edge

package
v1.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 25, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ClusterRoleBindName = "RoleBindClusteRoleBindingbClusterRoleClusterRole"
)
View Source 
const (
	RoleBindCrbCrRName = "RoleBindClusteRoleBindingbClusterRoleRole"
)
View Source 
const (
	RoleBindLabel = "ROLE_BIND"
)
View Source 
const (
	RoleBindspaceName = "RoleBindRoleBindingbRoleBindingRole"
)

Variables

View Source 
var P = gremlin.P
View Source 
var SafeWriteMountList = bson.A{
	"/var/run/datadog-agent",
	"/etc/datadog-agent",
	"/etc/datadog-agent/auth",
	"/opt/datadog-agent/run",
	"/etc/datadog",
	"/run/xtables\\.lock",
	"/opt/datadog/heapdumps",
	"/var/datadog/dumps",
	primitive.Regex{Pattern: "^/mnt/disks"},
	primitive.Regex{Pattern: "^/sys/kernel/debug"},
	primitive.Regex{Pattern: "^/tmp?.*"},
	primitive.Regex{Pattern: "^/var/run/.*"},
	primitive.Regex{Pattern: "^/mnt/.*"},
	primitive.Regex{Pattern: "^/var/lib/datadog-agent/.*"},
	primitive.Regex{Pattern: "^/var/tmp/datadog-agent/.*"},
	primitive.Regex{Pattern: "^/run/udev"},
	primitive.Regex{Pattern: "^/lib/udev"},
	primitive.Regex{Pattern: "^/etc/udev"},
	primitive.Regex{Pattern: "^/data/[a-zA-Z0-9\\-]*/shared"},
}

SafeWriteMountList represent common safe mounts that are deemed not exploitable. Paths are normalized by K8s to remove the trailing slash.

View Source 
var TokenMountList = bson.A{
	"/",
	"/var",
	"/var/lib",
	"/var/lib/kubelet",
	"/var/lib/kubelet/pods",
	primitive.Regex{Pattern: "^/var/lib/kubelet/pods/.*"},
}

TokenMountList represent ounts that grant access to the pod service account tokens that reside in /var/lib/kubelet/pods/<uid>/volumes/kubernetes.io~projected/<name>/. Paths are normalized by K8s to remove the trailing slash.

View Source 
var UnsafeReadMountlist = bson.A{
	"/",
	"/home",
	primitive.Regex{Pattern: "^/home/[a-zA-Z0-9]*/\\.ssh$"},
	"/root",
	"/root/.ssh",
	"/proc",
	"/etc",
}

UnsafeReadMountlist represents dangerous mounts that can be abused to read secrets granting execution on the host. Paths are normalized by K8s to remove the trailing slash.

Functions

func Register 

func Register(edge Builder, flags RegistrationFlag)

Register loads the provided edge into the registry.

Types

type BaseContainerEscape 

type BaseContainerEscape struct {
	BaseEdge
}

func (*BaseContainerEscape) Traversal 

func (e *BaseContainerEscape) Traversal() types.EdgeTraversal

type BaseEdge 

type BaseEdge struct {
	// contains filtered or unexported fields
}

func (*BaseEdge) BatchSize 

func (e *BaseEdge) BatchSize() int

func (*BaseEdge) Initialize 

func (e *BaseEdge) Initialize(cfg *config.EdgeBuilderConfig, runtime *config.DynamicConfig) error

func (*BaseEdge) Traversal 

func (e *BaseEdge) Traversal() types.EdgeTraversal

type Builder 

type Builder interface {
	// Initialize intializes an edge builder from the application config
	Initialize(cfg *config.EdgeBuilderConfig, runtime *config.DynamicConfig) error

	// Name returns the unique name for the edge builder. This must be unique.
	Name() string

	// Label returns the label for the edge (convention is all uppercase i.e EDGE_NAME).
	Label() string

	// BatchSize returns the batch size of bulk inserts (and threshold for triggering a flush).
	BatchSize() int

	// Traversal returns a graph traversal function that enables creating edges from an input array of TraversalInput objects.
	Traversal() types.EdgeTraversal

	// Processor transforms an object queued for writing to a format suitable for consumption by the Traversal function.
	Processor(context.Context, *converter.ObjectIDConverter, any) (any, error)

	// Stream will query the store db for the data required to create an edge and stream to graph DB via callbacks.
	// Each query result is encapsulated within an DataContainer and transformed to a TraversalInput via a call to
	// the edge's Processor function. Invoking the complete callback signals the end of the stream.
	Stream(ctx context.Context, store storedb.Provider, cache cache.CacheReader,
		process types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
}

type ContainerAttach 

type ContainerAttach struct {
	BaseEdge
}

func (*ContainerAttach) Label 

func (e *ContainerAttach) Label() string

func (*ContainerAttach) Name 

func (e *ContainerAttach) Name() string

func (*ContainerAttach) Processor 

func (e *ContainerAttach) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*ContainerAttach) Stream 

func (e *ContainerAttach) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

func (*ContainerAttach) Traversal 

func (e *ContainerAttach) Traversal() types.EdgeTraversal

type DependentBuilder added in v0.2.2 

type DependentBuilder interface {
	Builder

	// Dependencies returns the edge labels of all dependencies.
	Dependencies() []string
}

DependentBuilder interface defines objects used to construct edges with dependencies on other edges in the graph. Dependent edges are built last and their dependencies cannot be dependent edges themselves.

type EndpointExploitExternal 

type EndpointExploitExternal struct {
	BaseEdge
}

func (*EndpointExploitExternal) Label 

func (e *EndpointExploitExternal) Label() string

func (*EndpointExploitExternal) Name 

func (e *EndpointExploitExternal) Name() string

func (*EndpointExploitExternal) Processor 

func (e *EndpointExploitExternal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*EndpointExploitExternal) Stream 

func (e *EndpointExploitExternal) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type EndpointExploitInternal 

type EndpointExploitInternal struct {
	BaseEdge
}

func (*EndpointExploitInternal) Label 

func (e *EndpointExploitInternal) Label() string

func (*EndpointExploitInternal) Name 

func (e *EndpointExploitInternal) Name() string

func (*EndpointExploitInternal) Processor 

func (e *EndpointExploitInternal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*EndpointExploitInternal) Stream 

func (e *EndpointExploitInternal) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type EscapeModuleLoad 

type EscapeModuleLoad struct {
	BaseContainerEscape
}

func (*EscapeModuleLoad) Label 

func (e *EscapeModuleLoad) Label() string

func (*EscapeModuleLoad) Name 

func (e *EscapeModuleLoad) Name() string

func (*EscapeModuleLoad) Processor 

func (e *EscapeModuleLoad) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

Processor delegates the processing tasks to the generic containerEscapeProcessor.

func (*EscapeModuleLoad) Stream 

func (e *EscapeModuleLoad) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type EscapeNsenter 

type EscapeNsenter struct {
	BaseContainerEscape
}

func (*EscapeNsenter) Label 

func (e *EscapeNsenter) Label() string

func (*EscapeNsenter) Name 

func (e *EscapeNsenter) Name() string

func (*EscapeNsenter) Processor 

func (e *EscapeNsenter) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

Processor delegates the processing tasks to the generic containerEscapeProcessor.

func (*EscapeNsenter) Stream 

func (e *EscapeNsenter) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type EscapePrivMount 

type EscapePrivMount struct {
	BaseContainerEscape
}

func (*EscapePrivMount) Label 

func (e *EscapePrivMount) Label() string

func (*EscapePrivMount) Name 

func (e *EscapePrivMount) Name() string

func (*EscapePrivMount) Processor 

func (e *EscapePrivMount) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

Processor delegates the processing tasks to the generic containerEscapeProcessor.

func (*EscapePrivMount) Stream 

func (e *EscapePrivMount) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type EscapeSysPtrace 

type EscapeSysPtrace struct {
	BaseContainerEscape
}

func (*EscapeSysPtrace) Label 

func (e *EscapeSysPtrace) Label() string

func (*EscapeSysPtrace) Name 

func (e *EscapeSysPtrace) Name() string

func (*EscapeSysPtrace) Processor 

func (e *EscapeSysPtrace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

Processor delegates the processing tasks to the generic containerEscapeProcessor.

func (*EscapeSysPtrace) Stream 

func (e *EscapeSysPtrace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type EscapeVarLogSymlink struct {
	BaseContainerEscape
}

func (*EscapeVarLogSymlink) Dependencies added in v1.1.0 

func (e *EscapeVarLogSymlink) Dependencies() []string

List of needed edges to run the traversal query

func (*EscapeVarLogSymlink) Label added in v1.1.0 

func (e *EscapeVarLogSymlink) Label() string

func (*EscapeVarLogSymlink) Name added in v1.1.0 

func (e *EscapeVarLogSymlink) Name() string

func (*EscapeVarLogSymlink) Processor added in v1.1.0 

func (e *EscapeVarLogSymlink) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*EscapeVarLogSymlink) Stream added in v1.1.0 

func (e *EscapeVarLogSymlink) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

func (*EscapeVarLogSymlink) Traversal added in v1.1.0 

func (e *EscapeVarLogSymlink) Traversal() types.EdgeTraversal

type ExploitHostRead 

type ExploitHostRead struct {
	BaseEdge
}

func (*ExploitHostRead) Label 

func (e *ExploitHostRead) Label() string

func (*ExploitHostRead) Name 

func (e *ExploitHostRead) Name() string

func (*ExploitHostRead) Processor 

func (e *ExploitHostRead) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*ExploitHostRead) Stream 

func (e *ExploitHostRead) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type ExploitHostTraverse 

type ExploitHostTraverse struct {
	BaseEdge
}

func (*ExploitHostTraverse) Label 

func (e *ExploitHostTraverse) Label() string

func (*ExploitHostTraverse) Name 

func (e *ExploitHostTraverse) Name() string

func (*ExploitHostTraverse) Processor 

func (e *ExploitHostTraverse) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*ExploitHostTraverse) Stream 

func (e *ExploitHostTraverse) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	process types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type ExploitHostWrite 

type ExploitHostWrite struct {
	BaseEdge
}

func (*ExploitHostWrite) Label 

func (e *ExploitHostWrite) Label() string

func (*ExploitHostWrite) Name 

func (e *ExploitHostWrite) Name() string

func (*ExploitHostWrite) Processor 

func (e *ExploitHostWrite) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*ExploitHostWrite) Stream 

func (e *ExploitHostWrite) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type IdentityAssumeContainer 

type IdentityAssumeContainer struct {
	BaseEdge
}

func (*IdentityAssumeContainer) Label 

func (e *IdentityAssumeContainer) Label() string

func (*IdentityAssumeContainer) Name 

func (e *IdentityAssumeContainer) Name() string

func (*IdentityAssumeContainer) Processor 

func (e *IdentityAssumeContainer) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*IdentityAssumeContainer) Stream 

func (e *IdentityAssumeContainer) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type IdentityAssumeNode 

type IdentityAssumeNode struct {
	BaseEdge
}

func (*IdentityAssumeNode) Label 

func (e *IdentityAssumeNode) Label() string

func (*IdentityAssumeNode) Name 

func (e *IdentityAssumeNode) Name() string

func (*IdentityAssumeNode) Processor 

func (e *IdentityAssumeNode) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*IdentityAssumeNode) Stream 

func (e *IdentityAssumeNode) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type PermissionDiscover 

type PermissionDiscover struct {
	BaseEdge
}

func (*PermissionDiscover) Label 

func (e *PermissionDiscover) Label() string

func (*PermissionDiscover) Name 

func (e *PermissionDiscover) Name() string

func (*PermissionDiscover) Processor 

func (e *PermissionDiscover) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*PermissionDiscover) Stream 

func (e *PermissionDiscover) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type PodAttach 

type PodAttach struct {
	BaseEdge
}

func (*PodAttach) Label 

func (e *PodAttach) Label() string

func (*PodAttach) Name 

func (e *PodAttach) Name() string

func (*PodAttach) Processor 

func (e *PodAttach) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*PodAttach) Stream 

func (e *PodAttach) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type PodCreate 

type PodCreate struct {
	BaseEdge
}

func (*PodCreate) BatchSize 

func (e *PodCreate) BatchSize() int

func (*PodCreate) Label 

func (e *PodCreate) Label() string

func (*PodCreate) Name 

func (e *PodCreate) Name() string

func (*PodCreate) Processor 

func (e *PodCreate) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*PodCreate) Stream 

func (e *PodCreate) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that have pod/create or equivalent wildcard permissions.

func (*PodCreate) Traversal 

func (e *PodCreate) Traversal() types.EdgeTraversal

type PodExec 

type PodExec struct {
	BaseEdge
}

func (*PodExec) BatchSize 

func (e *PodExec) BatchSize() int

func (*PodExec) Label 

func (e *PodExec) Label() string

func (*PodExec) Name 

func (e *PodExec) Name() string

func (*PodExec) Processor 

func (e *PodExec) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*PodExec) Stream 

func (e *PodExec) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that are NOT namespaced and have pod/exec or equivalent wildcard permissions.

func (*PodExec) Traversal 

func (e *PodExec) Traversal() types.EdgeTraversal

type PodExecNamespace 

type PodExecNamespace struct {
	BaseEdge
}

func (*PodExecNamespace) Label 

func (e *PodExecNamespace) Label() string

func (*PodExecNamespace) Name 

func (e *PodExecNamespace) Name() string

func (*PodExecNamespace) Processor 

func (e *PodExecNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*PodExecNamespace) Stream 

func (e *PodExecNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that are namespaced and have pod/exec or equivalent wildcard permissions and matching pods. Matching pods are defined as all pods that share the role namespace or non-namespaced pods.

type PodPatch 

type PodPatch struct {
	BaseEdge
}

func (*PodPatch) BatchSize 

func (e *PodPatch) BatchSize() int

func (*PodPatch) Label 

func (e *PodPatch) Label() string

func (*PodPatch) Name 

func (e *PodPatch) Name() string

func (*PodPatch) Processor 

func (e *PodPatch) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*PodPatch) Stream 

func (e *PodPatch) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that have pod/patch or equivalent wildcard permissions.

func (*PodPatch) Traversal 

func (e *PodPatch) Traversal() types.EdgeTraversal

type PodPatchNamespace 

type PodPatchNamespace struct {
	BaseEdge
}

func (*PodPatchNamespace) Label 

func (e *PodPatchNamespace) Label() string

func (*PodPatchNamespace) Name 

func (e *PodPatchNamespace) Name() string

func (*PodPatchNamespace) Processor 

func (e *PodPatchNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*PodPatchNamespace) Stream 

func (e *PodPatchNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that are namespaced and have pod/exec or equivalent wildcard permissions and matching pods. Matching pods are defined as all pods that share the role namespace or non-namespaced pods.

type RegistrationFlag 

type RegistrationFlag uint8
const (
	RegisterDefault         RegistrationFlag = 1 << iota // Default edge
	RegisterGraphMutation                                // Edge can mutate the graph
	RegisterGraphDependency                              // Edge has a dependency on default/mutating edges
)

type Registry 

type Registry struct {
	// contains filtered or unexported fields
}

Registry holds details of edges (i.e attacks) registered in KubeHound.

func Registered 

func Registered() *Registry

Registered returns the edge registry singleton.

func (*Registry) Dependent added in v0.2.2 

func (r *Registry) Dependent() map[string]DependentBuilder

Dependent returns the map of registered edge builders with default edge dependencies.

func (*Registry) Mutating 

func (r *Registry) Mutating() map[string]Builder

Mutating returns the map of registered mutating edge builders.

func (*Registry) Simple 

func (r *Registry) Simple() map[string]Builder

Simple returns the map of registered edge builders.

func (*Registry) Verify added in v0.2.2 

func (r *Registry) Verify() error

Verify verifies the integrity and consistency of the registry. Function should only be called once all edges have been registered via init() calls.

type RoleBindCrbCrCr added in v1.2.0 

type RoleBindCrbCrCr struct {
	BaseEdge
}

func (*RoleBindCrbCrCr) Label added in v1.2.0 

func (e *RoleBindCrbCrCr) Label() string

func (*RoleBindCrbCrCr) Name added in v1.2.0 

func (e *RoleBindCrbCrCr) Name() string

func (*RoleBindCrbCrCr) Processor added in v1.2.0 

func (e *RoleBindCrbCrCr) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*RoleBindCrbCrCr) Stream added in v1.2.0 

func (e *RoleBindCrbCrCr) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

func (*RoleBindCrbCrCr) Traversal added in v1.2.0 

func (e *RoleBindCrbCrCr) Traversal() types.EdgeTraversal

type RoleBindCrbCrR added in v1.2.0 

type RoleBindCrbCrR struct {
	BaseEdge
}

func (*RoleBindCrbCrR) Label added in v1.2.0 

func (e *RoleBindCrbCrR) Label() string

func (*RoleBindCrbCrR) Name added in v1.2.0 

func (e *RoleBindCrbCrR) Name() string

func (*RoleBindCrbCrR) Processor added in v1.2.0 

func (e *RoleBindCrbCrR) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*RoleBindCrbCrR) Stream added in v1.2.0 

func (e *RoleBindCrbCrR) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

func (*RoleBindCrbCrR) Traversal added in v1.2.0 

func (e *RoleBindCrbCrR) Traversal() types.EdgeTraversal

type RoleBindRbRbR added in v1.2.0 

type RoleBindRbRbR struct {
	BaseEdge
}

func (*RoleBindRbRbR) Label added in v1.2.0 

func (e *RoleBindRbRbR) Label() string

func (*RoleBindRbRbR) Name added in v1.2.0 

func (e *RoleBindRbRbR) Name() string

func (*RoleBindRbRbR) Processor added in v1.2.0 

func (e *RoleBindRbRbR) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*RoleBindRbRbR) Stream added in v1.2.0 

func (e *RoleBindRbRbR) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type SharePSNamespace added in v0.2.2 

type SharePSNamespace struct {
	BaseEdge
}

func (*SharePSNamespace) Label added in v0.2.2 

func (e *SharePSNamespace) Label() string

func (*SharePSNamespace) Name added in v0.2.2 

func (e *SharePSNamespace) Name() string

func (*SharePSNamespace) Processor added in v0.2.2 

func (e *SharePSNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

Processor delegates the processing tasks to the generic containerEscapeProcessor.

func (*SharePSNamespace) Stream added in v0.2.2 

func (e *SharePSNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type TokenBruteforce 

type TokenBruteforce struct {
	BaseEdge
}

func (*TokenBruteforce) BatchSize 

func (e *TokenBruteforce) BatchSize() int

func (*TokenBruteforce) Label 

func (e *TokenBruteforce) Label() string

func (*TokenBruteforce) Name 

func (e *TokenBruteforce) Name() string

func (*TokenBruteforce) Processor 

func (e *TokenBruteforce) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*TokenBruteforce) Stream 

func (e *TokenBruteforce) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that are NOT namespaced and have secrets/get or equivalent wildcard permissions.

func (*TokenBruteforce) Traversal 

func (e *TokenBruteforce) Traversal() types.EdgeTraversal

type TokenBruteforceNamespace 

type TokenBruteforceNamespace struct {
	BaseEdge
}

func (*TokenBruteforceNamespace) Label 

func (e *TokenBruteforceNamespace) Label() string

func (*TokenBruteforceNamespace) Name 

func (e *TokenBruteforceNamespace) Name() string

func (*TokenBruteforceNamespace) Processor 

func (e *TokenBruteforceNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*TokenBruteforceNamespace) Stream 

func (e *TokenBruteforceNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that are namespaced and have secrets/get or equivalent wildcard permissions and matching identities. Matching identities are defined as namespaced identities that share the role namespace or non-namespaced identities.

type TokenList 

type TokenList struct {
	BaseEdge
}

func (*TokenList) BatchSize 

func (e *TokenList) BatchSize() int

func (*TokenList) Label 

func (e *TokenList) Label() string

func (*TokenList) Name 

func (e *TokenList) Name() string

func (*TokenList) Processor 

func (e *TokenList) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*TokenList) Stream 

func (e *TokenList) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that are NOT namespaced and have secrets/list or equivalent wildcard permissions.

func (*TokenList) Traversal 

func (e *TokenList) Traversal() types.EdgeTraversal

type TokenListNamespace 

type TokenListNamespace struct {
	BaseEdge
}

func (*TokenListNamespace) Label 

func (e *TokenListNamespace) Label() string

func (*TokenListNamespace) Name 

func (e *TokenListNamespace) Name() string

func (*TokenListNamespace) Processor 

func (e *TokenListNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*TokenListNamespace) Stream 

func (e *TokenListNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that are namespaced and have secrets/list or equivalent wildcard permissions and matching identities. Matching identities are defined as namespaced identities that share the role namespace or non-namespaced identities.

type TokenSteal 

type TokenSteal struct {
	BaseEdge
}

func (*TokenSteal) Label 

func (e *TokenSteal) Label() string

func (*TokenSteal) Name 

func (e *TokenSteal) Name() string

func (*TokenSteal) Processor 

func (e *TokenSteal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*TokenSteal) Stream 

func (e *TokenSteal) Stream(ctx context.Context, sdb storedb.Provider, c cache.CacheReader,
	process types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type VolumeAccess 

type VolumeAccess struct {
	BaseEdge
}

func (*VolumeAccess) Label 

func (e *VolumeAccess) Label() string

func (*VolumeAccess) Name 

func (e *VolumeAccess) Name() string

func (*VolumeAccess) Processor 

func (e *VolumeAccess) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*VolumeAccess) Stream 

func (e *VolumeAccess) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type VolumeDiscover 

type VolumeDiscover struct {
	BaseEdge
}

func (*VolumeDiscover) Label 

func (e *VolumeDiscover) Label() string

func (*VolumeDiscover) Name 

func (e *VolumeDiscover) Name() string

func (*VolumeDiscover) Processor 

func (e *VolumeDiscover) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*VolumeDiscover) Stream 

func (e *VolumeDiscover) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.