edge

package
v1.6.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 28, 2025 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ClusterRoleBindName = "RoleBindClusteRoleBindingbClusterRoleClusterRole"
)
View Source 
const (
	RoleBindCrbCrRName = "RoleBindClusteRoleBindingbClusterRoleRole"
)
View Source 
const (
	RoleBindLabel = "ROLE_BIND"
)
View Source 
const (
	RoleBindspaceName = "RoleBindRoleBindingbRoleBindingRole"
)

Variables

View Source 
var P = gremlin.P
View Source 
var ProcMountList = bson.A{
	"/",
	"/proc",
	"/proc/sys",
	"/proc/sys/kernel",
}
View Source 
var SafeWriteMountList = bson.A{
	"/var/run/datadog-agent",
	"/etc/datadog-agent",
	"/etc/datadog-agent/auth",
	"/opt/datadog-agent/run",
	"/etc/datadog",
	"/run/xtables\\.lock",
	"/opt/datadog/heapdumps",
	"/var/datadog/dumps",
	primitive.Regex{Pattern: "^/mnt/disks"},
	primitive.Regex{Pattern: "^/sys/kernel/debug"},
	primitive.Regex{Pattern: "^/tmp?.*"},
	primitive.Regex{Pattern: "^/var/run/.*"},
	primitive.Regex{Pattern: "^/mnt/.*"},
	primitive.Regex{Pattern: "^/var/lib/datadog-agent/.*"},
	primitive.Regex{Pattern: "^/var/tmp/datadog-agent/.*"},
	primitive.Regex{Pattern: "^/run/udev"},
	primitive.Regex{Pattern: "^/lib/udev"},
	primitive.Regex{Pattern: "^/etc/udev"},
	primitive.Regex{Pattern: "^/data/[a-zA-Z0-9\\-]*/shared"},
}

SafeWriteMountList represent common safe mounts that are deemed not exploitable. Paths are normalized by K8s to remove the trailing slash.

View Source 
var TokenMountList = bson.A{
	"/",
	"/var",
	"/var/lib",
	"/var/lib/kubelet",
	"/var/lib/kubelet/pods",
	primitive.Regex{Pattern: "^/var/lib/kubelet/pods/.*"},
}

TokenMountList represent ounts that grant access to the pod service account tokens that reside in /var/lib/kubelet/pods/<uid>/volumes/kubernetes.io~projected/<name>/. Paths are normalized by K8s to remove the trailing slash.

View Source 
var UnsafeReadMountlist = bson.A{
	"/",
	"/home",
	primitive.Regex{Pattern: "^/home/[a-zA-Z0-9]*/\\.ssh$"},
	"/root",
	"/root/.ssh",
	"/proc",
	"/etc",
}

UnsafeReadMountlist represents dangerous mounts that can be abused to read secrets granting execution on the host. Paths are normalized by K8s to remove the trailing slash.

Functions

func Register 

func Register(edge Builder, flags RegistrationFlag)

Register loads the provided edge into the registry.

Types

type AttckTacticID added in v1.6.4 

type AttckTacticID string

AttckTacticID is the interface for the ATT&CK tactic ID. 

var (
	// AttckTacticUndefined is the undefined ATT&CK tactic.
	AttckTacticUndefined AttckTacticID
	// AttckTacticInitialAccess is the ATT&CK tactic for initial access (TA0001).
	AttckTacticInitialAccess AttckTacticID = "TA0001"
	// AttckTacticExecution is the ATT&CK tactic for execution (TA0002).
	AttckTacticExecution AttckTacticID = "TA0002"
	// AttckTacticPersistence is the ATT&CK tactic for persistence (TA0003).
	AttckTacticPersistence AttckTacticID = "TA0003"
	// AttckTacticPrivilegeEscalation is the ATT&CK tactic for privilege escalation (TA0004).
	AttckTacticPrivilegeEscalation AttckTacticID = "TA0004"
	// AttckTacticCredentialAccess is the ATT&CK tactic for credential access (TA0006).
	AttckTacticCredentialAccess AttckTacticID = "TA0006"
	// AttckTacticDiscovery is the ATT&CK tactic for discovery (TA0007).
	AttckTacticDiscovery AttckTacticID = "TA0007"
	// AttckTacticLateralMovement is the ATT&CK tactic for lateral movement (TA0008).
	AttckTacticLateralMovement AttckTacticID = "TA0008"
)

type AttckTechniqueID added in v1.6.4 

type AttckTechniqueID string

AttckTechniqueID is the interface for the ATT&CK technique ID. 

var (
	// AttckTechniqueUndefined is the undefined ATT&CK technique.
	AttckTechniqueUndefined AttckTechniqueID
	// AttckTechniquePermissionGroupsDiscovery is the ATT&CK technique for permission groups discovery (T1069).
	AttckTechniquePermissionGroupsDiscovery AttckTechniqueID = "T1069"
	// AttckTechniqueValidAccounts is the ATT&CK technique for valid accounts (T1078).
	AttckTechniqueValidAccounts AttckTechniqueID = "T1078"
	// AttckTechniqueTaintedSharedContent is the ATT&CK technique for tainted shared content (T1080).
	AttckTechniqueTaintedSharedContent AttckTechniqueID = "T1080"
	// AttckTechniqueExploitationOfRemoteServices is the ATT&CK technique for exploitation of remote services (T1210).
	AttckTechniqueExploitationOfRemoteServices AttckTechniqueID = "T1210"
	// AttckTechniqueStealApplicationAccessTokens is the ATT&CK technique for stealing application access tokens (T1528).
	AttckTechniqueStealApplicationAccessTokens AttckTechniqueID = "T1528"
	// AttckTechniqueUnsecuredCredentials is the ATT&CK technique for unsecured credentials (T1552).
	AttckTechniqueUnsecuredCredentials AttckTechniqueID = "T1552"
	// AttckTechniqueContainerAdministrationCommand is the ATT&CK technique for container administration command (T1609).
	AttckTechniqueContainerAdministrationCommand AttckTechniqueID = "T1609"
	// AttckTechniqueDeployContainer is the ATT&CK technique for deploying a container (T1610).
	AttckTechniqueDeployContainer AttckTechniqueID = "T1610"
	// AttckTechniqueEscapeToHost is the ATT&CK technique for escaping to the host (T1611).
	AttckTechniqueEscapeToHost AttckTechniqueID = "T1611"
	// AttckTechniqueContainerAndResourceDiscovery is the ATT&CK technique for container and resource discovery (T1613).
	AttckTechniqueContainerAndResourceDiscovery AttckTechniqueID = "T1613"
)

type BaseContainerEscape 

type BaseContainerEscape struct {
	BaseEdge
}

func (*BaseContainerEscape) Traversal 

func (e *BaseContainerEscape) Traversal() types.EdgeTraversal

type BaseEdge 

type BaseEdge struct {
	// contains filtered or unexported fields
}

func (*BaseEdge) BatchSize 

func (e *BaseEdge) BatchSize() int

func (*BaseEdge) Initialize 

func (e *BaseEdge) Initialize(cfg *config.EdgeBuilderConfig, runtime *config.DynamicConfig) error

func (*BaseEdge) Traversal 

func (e *BaseEdge) Traversal() types.EdgeTraversal

type Builder 

type Builder interface {
	// Initialize intializes an edge builder from the application config
	Initialize(cfg *config.EdgeBuilderConfig, runtime *config.DynamicConfig) error

	// Name returns the unique name for the edge builder. This must be unique.
	Name() string

	// Label returns the label for the edge (convention is all uppercase i.e EDGE_NAME).
	Label() string

	// AttckTechniqueID returns the ATT&CK technique ID for the edge.
	AttckTechniqueID() AttckTechniqueID

	// AttckTacticID returns the ATT&CK tactic ID for the edge.
	AttckTacticID() AttckTacticID

	// BatchSize returns the batch size of bulk inserts (and threshold for triggering a flush).
	BatchSize() int

	// Traversal returns a graph traversal function that enables creating edges from an input array of TraversalInput objects.
	Traversal() types.EdgeTraversal

	// Processor transforms an object queued for writing to a format suitable for consumption by the Traversal function.
	Processor(context.Context, *converter.ObjectIDConverter, any) (any, error)

	// Stream will query the store db for the data required to create an edge and stream to graph DB via callbacks.
	// Each query result is encapsulated within an DataContainer and transformed to a TraversalInput via a call to
	// the edge's Processor function. Invoking the complete callback signals the end of the stream.
	Stream(ctx context.Context, store storedb.Provider, cache cache.CacheReader,
		process types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
}

type ContainerAttach 

type ContainerAttach struct {
	BaseEdge
}

func (*ContainerAttach) AttckTacticID added in v1.6.4 

func (e *ContainerAttach) AttckTacticID() AttckTacticID

func (*ContainerAttach) AttckTechniqueID added in v1.6.4 

func (e *ContainerAttach) AttckTechniqueID() AttckTechniqueID

func (*ContainerAttach) Label 

func (e *ContainerAttach) Label() string

func (*ContainerAttach) Name 

func (e *ContainerAttach) Name() string

func (*ContainerAttach) Processor 

func (e *ContainerAttach) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*ContainerAttach) Stream 

func (e *ContainerAttach) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

func (*ContainerAttach) Traversal 

func (e *ContainerAttach) Traversal() types.EdgeTraversal

type DependentBuilder added in v0.2.2 

type DependentBuilder interface {
	Builder

	// Dependencies returns the edge labels of all dependencies.
	Dependencies() []string
}

DependentBuilder interface defines objects used to construct edges with dependencies on other edges in the graph. Dependent edges are built last and their dependencies cannot be dependent edges themselves.

type EndpointExploitExternal 

type EndpointExploitExternal struct {
	BaseEdge
}

func (*EndpointExploitExternal) AttckTacticID added in v1.6.4 

func (e *EndpointExploitExternal) AttckTacticID() AttckTacticID

func (*EndpointExploitExternal) AttckTechniqueID added in v1.6.4 

func (e *EndpointExploitExternal) AttckTechniqueID() AttckTechniqueID

func (*EndpointExploitExternal) Label 

func (e *EndpointExploitExternal) Label() string

func (*EndpointExploitExternal) Name 

func (e *EndpointExploitExternal) Name() string

func (*EndpointExploitExternal) Processor 

func (e *EndpointExploitExternal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*EndpointExploitExternal) Stream 

func (e *EndpointExploitExternal) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type EndpointExploitInternal 

type EndpointExploitInternal struct {
	BaseEdge
}

func (*EndpointExploitInternal) AttckTacticID added in v1.6.4 

func (e *EndpointExploitInternal) AttckTacticID() AttckTacticID

func (*EndpointExploitInternal) AttckTechniqueID added in v1.6.4 

func (e *EndpointExploitInternal) AttckTechniqueID() AttckTechniqueID

func (*EndpointExploitInternal) Label 

func (e *EndpointExploitInternal) Label() string

func (*EndpointExploitInternal) Name 

func (e *EndpointExploitInternal) Name() string

func (*EndpointExploitInternal) Processor 

func (e *EndpointExploitInternal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*EndpointExploitInternal) Stream 

func (e *EndpointExploitInternal) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type EscapeCorePattern added in v1.5.1 

type EscapeCorePattern struct {
	BaseContainerEscape
}

func (*EscapeCorePattern) AttckTacticID added in v1.6.4 

func (e *EscapeCorePattern) AttckTacticID() AttckTacticID

func (*EscapeCorePattern) AttckTechniqueID added in v1.6.4 

func (e *EscapeCorePattern) AttckTechniqueID() AttckTechniqueID

func (*EscapeCorePattern) Label added in v1.5.1 

func (e *EscapeCorePattern) Label() string

func (*EscapeCorePattern) Name added in v1.5.1 

func (e *EscapeCorePattern) Name() string

func (*EscapeCorePattern) Processor added in v1.5.1 

func (e *EscapeCorePattern) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*EscapeCorePattern) Stream added in v1.5.1 

func (e *EscapeCorePattern) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type EscapeModuleLoad 

type EscapeModuleLoad struct {
	BaseContainerEscape
}

func (*EscapeModuleLoad) AttckTacticID added in v1.6.4 

func (e *EscapeModuleLoad) AttckTacticID() AttckTacticID

func (*EscapeModuleLoad) AttckTechniqueID added in v1.6.4 

func (e *EscapeModuleLoad) AttckTechniqueID() AttckTechniqueID

func (*EscapeModuleLoad) Label 

func (e *EscapeModuleLoad) Label() string

func (*EscapeModuleLoad) Name 

func (e *EscapeModuleLoad) Name() string

func (*EscapeModuleLoad) Processor 

func (e *EscapeModuleLoad) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

Processor delegates the processing tasks to the generic containerEscapeProcessor.

func (*EscapeModuleLoad) Stream 

func (e *EscapeModuleLoad) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type EscapeNsenter 

type EscapeNsenter struct {
	BaseContainerEscape
}

func (*EscapeNsenter) AttckTacticID added in v1.6.4 

func (e *EscapeNsenter) AttckTacticID() AttckTacticID

func (*EscapeNsenter) AttckTechniqueID added in v1.6.4 

func (e *EscapeNsenter) AttckTechniqueID() AttckTechniqueID

func (*EscapeNsenter) Label 

func (e *EscapeNsenter) Label() string

func (*EscapeNsenter) Name 

func (e *EscapeNsenter) Name() string

func (*EscapeNsenter) Processor 

func (e *EscapeNsenter) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

Processor delegates the processing tasks to the generic containerEscapeProcessor.

func (*EscapeNsenter) Stream 

func (e *EscapeNsenter) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type EscapePrivMount 

type EscapePrivMount struct {
	BaseContainerEscape
}

func (*EscapePrivMount) AttckTacticID added in v1.6.4 

func (e *EscapePrivMount) AttckTacticID() AttckTacticID

func (*EscapePrivMount) AttckTechniqueID added in v1.6.4 

func (e *EscapePrivMount) AttckTechniqueID() AttckTechniqueID

func (*EscapePrivMount) Label 

func (e *EscapePrivMount) Label() string

func (*EscapePrivMount) Name 

func (e *EscapePrivMount) Name() string

func (*EscapePrivMount) Processor 

func (e *EscapePrivMount) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

Processor delegates the processing tasks to the generic containerEscapeProcessor.

func (*EscapePrivMount) Stream 

func (e *EscapePrivMount) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type EscapeSysPtrace 

type EscapeSysPtrace struct {
	BaseContainerEscape
}

func (*EscapeSysPtrace) AttckTacticID added in v1.6.4 

func (e *EscapeSysPtrace) AttckTacticID() AttckTacticID

func (*EscapeSysPtrace) AttckTechniqueID added in v1.6.4 

func (e *EscapeSysPtrace) AttckTechniqueID() AttckTechniqueID

func (*EscapeSysPtrace) Label 

func (e *EscapeSysPtrace) Label() string

func (*EscapeSysPtrace) Name 

func (e *EscapeSysPtrace) Name() string

func (*EscapeSysPtrace) Processor 

func (e *EscapeSysPtrace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

Processor delegates the processing tasks to the generic containerEscapeProcessor.

func (*EscapeSysPtrace) Stream 

func (e *EscapeSysPtrace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error
type EscapeVarLogSymlink struct {
	BaseContainerEscape
}

func (*EscapeVarLogSymlink) AttckTacticID added in v1.6.4 

func (e *EscapeVarLogSymlink) AttckTacticID() AttckTacticID

func (*EscapeVarLogSymlink) AttckTechniqueID added in v1.6.4 

func (e *EscapeVarLogSymlink) AttckTechniqueID() AttckTechniqueID

func (*EscapeVarLogSymlink) Dependencies added in v1.1.0 

func (e *EscapeVarLogSymlink) Dependencies() []string

List of needed edges to run the traversal query

func (*EscapeVarLogSymlink) Label added in v1.1.0 

func (e *EscapeVarLogSymlink) Label() string

func (*EscapeVarLogSymlink) Name added in v1.1.0 

func (e *EscapeVarLogSymlink) Name() string

func (*EscapeVarLogSymlink) Processor added in v1.1.0 

func (e *EscapeVarLogSymlink) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*EscapeVarLogSymlink) Stream added in v1.1.0 

func (e *EscapeVarLogSymlink) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback,
) error

func (*EscapeVarLogSymlink) Traversal added in v1.1.0 

func (e *EscapeVarLogSymlink) Traversal() types.EdgeTraversal

type ExploitHostRead 

type ExploitHostRead struct {
	BaseEdge
}

func (*ExploitHostRead) AttckTacticID added in v1.6.4 

func (e *ExploitHostRead) AttckTacticID() AttckTacticID

func (*ExploitHostRead) AttckTechniqueID added in v1.6.4 

func (e *ExploitHostRead) AttckTechniqueID() AttckTechniqueID

func (*ExploitHostRead) Label 

func (e *ExploitHostRead) Label() string

func (*ExploitHostRead) Name 

func (e *ExploitHostRead) Name() string

func (*ExploitHostRead) Processor 

func (e *ExploitHostRead) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*ExploitHostRead) Stream 

func (e *ExploitHostRead) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type ExploitHostTraverse 

type ExploitHostTraverse struct {
	BaseEdge
}

func (*ExploitHostTraverse) AttckTacticID added in v1.6.4 

func (e *ExploitHostTraverse) AttckTacticID() AttckTacticID

func (*ExploitHostTraverse) AttckTechniqueID added in v1.6.4 

func (e *ExploitHostTraverse) AttckTechniqueID() AttckTechniqueID

func (*ExploitHostTraverse) Label 

func (e *ExploitHostTraverse) Label() string

func (*ExploitHostTraverse) Name 

func (e *ExploitHostTraverse) Name() string

func (*ExploitHostTraverse) Processor 

func (e *ExploitHostTraverse) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*ExploitHostTraverse) Stream 

func (e *ExploitHostTraverse) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	process types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type ExploitHostWrite 

type ExploitHostWrite struct {
	BaseEdge
}

func (*ExploitHostWrite) AttckTacticID added in v1.6.4 

func (e *ExploitHostWrite) AttckTacticID() AttckTacticID

func (*ExploitHostWrite) AttckTechniqueID added in v1.6.4 

func (e *ExploitHostWrite) AttckTechniqueID() AttckTechniqueID

func (*ExploitHostWrite) Label 

func (e *ExploitHostWrite) Label() string

func (*ExploitHostWrite) Name 

func (e *ExploitHostWrite) Name() string

func (*ExploitHostWrite) Processor 

func (e *ExploitHostWrite) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*ExploitHostWrite) Stream 

func (e *ExploitHostWrite) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type IdentityAssumeContainer 

type IdentityAssumeContainer struct {
	BaseEdge
}

func (*IdentityAssumeContainer) AttckTacticID added in v1.6.4 

func (e *IdentityAssumeContainer) AttckTacticID() AttckTacticID

func (*IdentityAssumeContainer) AttckTechniqueID added in v1.6.4 

func (e *IdentityAssumeContainer) AttckTechniqueID() AttckTechniqueID

func (*IdentityAssumeContainer) Label 

func (e *IdentityAssumeContainer) Label() string

func (*IdentityAssumeContainer) Name 

func (e *IdentityAssumeContainer) Name() string

func (*IdentityAssumeContainer) Processor 

func (e *IdentityAssumeContainer) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*IdentityAssumeContainer) Stream 

func (e *IdentityAssumeContainer) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type IdentityAssumeNode 

type IdentityAssumeNode struct {
	BaseEdge
}

func (*IdentityAssumeNode) AttckTacticID added in v1.6.4 

func (e *IdentityAssumeNode) AttckTacticID() AttckTacticID

func (*IdentityAssumeNode) AttckTechniqueID added in v1.6.4 

func (e *IdentityAssumeNode) AttckTechniqueID() AttckTechniqueID

func (*IdentityAssumeNode) Label 

func (e *IdentityAssumeNode) Label() string

func (*IdentityAssumeNode) Name 

func (e *IdentityAssumeNode) Name() string

func (*IdentityAssumeNode) Processor 

func (e *IdentityAssumeNode) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*IdentityAssumeNode) Stream 

func (e *IdentityAssumeNode) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type PermissionDiscover 

type PermissionDiscover struct {
	BaseEdge
}

func (*PermissionDiscover) AttckTacticID added in v1.6.4 

func (e *PermissionDiscover) AttckTacticID() AttckTacticID

func (*PermissionDiscover) AttckTechniqueID added in v1.6.4 

func (e *PermissionDiscover) AttckTechniqueID() AttckTechniqueID

func (*PermissionDiscover) Label 

func (e *PermissionDiscover) Label() string

func (*PermissionDiscover) Name 

func (e *PermissionDiscover) Name() string

func (*PermissionDiscover) Processor 

func (e *PermissionDiscover) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*PermissionDiscover) Stream 

func (e *PermissionDiscover) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type PodAttach 

type PodAttach struct {
	BaseEdge
}

func (*PodAttach) AttckTacticID added in v1.6.4 

func (e *PodAttach) AttckTacticID() AttckTacticID

func (*PodAttach) AttckTechniqueID added in v1.6.4 

func (e *PodAttach) AttckTechniqueID() AttckTechniqueID

func (*PodAttach) Label 

func (e *PodAttach) Label() string

func (*PodAttach) Name 

func (e *PodAttach) Name() string

func (*PodAttach) Processor 

func (e *PodAttach) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*PodAttach) Stream 

func (e *PodAttach) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type PodCreate 

type PodCreate struct {
	BaseEdge
}

func (*PodCreate) AttckTacticID added in v1.6.4 

func (e *PodCreate) AttckTacticID() AttckTacticID

func (*PodCreate) AttckTechniqueID added in v1.6.4 

func (e *PodCreate) AttckTechniqueID() AttckTechniqueID

func (*PodCreate) BatchSize 

func (e *PodCreate) BatchSize() int

func (*PodCreate) Label 

func (e *PodCreate) Label() string

func (*PodCreate) Name 

func (e *PodCreate) Name() string

func (*PodCreate) Processor 

func (e *PodCreate) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*PodCreate) Stream 

func (e *PodCreate) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that have pod/create or equivalent wildcard permissions.

func (*PodCreate) Traversal 

func (e *PodCreate) Traversal() types.EdgeTraversal

type PodExec 

type PodExec struct {
	BaseEdge
}

func (*PodExec) AttckTacticID added in v1.6.4 

func (e *PodExec) AttckTacticID() AttckTacticID

func (*PodExec) AttckTechniqueID added in v1.6.4 

func (e *PodExec) AttckTechniqueID() AttckTechniqueID

func (*PodExec) BatchSize 

func (e *PodExec) BatchSize() int

func (*PodExec) Label 

func (e *PodExec) Label() string

func (*PodExec) Name 

func (e *PodExec) Name() string

func (*PodExec) Processor 

func (e *PodExec) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*PodExec) Stream 

func (e *PodExec) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that are NOT namespaced and have pod/exec or equivalent wildcard permissions.

func (*PodExec) Traversal 

func (e *PodExec) Traversal() types.EdgeTraversal

type PodExecNamespace 

type PodExecNamespace struct {
	BaseEdge
}

func (*PodExecNamespace) AttckTacticID added in v1.6.4 

func (e *PodExecNamespace) AttckTacticID() AttckTacticID

func (*PodExecNamespace) AttckTechniqueID added in v1.6.4 

func (e *PodExecNamespace) AttckTechniqueID() AttckTechniqueID

func (*PodExecNamespace) Label 

func (e *PodExecNamespace) Label() string

func (*PodExecNamespace) Name 

func (e *PodExecNamespace) Name() string

func (*PodExecNamespace) Processor 

func (e *PodExecNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*PodExecNamespace) Stream 

func (e *PodExecNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that are namespaced and have pod/exec or equivalent wildcard permissions and matching pods. Matching pods are defined as all pods that share the role namespace or non-namespaced pods.

type PodPatch 

type PodPatch struct {
	BaseEdge
}

func (*PodPatch) AttckTacticID added in v1.6.4 

func (e *PodPatch) AttckTacticID() AttckTacticID

func (*PodPatch) AttckTechniqueID added in v1.6.4 

func (e *PodPatch) AttckTechniqueID() AttckTechniqueID

func (*PodPatch) BatchSize 

func (e *PodPatch) BatchSize() int

func (*PodPatch) Label 

func (e *PodPatch) Label() string

func (*PodPatch) Name 

func (e *PodPatch) Name() string

func (*PodPatch) Processor 

func (e *PodPatch) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*PodPatch) Stream 

func (e *PodPatch) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that have pod/patch or equivalent wildcard permissions.

func (*PodPatch) Traversal 

func (e *PodPatch) Traversal() types.EdgeTraversal

type PodPatchNamespace 

type PodPatchNamespace struct {
	BaseEdge
}

func (*PodPatchNamespace) AttckTacticID added in v1.6.4 

func (e *PodPatchNamespace) AttckTacticID() AttckTacticID

func (*PodPatchNamespace) AttckTechniqueID added in v1.6.4 

func (e *PodPatchNamespace) AttckTechniqueID() AttckTechniqueID

func (*PodPatchNamespace) Label 

func (e *PodPatchNamespace) Label() string

func (*PodPatchNamespace) Name 

func (e *PodPatchNamespace) Name() string

func (*PodPatchNamespace) Processor 

func (e *PodPatchNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*PodPatchNamespace) Stream 

func (e *PodPatchNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that are namespaced and have pod/exec or equivalent wildcard permissions and matching pods. Matching pods are defined as all pods that share the role namespace or non-namespaced pods.

type RegistrationFlag 

type RegistrationFlag uint8
const (
	RegisterDefault         RegistrationFlag = 1 << iota // Default edge
	RegisterGraphMutation                                // Edge can mutate the graph
	RegisterGraphDependency                              // Edge has a dependency on default/mutating edges
)

type Registry 

type Registry struct {
	// contains filtered or unexported fields
}

Registry holds details of edges (i.e attacks) registered in KubeHound.

func Registered 

func Registered() *Registry

Registered returns the edge registry singleton.

func (*Registry) Dependent added in v0.2.2 

func (r *Registry) Dependent() map[string]DependentBuilder

Dependent returns the map of registered edge builders with default edge dependencies.

func (*Registry) Mutating 

func (r *Registry) Mutating() map[string]Builder

Mutating returns the map of registered mutating edge builders.

func (*Registry) Simple 

func (r *Registry) Simple() map[string]Builder

Simple returns the map of registered edge builders.

func (*Registry) Verify added in v0.2.2 

func (r *Registry) Verify() error

Verify verifies the integrity and consistency of the registry. Function should only be called once all edges have been registered via init() calls.

type RoleBindCrbCrCr added in v1.2.0 

type RoleBindCrbCrCr struct {
	BaseEdge
}

func (*RoleBindCrbCrCr) AttckTacticID added in v1.6.4 

func (e *RoleBindCrbCrCr) AttckTacticID() AttckTacticID

func (*RoleBindCrbCrCr) AttckTechniqueID added in v1.6.4 

func (e *RoleBindCrbCrCr) AttckTechniqueID() AttckTechniqueID

func (*RoleBindCrbCrCr) Label added in v1.2.0 

func (e *RoleBindCrbCrCr) Label() string

func (*RoleBindCrbCrCr) Name added in v1.2.0 

func (e *RoleBindCrbCrCr) Name() string

func (*RoleBindCrbCrCr) Processor added in v1.2.0 

func (e *RoleBindCrbCrCr) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*RoleBindCrbCrCr) Stream added in v1.2.0 

func (e *RoleBindCrbCrCr) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

func (*RoleBindCrbCrCr) Traversal added in v1.2.0 

func (e *RoleBindCrbCrCr) Traversal() types.EdgeTraversal

type RoleBindCrbCrR added in v1.2.0 

type RoleBindCrbCrR struct {
	BaseEdge
}

func (*RoleBindCrbCrR) AttckTacticID added in v1.6.4 

func (e *RoleBindCrbCrR) AttckTacticID() AttckTacticID

func (*RoleBindCrbCrR) AttckTechniqueID added in v1.6.4 

func (e *RoleBindCrbCrR) AttckTechniqueID() AttckTechniqueID

func (*RoleBindCrbCrR) Label added in v1.2.0 

func (e *RoleBindCrbCrR) Label() string

func (*RoleBindCrbCrR) Name added in v1.2.0 

func (e *RoleBindCrbCrR) Name() string

func (*RoleBindCrbCrR) Processor added in v1.2.0 

func (e *RoleBindCrbCrR) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*RoleBindCrbCrR) Stream added in v1.2.0 

func (e *RoleBindCrbCrR) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

func (*RoleBindCrbCrR) Traversal added in v1.2.0 

func (e *RoleBindCrbCrR) Traversal() types.EdgeTraversal

type RoleBindRbRbR added in v1.2.0 

type RoleBindRbRbR struct {
	BaseEdge
}

func (*RoleBindRbRbR) AttckTacticID added in v1.6.4 

func (e *RoleBindRbRbR) AttckTacticID() AttckTacticID

func (*RoleBindRbRbR) AttckTechniqueID added in v1.6.4 

func (e *RoleBindRbRbR) AttckTechniqueID() AttckTechniqueID

func (*RoleBindRbRbR) Label added in v1.2.0 

func (e *RoleBindRbRbR) Label() string

func (*RoleBindRbRbR) Name added in v1.2.0 

func (e *RoleBindRbRbR) Name() string

func (*RoleBindRbRbR) Processor added in v1.2.0 

func (e *RoleBindRbRbR) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*RoleBindRbRbR) Stream added in v1.2.0 

func (e *RoleBindRbRbR) Stream(ctx context.Context, store storedb.Provider, c cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type SharePSNamespace added in v0.2.2 

type SharePSNamespace struct {
	BaseEdge
}

func (*SharePSNamespace) AttckTacticID added in v1.6.4 

func (e *SharePSNamespace) AttckTacticID() AttckTacticID

func (*SharePSNamespace) AttckTechniqueID added in v1.6.4 

func (e *SharePSNamespace) AttckTechniqueID() AttckTechniqueID

func (*SharePSNamespace) Label added in v0.2.2 

func (e *SharePSNamespace) Label() string

func (*SharePSNamespace) Name added in v0.2.2 

func (e *SharePSNamespace) Name() string

func (*SharePSNamespace) Processor added in v0.2.2 

func (e *SharePSNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

Processor delegates the processing tasks to the generic containerEscapeProcessor.

func (*SharePSNamespace) Stream added in v0.2.2 

func (e *SharePSNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type TokenBruteforce 

type TokenBruteforce struct {
	BaseEdge
}

func (*TokenBruteforce) AttckTacticID added in v1.6.4 

func (e *TokenBruteforce) AttckTacticID() AttckTacticID

func (*TokenBruteforce) AttckTechniqueID added in v1.6.4 

func (e *TokenBruteforce) AttckTechniqueID() AttckTechniqueID

func (*TokenBruteforce) BatchSize 

func (e *TokenBruteforce) BatchSize() int

func (*TokenBruteforce) Label 

func (e *TokenBruteforce) Label() string

func (*TokenBruteforce) Name 

func (e *TokenBruteforce) Name() string

func (*TokenBruteforce) Processor 

func (e *TokenBruteforce) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*TokenBruteforce) Stream 

func (e *TokenBruteforce) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that are NOT namespaced and have secrets/get or equivalent wildcard permissions.

func (*TokenBruteforce) Traversal 

func (e *TokenBruteforce) Traversal() types.EdgeTraversal

type TokenBruteforceNamespace 

type TokenBruteforceNamespace struct {
	BaseEdge
}

func (*TokenBruteforceNamespace) AttckTacticID added in v1.6.4 

func (e *TokenBruteforceNamespace) AttckTacticID() AttckTacticID

func (*TokenBruteforceNamespace) AttckTechniqueID added in v1.6.4 

func (e *TokenBruteforceNamespace) AttckTechniqueID() AttckTechniqueID

func (*TokenBruteforceNamespace) Label 

func (e *TokenBruteforceNamespace) Label() string

func (*TokenBruteforceNamespace) Name 

func (e *TokenBruteforceNamespace) Name() string

func (*TokenBruteforceNamespace) Processor 

func (e *TokenBruteforceNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*TokenBruteforceNamespace) Stream 

func (e *TokenBruteforceNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that are namespaced and have secrets/get or equivalent wildcard permissions and matching identities. Matching identities are defined as namespaced identities that share the role namespace or non-namespaced identities.

type TokenList 

type TokenList struct {
	BaseEdge
}

func (*TokenList) AttckTacticID added in v1.6.4 

func (e *TokenList) AttckTacticID() AttckTacticID

func (*TokenList) AttckTechniqueID added in v1.6.4 

func (e *TokenList) AttckTechniqueID() AttckTechniqueID

func (*TokenList) BatchSize 

func (e *TokenList) BatchSize() int

func (*TokenList) Label 

func (e *TokenList) Label() string

func (*TokenList) Name 

func (e *TokenList) Name() string

func (*TokenList) Processor 

func (e *TokenList) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*TokenList) Stream 

func (e *TokenList) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that are NOT namespaced and have secrets/list or equivalent wildcard permissions.

func (*TokenList) Traversal 

func (e *TokenList) Traversal() types.EdgeTraversal

type TokenListNamespace 

type TokenListNamespace struct {
	BaseEdge
}

func (*TokenListNamespace) AttckTacticID added in v1.6.4 

func (e *TokenListNamespace) AttckTacticID() AttckTacticID

func (*TokenListNamespace) AttckTechniqueID added in v1.6.4 

func (e *TokenListNamespace) AttckTechniqueID() AttckTechniqueID

func (*TokenListNamespace) Label 

func (e *TokenListNamespace) Label() string

func (*TokenListNamespace) Name 

func (e *TokenListNamespace) Name() string

func (*TokenListNamespace) Processor 

func (e *TokenListNamespace) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*TokenListNamespace) Stream 

func (e *TokenListNamespace) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Stream finds all roles that are namespaced and have secrets/list or equivalent wildcard permissions and matching identities. Matching identities are defined as namespaced identities that share the role namespace or non-namespaced identities.

type TokenSteal 

type TokenSteal struct {
	BaseEdge
}

func (*TokenSteal) AttckTacticID added in v1.6.4 

func (e *TokenSteal) AttckTacticID() AttckTacticID

func (*TokenSteal) AttckTechniqueID added in v1.6.4 

func (e *TokenSteal) AttckTechniqueID() AttckTechniqueID

func (*TokenSteal) Label 

func (e *TokenSteal) Label() string

func (*TokenSteal) Name 

func (e *TokenSteal) Name() string

func (*TokenSteal) Processor 

func (e *TokenSteal) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*TokenSteal) Stream 

func (e *TokenSteal) Stream(ctx context.Context, sdb storedb.Provider, c cache.CacheReader,
	process types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type VolumeAccess 

type VolumeAccess struct {
	BaseEdge
}

func (*VolumeAccess) AttckTacticID added in v1.6.4 

func (e *VolumeAccess) AttckTacticID() AttckTacticID

func (*VolumeAccess) AttckTechniqueID added in v1.6.4 

func (e *VolumeAccess) AttckTechniqueID() AttckTechniqueID

func (*VolumeAccess) Label 

func (e *VolumeAccess) Label() string

func (*VolumeAccess) Name 

func (e *VolumeAccess) Name() string

func (*VolumeAccess) Processor 

func (e *VolumeAccess) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*VolumeAccess) Stream 

func (e *VolumeAccess) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

type VolumeDiscover 

type VolumeDiscover struct {
	BaseEdge
}

func (*VolumeDiscover) AttckTacticID added in v1.6.4 

func (e *VolumeDiscover) AttckTacticID() AttckTacticID

func (*VolumeDiscover) AttckTechniqueID added in v1.6.4 

func (e *VolumeDiscover) AttckTechniqueID() AttckTechniqueID

func (*VolumeDiscover) Label 

func (e *VolumeDiscover) Label() string

func (*VolumeDiscover) Name 

func (e *VolumeDiscover) Name() string

func (*VolumeDiscover) Processor 

func (e *VolumeDiscover) Processor(ctx context.Context, oic *converter.ObjectIDConverter, entry any) (any, error)

func (*VolumeDiscover) Stream 

func (e *VolumeDiscover) Stream(ctx context.Context, store storedb.Provider, _ cache.CacheReader,
	callback types.ProcessEntryCallback, complete types.CompleteQueryCallback) error

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.