google / gke-auditor Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
License: Apache License 2.0
The build script outputs the following:
[WARNING]
[WARNING] Some problems were encountered while building the effective model for gke-auditor:gke-auditor:jar:1.0-SNAPSHOT
[WARNING] 'dependencies.dependency.version' for org.junit.jupiter:junit-jupiter:jar is either LATEST or RELEASE (both of them are being deprecated) @ line 129, column 16
[WARNING] 'dependencies.dependency.scope' for org.junit:junit-bom:pom must be one of [provided, compile, runtime, test, system] but is 'import'. @ line 99, column 14
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
And test.sh fails as well:
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-surefire-plugin:3.0.0-M4:test (default-test) on project gke-auditor: There are test failures.
[ERROR]
[ERROR] Please refer to /home/mikejones/appsec/gke-auditor/target/surefire-reports for the individual test results.
[ERROR] Please refer to dump files (if any exist) [date].dump, [date]-jvmRun[N].dump and [date].dumpstream.
[ERROR] The forked VM terminated without properly saying goodbye. VM crash or System.exit called?
[ERROR] Command was /bin/sh -c cd /home/mikejones/appsec/gke-auditor && /usr/lib/jvm/java-11-openjdk-amd64/bin/java -jar /home/mikejones/appsec/gke-auditor/target/surefire/surefirebooter17948487640006596760.jar /home/mikejones/appsec/gke-auditor/target/surefire 2020-10-22T10-26-36_719-jvmRun1 surefire16552605127534103655tmp surefire_014708953282045072273tmp
[ERROR] Process Exit Code: 0
[ERROR] Crashed tests:
[ERROR] com.google.gke.auditor.system.AssetServiceTest
[ERROR] org.apache.maven.surefire.booter.SurefireBooterForkException: The forked VM terminated without properly saying goodbye. VM crash or System.exit called?
[ERROR] Command was /bin/sh -c cd /home/mikejones/appsec/gke-auditor && /usr/lib/jvm/java-11-openjdk-amd64/bin/java -jar /home/mikejones/appsec/gke-auditor/target/surefire/surefirebooter17948487640006596760.jar /home/mikejones/appsec/gke-auditor/target/surefire 2020-10-22T10-26-36_719-jvmRun1 surefire16552605127534103655tmp surefire_014708953282045072273tmp
[ERROR] Process Exit Code: 0
[ERROR] Crashed tests:
[ERROR] com.google.gke.auditor.system.AssetServiceTest
[ERROR] at org.apache.maven.plugin.surefire.booterclient.ForkStarter.fork(ForkStarter.java:690)
[ERROR] at org.apache.maven.plugin.surefire.booterclient.ForkStarter.run(ForkStarter.java:285)
[ERROR] at org.apache.maven.plugin.surefire.booterclient.ForkStarter.run(ForkStarter.java:248)
[ERROR] at org.apache.maven.plugin.surefire.AbstractSurefireMojo.executeProvider(AbstractSurefireMojo.java:1217)
[ERROR] at org.apache.maven.plugin.surefire.AbstractSurefireMojo.executeAfterPreconditionsChecked(AbstractSurefireMojo.java:1063)
[ERROR] at org.apache.maven.plugin.surefire.AbstractSurefireMojo.execute(AbstractSurefireMojo.java:889)
[ERROR] at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:137)
[ERROR] at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:210)
[ERROR] at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:156)
[ERROR] at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:148)
[ERROR] at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:117)
[ERROR] at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:81)
[ERROR] at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:56)
[ERROR] at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
[ERROR] at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:305)
[ERROR] at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:192)
[ERROR] at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:105)
[ERROR] at org.apache.maven.cli.MavenCli.execute(MavenCli.java:957)
[ERROR] at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:289)
[ERROR] at org.apache.maven.cli.MavenCli.main(MavenCli.java:193)
[ERROR] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[ERROR] at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
[ERROR] at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
[ERROR] at java.base/java.lang.reflect.Method.invoke(Method.java:566)
[ERROR] at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:282)
[ERROR] at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:225)
[ERROR] at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:406)
[ERROR] at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:347)
[ERROR]
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
When executing the tool trow the error An exception occurred while communicating with the API.
When I run it showed me some vulnerabilities, then it breaks with the error
$ ./auditor.sh
...
Detector: AUTOMOUNT_SERVICE_ACCOUNT_TOKENS_ENABLED
Explanation: Service accounts tokens should not be mounted in pods except where the workload running in the pod explicitly needs to communicate wit
h the API server. Mounting service account tokens inside pods can provide an avenue for privilege escalation attacks where an attacker is able to compromis
e a single pod in the cluster. Avoiding mounting these tokens removes this attack avenue.
Remediation: Modify the definition of pods and service accounts which do not need to mount service account tokens to disable it.
Useful links: [https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/]
Level: VULNERABILITY
Severity: MEDIUM
Potential vulnerabilities: 0
Exception in thread "main" java.lang.NullPointerException
at com.google.gke.auditor.models.Dependency.getAssetName(Dependency.java:145)
at com.google.gke.auditor.system.AssetService.lambda$retrieveAndFilterDefaults$1(AssetService.java:401)
at java.base/java.util.stream.ReferencePipeline$2$1.accept(ReferencePipeline.java:176)
at java.base/java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1655)
at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:484)
at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:474)
at java.base/java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:913)
at java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
at java.base/java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:578)
at com.google.gke.auditor.system.AssetService.retrieveAndFilterDefaults(AssetService.java:402)
at com.google.gke.auditor.system.AssetService.getAssets(AssetService.java:390)
at com.google.gke.auditor.system.AssetService.getAssets(AssetService.java:412)
at com.google.gke.auditor.system.DetectorRunner.runDetector(DetectorRunner.java:68)
at com.google.gke.auditor.system.DetectorRunner.runDetectors(DetectorRunner.java:55)
at com.google.gke.auditor.system.DetectorRunner.run(DetectorRunner.java:41)
at com.google.gke.auditor.Main.main(Main.java:59)
Running on Google Cloud Shell and used bash install-debian.sh
I think it is essential to provide some options for outputting the results in other formats (JSON, SARIF, etc) for parsing reasons. Even with the color output disabled, bold ANSI codes are still added to the output which makes it very difficult to read anywhere but the terminal.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.