversal
type RoleBindCrbCrR ¶ added in v1.2.0
type RoleBindCrbCrR struct {
BaseEdge
}
func (*RoleBindCrbCrR) Label ¶ added in v1.2.0
func (e *RoleBindCrbCrR) Label() string
func (*RoleBindCrbCrR) Name ¶ added in v1.2.0
func (e *RoleBindCrbCrR) Name() string
func (*RoleBindCrbCrR) Processor ¶ added in v1.2.0
func (e *RoleBindCrbCrR) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*RoleBindCrbCrR) Stream ¶ added in v1.2.0
func (e *RoleBindCrbCrR) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
func (*RoleBindCrbCrR) Traversal ¶ added in v1.2.0
func (e *RoleBindCrbCrR) Traversal() types.EdgeTraversal
type RoleBindRbRbR ¶ added in v1.2.0
type RoleBindRbRbR struct {
BaseEdge
}
func (*RoleBindRbRbR) Label ¶ added in v1.2.0
func (e *RoleBindRbRbR) Label() string
func (*RoleBindRbRbR) Name ¶ added in v1.2.0
func (e *RoleBindRbRbR) Name() string
func (*RoleBindRbRbR) Processor ¶ added in v1.2.0
func (e *RoleBindRbRbR) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*RoleBindRbRbR) Stream ¶ added in v1.2.0
func (e *RoleBindRbRbR) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type SharePSNamespace ¶ added in v0.2.2
type SharePSNamespace struct {
}func (*SharePSNamespace) Label ¶ added in v0.2.2
func (e *SharePSNamespace) Label() string
func (*SharePSNamespace) Name ¶ added in v0.2.2
func (e *SharePSNamespace) Name() string
func (*SharePSNamespace) Processor ¶ added in v0.2.2
func (e *SharePSNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
Processor delegates the processing tasks to the generic containerEscapeProcessor.
func (*SharePSNamespace) Stream ¶ added in v0.2.2
func (e *SharePSNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type TokenBruteforce ¶
type TokenBruteforce struct {
BaseEdge
}
func (*TokenBruteforce) BatchSize ¶
func (e *TokenBruteforce) BatchSize() int
func (*TokenBruteforce) Label ¶
func (e *TokenBruteforce) Label() string
func (*TokenBruteforce) Name ¶
func (e *TokenBruteforce) Name() string
func (*TokenBruteforce) Processor ¶
func (e *TokenBruteforce) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*TokenBruteforce) Stream ¶
func (e *TokenBruteforce) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that are NOT namespaced and have secrets/get or equivalent wildcard permissions.
func (*TokenBruteforce) Traversal ¶
func (e *TokenBruteforce) Traversal() types.EdgeTraversal
type TokenBruteforceNamespace ¶
type TokenBruteforceNamespace struct {
BaseEdge
}
func (*TokenBruteforceNamespace) Label ¶
func (e *TokenBruteforceNamespace) Label() string
func (*TokenBruteforceNamespace) Name ¶
func (e *TokenBruteforceNamespace) Name() string
func (*TokenBruteforceNamespace) Processor ¶
func (e *TokenBruteforceNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*TokenBruteforceNamespace) Stream ¶
func (e *TokenBruteforceNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that are namespaced and have secrets/get or equivalent wildcard permissions and matching identities. Matching identities are defined as namespaced identities that share the role namespace or non-namespaced identities.
type TokenList ¶
type TokenList struct {
BaseEdge
}
func (*TokenList) Stream ¶
func (e *TokenList) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that are NOT namespaced and have secrets/list or equivalent wildcard permissions.
func (*TokenList) Traversal ¶
func (e *TokenList) Traversal() types.EdgeTraversal
type TokenListNamespace ¶
type TokenListNamespace struct {
BaseEdge
}
func (*TokenListNamespace) Label ¶
func (e *TokenListNamespace) Label() string
func (*TokenListNamespace) Name ¶
func (e *TokenListNamespace) Name() string
func (*TokenListNamespace) Processor ¶
func (e *TokenListNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*TokenListNamespace) Stream ¶
func (e *TokenListNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that are namespaced and have secrets/list or equivalent wildcard permissions and matching identities. Matching identities are defined as namespaced identities that share the role namespace or non-namespaced identities.
type TokenSteal ¶
type TokenSteal struct {
BaseEdge
}
func (*TokenSteal) Label ¶
func (e *TokenSteal) Label() string
func (*TokenSteal) Name ¶
func (e *TokenSteal) Name() string
func (*TokenSteal) Processor ¶
func (e *TokenSteal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*TokenSteal) Stream ¶
func (e *TokenSteal) Stream(ctx context.Context, sdb storedb.Provider, c cache.CacheReader, process types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type VolumeAccess ¶
type VolumeAccess struct {
BaseEdge
}
func (*VolumeAccess) Label ¶
func (e *VolumeAccess) Label() string
func (*VolumeAccess) Name ¶
func (e *VolumeAccess) Name() string
func (*VolumeAccess) Processor ¶
func (e *VolumeAccess) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*VolumeAccess) Stream ¶
func (e *VolumeAccess) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type VolumeDiscover ¶
type VolumeDiscover struct {
BaseEdge
}
func (*VolumeDiscover) Label ¶
func (e *VolumeDiscover) Label() string
func (*VolumeDiscover) Name ¶
func (e *VolumeDiscover) Name() string
func (*VolumeDiscover) Processor ¶
func (e *VolumeDiscover) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*VolumeDiscover) Stream ¶
func (e *VolumeDiscover) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Source Files ¶
- base.go
- base_container_escape.go
- builder.go
- container_attach.go
- endpoint_exploit_external.go
- endpoint_exploit_internal.go
- escape_module_load.go
- escape_nsenter.go
- escape_priv_mount.go
- escape_sys_ptrace.go
- escape_umh_core_pattern.go
- escape_var_log_symlink.go
- exploit_host_read.go
- exploit_host_traverse_token.go
- exploit_host_write.go
- identity_assume_container.go
- identity_assume_node.go
- permission_discover.go
- pod_attach.go
- pod_create.go
- pod_exec.go
- pod_exec_namespace.go
- pod_patch.go
- pod_patch_namespace.go
- registry.go
- role_bind.go
- role_bind_crb_cr_cr.go
- role_bind_crb_cr_r.go
- role_bind_rb_rb_r.go
- share_ps_namespace.go
- token_bruteforce.go
- token_bruteforce_namespace.go
- token_list.go
- token_list_namespace.go
- token_steal.go
- volume_access.go
- volume_discover.go