-
Notifications
You must be signed in to change notification settings - Fork 106
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Support additional services for gcp provider (#528)
* Support additional services for gcp provider * gcp services refactor * Add service field to json output
- Loading branch information
1 parent
ccc9006
commit 221d669
Showing
30 changed files
with
399 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
package gcp | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
|
||
"github.com/projectdiscovery/cloudlist/pkg/schema" | ||
"google.golang.org/api/storage/v1" | ||
) | ||
|
||
type cloudStorageProvider struct { | ||
id string | ||
storage *storage.Service | ||
projects []string | ||
} | ||
|
||
func (d *cloudStorageProvider) name() string { | ||
return "s3" | ||
} | ||
|
||
// GetResource returns all the storage resources in the store for a provider. | ||
func (d *cloudStorageProvider) GetResource(ctx context.Context) (*schema.Resources, error) { | ||
list := schema.NewResources() | ||
|
||
buckets, err := d.getBuckets() | ||
if err != nil { | ||
return nil, fmt.Errorf("could not get buckets: %s", err) | ||
} | ||
for _, bucket := range buckets { | ||
resource := &schema.Resource{ | ||
ID: d.id, | ||
Provider: providerName, | ||
DNSName: fmt.Sprintf("%s.storage.googleapis.com", bucket.Name), | ||
Public: d.isBucketPublic(bucket.Name), | ||
Service: d.name(), | ||
} | ||
list.Append(resource) | ||
} | ||
return list, nil | ||
} | ||
|
||
func (d *cloudStorageProvider) getBuckets() ([]*storage.Bucket, error) { | ||
var buckets []*storage.Bucket | ||
for _, project := range d.projects { | ||
bucketsService := d.storage.Buckets.List(project) | ||
_ = bucketsService.Pages(context.Background(), func(bal *storage.Buckets) error { | ||
buckets = append(buckets, bal.Items...) | ||
return nil | ||
}) | ||
} | ||
return buckets, nil | ||
} | ||
|
||
func (d *cloudStorageProvider) isBucketPublic(bucketName string) bool { | ||
bucketIAMPolicy, err := d.storage.Buckets.GetIamPolicy(bucketName).Do() | ||
if err == nil { | ||
for _, binding := range bucketIAMPolicy.Bindings { | ||
if binding.Role == "roles/storage.objectViewer" { | ||
for _, member := range binding.Members { | ||
if member == "allUsers" || member == "allAuthenticatedUsers" { | ||
return true | ||
} | ||
} | ||
} | ||
} | ||
} | ||
return false | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
package gcp | ||
|
||
import ( | ||
"context" | ||
"fmt" | ||
"net/url" | ||
|
||
"github.com/projectdiscovery/cloudlist/pkg/schema" | ||
run "google.golang.org/api/run/v1" | ||
) | ||
|
||
type cloudRunProvider struct { | ||
id string | ||
run *run.APIService | ||
projects []string | ||
} | ||
|
||
func (d *cloudRunProvider) name() string { | ||
return "cloud-run" | ||
} | ||
|
||
// GetResource returns all the Cloud Run resources in the store for a provider. | ||
func (d *cloudRunProvider) GetResource(ctx context.Context) (*schema.Resources, error) { | ||
list := schema.NewResources() | ||
services, err := d.getServices() | ||
if err != nil { | ||
return nil, fmt.Errorf("could not get services: %s", err) | ||
} | ||
|
||
for _, service := range services { | ||
serviceUrl, _ := url.Parse(service.Status.Url) | ||
resource := &schema.Resource{ | ||
ID: d.id, | ||
Provider: providerName, | ||
DNSName: serviceUrl.Hostname(), | ||
Public: d.isPublicService(service.Metadata.Name), | ||
Service: d.name(), | ||
} | ||
list.Append(resource) | ||
} | ||
return list, nil | ||
} | ||
|
||
func (d *cloudRunProvider) getServices() ([]*run.Service, error) { | ||
var services []*run.Service | ||
for _, project := range d.projects { | ||
locationsService := d.run.Projects.Locations.List(fmt.Sprintf("projects/%s", project)) | ||
locationsResponse, err := locationsService.Do() | ||
if err != nil { | ||
continue | ||
} | ||
|
||
for _, location := range locationsResponse.Locations { | ||
servicesService := d.run.Projects.Locations.Services.List(location.Name) | ||
servicesResponse, err := servicesService.Do() | ||
if err != nil { | ||
continue | ||
} | ||
services = append(services, servicesResponse.Items...) | ||
} | ||
} | ||
return services, nil | ||
} | ||
|
||
func (d *cloudRunProvider) isPublicService(serviceName string) bool { | ||
serviceIAMPolicy, err := d.run.Projects.Locations.Services.GetIamPolicy(serviceName).Do() | ||
if err == nil { | ||
for _, binding := range serviceIAMPolicy.Bindings { | ||
if binding.Role == "roles/run.invoker" { | ||
for _, member := range binding.Members { | ||
if member == "allUsers" || member == "allAuthenticatedUsers" { | ||
return true | ||
} | ||
} | ||
} | ||
} | ||
} | ||
return false | ||
} |
Oops, something went wrong.