Documentation ¶
Index ¶
- Variables
- func Register(edge Builder, flags RegistrationFlag)
- type BaseContainerEscape
- type BaseEdge
- type Builder
- type ContainerAttach
- func (e *ContainerAttach) Label() string
- func (e *ContainerAttach) Name() string
- func (e *ContainerAttach) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *ContainerAttach) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- func (e *ContainerAttach) Traversal() types.EdgeTraversal
- type DependentBuilder
- type EndpointExploitExternal
- func (e *EndpointExploitExternal) Label() string
- func (e *EndpointExploitExternal) Name() string
- func (e *EndpointExploitExternal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *EndpointExploitExternal) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, ...) error
- type EndpointExploitInternal
- func (e *EndpointExploitInternal) Label() string
- func (e *EndpointExploitInternal) Name() string
- func (e *EndpointExploitInternal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *EndpointExploitInternal) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, ...) error
- type EscapeModuleLoad
- func (e *EscapeModuleLoad) Label() string
- func (e *EscapeModuleLoad) Name() string
- func (e *EscapeModuleLoad) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *EscapeModuleLoad) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type EscapeNsenter
- type EscapePrivMount
- func (e *EscapePrivMount) Label() string
- func (e *EscapePrivMount) Name() string
- func (e *EscapePrivMount) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *EscapePrivMount) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type EscapeSysPtrace
- func (e *EscapeSysPtrace) Label() string
- func (e *EscapeSysPtrace) Name() string
- func (e *EscapeSysPtrace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *EscapeSysPtrace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type ExploitHostRead
- func (e *ExploitHostRead) Label() string
- func (e *ExploitHostRead) Name() string
- func (e *ExploitHostRead) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *ExploitHostRead) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type ExploitHostTraverse
- func (e *ExploitHostTraverse) Label() string
- func (e *ExploitHostTraverse) Name() string
- func (e *ExploitHostTraverse) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *ExploitHostTraverse) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, ...) error
- type ExploitHostWrite
- func (e *ExploitHostWrite) Label() string
- func (e *ExploitHostWrite) Name() string
- func (e *ExploitHostWrite) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *ExploitHostWrite) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type IdentityAssumeContainer
- func (e *IdentityAssumeContainer) Label() string
- func (e *IdentityAssumeContainer) Name() string
- func (e *IdentityAssumeContainer) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *IdentityAssumeContainer) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type IdentityAssumeNode
- func (e *IdentityAssumeNode) Label() string
- func (e *IdentityAssumeNode) Name() string
- func (e *IdentityAssumeNode) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *IdentityAssumeNode) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, ...) error
- type PermissionDiscover
- func (e *PermissionDiscover) Label() string
- func (e *PermissionDiscover) Name() string
- func (e *PermissionDiscover) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *PermissionDiscover) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, ...) error
- type PodAttach
- type PodCreate
- func (e *PodCreate) BatchSize() int
- func (e *PodCreate) Label() string
- func (e *PodCreate) Name() string
- func (e *PodCreate) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *PodCreate) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- func (e *PodCreate) Traversal() types.EdgeTraversal
- type PodExec
- func (e *PodExec) BatchSize() int
- func (e *PodExec) Label() string
- func (e *PodExec) Name() string
- func (e *PodExec) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *PodExec) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- func (e *PodExec) Traversal() types.EdgeTraversal
- type PodExecNamespace
- func (e *PodExecNamespace) Label() string
- func (e *PodExecNamespace) Name() string
- func (e *PodExecNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *PodExecNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type PodPatch
- func (e *PodPatch) BatchSize() int
- func (e *PodPatch) Label() string
- func (e *PodPatch) Name() string
- func (e *PodPatch) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *PodPatch) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- func (e *PodPatch) Traversal() types.EdgeTraversal
- type PodPatchNamespace
- func (e *PodPatchNamespace) Label() string
- func (e *PodPatchNamespace) Name() string
- func (e *PodPatchNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *PodPatchNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type RegistrationFlag
- type Registry
- type SharePSNamespace
- func (e *SharePSNamespace) Label() string
- func (e *SharePSNamespace) Name() string
- func (e *SharePSNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *SharePSNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type TokenBruteforce
- func (e *TokenBruteforce) BatchSize() int
- func (e *TokenBruteforce) Label() string
- func (e *TokenBruteforce) Name() string
- func (e *TokenBruteforce) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *TokenBruteforce) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- func (e *TokenBruteforce) Traversal() types.EdgeTraversal
- type TokenBruteforceNamespace
- func (e *TokenBruteforceNamespace) Label() string
- func (e *TokenBruteforceNamespace) Name() string
- func (e *TokenBruteforceNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *TokenBruteforceNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type TokenList
- func (e *TokenList) BatchSize() int
- func (e *TokenList) Label() string
- func (e *TokenList) Name() string
- func (e *TokenList) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *TokenList) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- func (e *TokenList) Traversal() types.EdgeTraversal
- type TokenListNamespace
- func (e *TokenListNamespace) Label() string
- func (e *TokenListNamespace) Name() string
- func (e *TokenListNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *TokenListNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
- type TokenSteal
- type VolumeAccess
- type VolumeDiscover
- func (e *VolumeDiscover) Label() string
- func (e *VolumeDiscover) Name() string
- func (e *VolumeDiscover) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
- func (e *VolumeDiscover) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, ...) error
Constants ¶
This section is empty.
Variables ¶
var P = gremlin.P
var SafeWriteMountList = []primitive.Regex{
{Pattern: "^/var/run/datadog-agent$"},
{Pattern: "^/etc/datadog-agent$"},
{Pattern: "^/etc/datadog-agent/auth$"},
{Pattern: "^/etc/datadog$"},
{Pattern: "^/run/xtables\\.lock$"},
{Pattern: "^/mnt/disks"},
{Pattern: "^/opt/datadog-agent/run"},
{Pattern: "^/sys/kernel/debug"},
{Pattern: "^/tmp?.*"},
{Pattern: "^/var/run/.*"},
{Pattern: "^/mnt/.*"},
{Pattern: "^/mnt/.*"},
{Pattern: "^/var/lib/datadog-agent/.*"},
{Pattern: "^/var/tmp/datadog-agent/.*"},
{Pattern: "^/run/udev"},
{Pattern: "^/lib/udev"},
{Pattern: "^/etc/udev"},
{Pattern: "^/data/[a-zA-Z0-9\\-]*/shared"},
{Pattern: "^/opt/datadog/heapdumps"},
{Pattern: "^/var/datadog/dumps"},
}
Common safe mounts that are deemed not exploitable
var TokenMountList = []primitive.Regex{
{Pattern: "^/$"},
{Pattern: "^/var$"},
{Pattern: "^/var/lib$"},
{Pattern: "^/var/lib/kubelet$"},
{Pattern: "^/var/lib/kubelet/pods$"},
{Pattern: "^/var/lib/kubelet/pods/.*"},
}
Mounts that grant access to the pod service account tokens that reside in /var/lib/kubelet/pods/<uid>/volumes/kubernetes.io~projected/<name>/
var UnsafeReadMountlist = []primitive.Regex{
{Pattern: "^/$"},
{Pattern: "^/home$"},
{Pattern: "^/home/[a-zA-Z0-9]*/\\.ssh"},
{Pattern: "^/root$"},
{Pattern: "^/root/\\.ssh"},
{Pattern: "^/proc$"},
{Pattern: "^/etc$"},
}
Dangerous mounts that can be abused to read secrets granting execution on the host
Functions ¶
func Register ¶
func Register(edge Builder, flags RegistrationFlag)
Register loads the provided edge into the registry.
Types ¶
type BaseContainerEscape ¶
type BaseContainerEscape struct {
BaseEdge
}
func (*BaseContainerEscape) Traversal ¶
func (e *BaseContainerEscape) Traversal() types.EdgeTraversal
type BaseEdge ¶
type BaseEdge struct {
// contains filtered or unexported fields
}
func (*BaseEdge) Initialize ¶
func (e *BaseEdge) Initialize(cfg *config.EdgeBuilderConfig) error
func (*BaseEdge) Traversal ¶
func (e *BaseEdge) Traversal() types.EdgeTraversal
type Builder ¶
type Builder interface { // Initialize intializes an edge builder from the application config Initialize(cfg *config.EdgeBuilderConfig) error // Name returns the unique name for the edge builder. This must be unique. Name() string // Label returns the label for the edge (convention is all uppercase i.e EDGE_NAME). Label() string // BatchSize returns the batch size of bulk inserts (and threshold for triggering a flush). BatchSize() int // Traversal returns a graph traversal function that enables creating edges from an input array of TraversalInput objects. Traversal() types.EdgeTraversal // Processor transforms an object queued for writing to a format suitable for consumption by the Traversal function. Processor(context.Context, *converter.ObjectIDConverter, any) (any, error) // Stream will query the store db for the data required to create an edge and stream to graph DB via callbacks. // Each query result is encapsulated within an DataContainer and transformed to a TraversalInput via a call to // the edge's Processor function. Invoking the complete callback signals the end of the stream. Stream(ctx context.Context, store storedb.Provider, cache cache.CacheReader, process types.ProcessEntryCallback, complete types.CompleteQueryCallback) error }
type ContainerAttach ¶
type ContainerAttach struct {
BaseEdge
}
func (*ContainerAttach) Label ¶
func (e *ContainerAttach) Label() string
func (*ContainerAttach) Name ¶
func (e *ContainerAttach) Name() string
func (*ContainerAttach) Processor ¶
func (e *ContainerAttach) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*ContainerAttach) Stream ¶
func (e *ContainerAttach) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
func (*ContainerAttach) Traversal ¶
func (e *ContainerAttach) Traversal() types.EdgeTraversal
type DependentBuilder ¶ added in v0.2.2
type DependentBuilder interface { Builder // Dependencies returns the edge labels of all dependencies. Dependencies() []string }
DependentBuilder interface defines objects used to construct edges with dependencies on other edges in the graph. Dependent edges are built last and their dependencies cannot be dependent edges themselves.
type EndpointExploitExternal ¶
type EndpointExploitExternal struct {
BaseEdge
}
func (*EndpointExploitExternal) Label ¶
func (e *EndpointExploitExternal) Label() string
func (*EndpointExploitExternal) Name ¶
func (e *EndpointExploitExternal) Name() string
func (*EndpointExploitExternal) Processor ¶
func (e *EndpointExploitExternal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*EndpointExploitExternal) Stream ¶
func (e *EndpointExploitExternal) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type EndpointExploitInternal ¶
type EndpointExploitInternal struct {
BaseEdge
}
func (*EndpointExploitInternal) Label ¶
func (e *EndpointExploitInternal) Label() string
func (*EndpointExploitInternal) Name ¶
func (e *EndpointExploitInternal) Name() string
func (*EndpointExploitInternal) Processor ¶
func (e *EndpointExploitInternal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*EndpointExploitInternal) Stream ¶
func (e *EndpointExploitInternal) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type EscapeModuleLoad ¶
type EscapeModuleLoad struct {
BaseContainerEscape
}
func (*EscapeModuleLoad) Label ¶
func (e *EscapeModuleLoad) Label() string
func (*EscapeModuleLoad) Name ¶
func (e *EscapeModuleLoad) Name() string
func (*EscapeModuleLoad) Processor ¶
func (e *EscapeModuleLoad) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
Processor delegates the processing tasks to to the generic containerEscapeProcessor.
func (*EscapeModuleLoad) Stream ¶
func (e *EscapeModuleLoad) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type EscapeNsenter ¶
type EscapeNsenter struct {
BaseContainerEscape
}
func (*EscapeNsenter) Label ¶
func (e *EscapeNsenter) Label() string
func (*EscapeNsenter) Name ¶
func (e *EscapeNsenter) Name() string
func (*EscapeNsenter) Processor ¶
func (e *EscapeNsenter) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
Processor delegates the processing tasks to to the generic containerEscapeProcessor.
func (*EscapeNsenter) Stream ¶
func (e *EscapeNsenter) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type EscapePrivMount ¶
type EscapePrivMount struct {
BaseContainerEscape
}
func (*EscapePrivMount) Label ¶
func (e *EscapePrivMount) Label() string
func (*EscapePrivMount) Name ¶
func (e *EscapePrivMount) Name() string
func (*EscapePrivMount) Processor ¶
func (e *EscapePrivMount) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
Processor delegates the processing tasks to to the generic containerEscapeProcessor.
func (*EscapePrivMount) Stream ¶
func (e *EscapePrivMount) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type EscapeSysPtrace ¶
type EscapeSysPtrace struct {
BaseContainerEscape
}
func (*EscapeSysPtrace) Label ¶
func (e *EscapeSysPtrace) Label() string
func (*EscapeSysPtrace) Name ¶
func (e *EscapeSysPtrace) Name() string
func (*EscapeSysPtrace) Processor ¶
func (e *EscapeSysPtrace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
Processor delegates the processing tasks to to the generic containerEscapeProcessor.
func (*EscapeSysPtrace) Stream ¶
func (e *EscapeSysPtrace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type ExploitHostRead ¶
type ExploitHostRead struct {
BaseEdge
}
func (*ExploitHostRead) Label ¶
func (e *ExploitHostRead) Label() string
func (*ExploitHostRead) Name ¶
func (e *ExploitHostRead) Name() string
func (*ExploitHostRead) Processor ¶
func (e *ExploitHostRead) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*ExploitHostRead) Stream ¶
func (e *ExploitHostRead) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type ExploitHostTraverse ¶
type ExploitHostTraverse struct {
BaseEdge
}
func (*ExploitHostTraverse) Label ¶
func (e *ExploitHostTraverse) Label() string
func (*ExploitHostTraverse) Name ¶
func (e *ExploitHostTraverse) Name() string
func (*ExploitHostTraverse) Processor ¶
func (e *ExploitHostTraverse) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*ExploitHostTraverse) Stream ¶
func (e *ExploitHostTraverse) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, process types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type ExploitHostWrite ¶
type ExploitHostWrite struct {
BaseEdge
}
func (*ExploitHostWrite) Label ¶
func (e *ExploitHostWrite) Label() string
func (*ExploitHostWrite) Name ¶
func (e *ExploitHostWrite) Name() string
func (*ExploitHostWrite) Processor ¶
func (e *ExploitHostWrite) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*ExploitHostWrite) Stream ¶
func (e *ExploitHostWrite) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type IdentityAssumeContainer ¶
type IdentityAssumeContainer struct {
BaseEdge
}
func (*IdentityAssumeContainer) Label ¶
func (e *IdentityAssumeContainer) Label() string
func (*IdentityAssumeContainer) Name ¶
func (e *IdentityAssumeContainer) Name() string
func (*IdentityAssumeContainer) Processor ¶
func (e *IdentityAssumeContainer) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*IdentityAssumeContainer) Stream ¶
func (e *IdentityAssumeContainer) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type IdentityAssumeNode ¶
type IdentityAssumeNode struct {
BaseEdge
}
func (*IdentityAssumeNode) Label ¶
func (e *IdentityAssumeNode) Label() string
func (*IdentityAssumeNode) Name ¶
func (e *IdentityAssumeNode) Name() string
func (*IdentityAssumeNode) Processor ¶
func (e *IdentityAssumeNode) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*IdentityAssumeNode) Stream ¶
func (e *IdentityAssumeNode) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type PermissionDiscover ¶
type PermissionDiscover struct {
BaseEdge
}
func (*PermissionDiscover) Label ¶
func (e *PermissionDiscover) Label() string
func (*PermissionDiscover) Name ¶
func (e *PermissionDiscover) Name() string
func (*PermissionDiscover) Processor ¶
func (e *PermissionDiscover) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*PermissionDiscover) Stream ¶
func (e *PermissionDiscover) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type PodAttach ¶
type PodAttach struct {
BaseEdge
}
func (*PodAttach) Stream ¶
func (e *PodAttach) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type PodCreate ¶
type PodCreate struct {
BaseEdge
}
func (*PodCreate) Stream ¶
func (e *PodCreate) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that have pod/create or equivalent wildcard permissions.
func (*PodCreate) Traversal ¶
func (e *PodCreate) Traversal() types.EdgeTraversal
type PodExec ¶
type PodExec struct {
BaseEdge
}
func (*PodExec) Stream ¶
func (e *PodExec) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that are NOT namespaced and have pod/exec or equivalent wildcard permissions.
func (*PodExec) Traversal ¶
func (e *PodExec) Traversal() types.EdgeTraversal
type PodExecNamespace ¶
type PodExecNamespace struct {
BaseEdge
}
func (*PodExecNamespace) Label ¶
func (e *PodExecNamespace) Label() string
func (*PodExecNamespace) Name ¶
func (e *PodExecNamespace) Name() string
func (*PodExecNamespace) Processor ¶
func (e *PodExecNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*PodExecNamespace) Stream ¶
func (e *PodExecNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that are namespaced and have pod/exec or equivalent wildcard permissions and matching pods. Matching pods are defined as all pods that share the role namespace or non-namespaced pods.
type PodPatch ¶
type PodPatch struct {
BaseEdge
}
func (*PodPatch) Stream ¶
func (e *PodPatch) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that have pod/patch or equivalent wildcard permissions.
func (*PodPatch) Traversal ¶
func (e *PodPatch) Traversal() types.EdgeTraversal
type PodPatchNamespace ¶
type PodPatchNamespace struct {
BaseEdge
}
func (*PodPatchNamespace) Label ¶
func (e *PodPatchNamespace) Label() string
func (*PodPatchNamespace) Name ¶
func (e *PodPatchNamespace) Name() string
func (*PodPatchNamespace) Processor ¶
func (e *PodPatchNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*PodPatchNamespace) Stream ¶
func (e *PodPatchNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that are namespaced and have pod/exec or equivalent wildcard permissions and matching pods. Matching pods are defined as all pods that share the role namespace or non-namespaced pods.
type RegistrationFlag ¶
type RegistrationFlag uint8
const ( RegisterDefault RegistrationFlag = 1 << iota // Default edge RegisterGraphMutation // Edge can mutate the graph RegisterGraphDependency // Edge has a dependency on default/mutating edges )
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
Registry holds details of edges (i.e attacks) registered in KubeHound.
func (*Registry) Dependent ¶ added in v0.2.2
func (r *Registry) Dependent() map[string]DependentBuilder
Dependent returns the map of registered edge builders with default edge dependencies.
type SharePSNamespace ¶ added in v0.2.2
type SharePSNamespace struct {
}func (*SharePSNamespace) Label ¶ added in v0.2.2
func (e *SharePSNamespace) Label() string
func (*SharePSNamespace) Name ¶ added in v0.2.2
func (e *SharePSNamespace) Name() string
func (*SharePSNamespace) Processor ¶ added in v0.2.2
func (e *SharePSNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
Processor delegates the processing tasks to to the generic containerEscapeProcessor.
func (*SharePSNamespace) Stream ¶ added in v0.2.2
func (e *SharePSNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type TokenBruteforce ¶
type TokenBruteforce struct {
BaseEdge
}
func (*TokenBruteforce) BatchSize ¶
func (e *TokenBruteforce) BatchSize() int
func (*TokenBruteforce) Label ¶
func (e *TokenBruteforce) Label() string
func (*TokenBruteforce) Name ¶
func (e *TokenBruteforce) Name() string
func (*TokenBruteforce) Processor ¶
func (e *TokenBruteforce) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*TokenBruteforce) Stream ¶
func (e *TokenBruteforce) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that are NOT namespaced and have secrets/get or equivalent wildcard permissions.
func (*TokenBruteforce) Traversal ¶
func (e *TokenBruteforce) Traversal() types.EdgeTraversal
type TokenBruteforceNamespace ¶
type TokenBruteforceNamespace struct {
BaseEdge
}
func (*TokenBruteforceNamespace) Label ¶
func (e *TokenBruteforceNamespace) Label() string
func (*TokenBruteforceNamespace) Name ¶
func (e *TokenBruteforceNamespace) Name() string
func (*TokenBruteforceNamespace) Processor ¶
func (e *TokenBruteforceNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*TokenBruteforceNamespace) Stream ¶
func (e *TokenBruteforceNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that are namespaced and have secrets/get or equivalent wildcard permissions and matching identities. Matching identities are defined as namespaced identities that share the role namespace or non-namespaced identities.
type TokenList ¶
type TokenList struct {
BaseEdge
}
func (*TokenList) Stream ¶
func (e *TokenList) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that are NOT namespaced and have secrets/list or equivalent wildcard permissions.
func (*TokenList) Traversal ¶
func (e *TokenList) Traversal() types.EdgeTraversal
type TokenListNamespace ¶
type TokenListNamespace struct {
BaseEdge
}
func (*TokenListNamespace) Label ¶
func (e *TokenListNamespace) Label() string
func (*TokenListNamespace) Name ¶
func (e *TokenListNamespace) Name() string
func (*TokenListNamespace) Processor ¶
func (e *TokenListNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*TokenListNamespace) Stream ¶
func (e *TokenListNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Stream finds all roles that are namespaced and have secrets/list or equivalent wildcard permissions and matching identities. Matching identities are defined as namespaced identities that share the role namespace or non-namespaced identities.
type TokenSteal ¶
type TokenSteal struct {
BaseEdge
}
func (*TokenSteal) Label ¶
func (e *TokenSteal) Label() string
func (*TokenSteal) Name ¶
func (e *TokenSteal) Name() string
func (*TokenSteal) Processor ¶
func (e *TokenSteal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*TokenSteal) Stream ¶
func (e *TokenSteal) Stream(ctx context.Context, sdb storedb.Provider, c cache.CacheReader, process types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type VolumeAccess ¶
type VolumeAccess struct {
BaseEdge
}
func (*VolumeAccess) Label ¶
func (e *VolumeAccess) Label() string
func (*VolumeAccess) Name ¶
func (e *VolumeAccess) Name() string
func (*VolumeAccess) Processor ¶
func (e *VolumeAccess) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*VolumeAccess) Stream ¶
func (e *VolumeAccess) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type VolumeDiscover ¶
type VolumeDiscover struct {
BaseEdge
}
func (*VolumeDiscover) Label ¶
func (e *VolumeDiscover) Label() string
func (*VolumeDiscover) Name ¶
func (e *VolumeDiscover) Name() string
func (*VolumeDiscover) Processor ¶
func (e *VolumeDiscover) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)
func (*VolumeDiscover) Stream ¶
func (e *VolumeDiscover) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader, callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
Source Files ¶
- base.go
- base_container_escape.go
- builder.go
- container_attach.go
- endpoint_exploit_external.go
- endpoint_exploit_internal.go
- escape_module_load.go
- escape_nsenter.go
- escape_priv_mount.go
- escape_sys_ptrace.go
- exploit_host_read.go
- exploit_host_traverse_token.go
- exploit_host_write.go
- identity_assume_container.go
- identity_assume_node.go
- permission_discover.go
- pod_attach.go
- pod_create.go
- pod_exec.go
- pod_exec_namespace.go
- pod_patch.go
- pod_patch_namespace.go
- registry.go
- share_ps_namespace.go
- token_bruteforce.go
- token_bruteforce_namespace.go
- token_list.go
- token_list_namespace.go
- token_steal.go
- volume_access.go
- volume_discover.go