Documentation ¶
Overview ¶
Copyright 2023 Operant AI
Copyright 2023 Operant AI ¶
Copyright 2023 Operant AI ¶
Copyright 2023 Operant AI ¶
Copyright 2023 Operant AI ¶
Copyright 2023 Operant AI ¶
Copyright 2023 Operant AI
Index ¶
- Variables
- type ClusterAdminBinding
- type ClusterAdminBindingExperimentConfig
- func (p *ClusterAdminBindingExperimentConfig) Cleanup(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
- func (p *ClusterAdminBindingExperimentConfig) Description() string
- func (p *ClusterAdminBindingExperimentConfig) Framework() string
- func (p *ClusterAdminBindingExperimentConfig) Run(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
- func (p *ClusterAdminBindingExperimentConfig) Tactic() string
- func (p *ClusterAdminBindingExperimentConfig) Technique() string
- func (p *ClusterAdminBindingExperimentConfig) Type() string
- func (p *ClusterAdminBindingExperimentConfig) Verify(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) (*verifier.Outcome, error)
- type ContainerSecrets
- type ContainerSecretsEnv
- type ContainerSecretsExperimentConfig
- func (p *ContainerSecretsExperimentConfig) Cleanup(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
- func (p *ContainerSecretsExperimentConfig) Description() string
- func (p *ContainerSecretsExperimentConfig) Framework() string
- func (p *ContainerSecretsExperimentConfig) Run(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
- func (p *ContainerSecretsExperimentConfig) Tactic() string
- func (p *ContainerSecretsExperimentConfig) Technique() string
- func (p *ContainerSecretsExperimentConfig) Type() string
- func (p *ContainerSecretsExperimentConfig) Verify(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) (*verifier.Outcome, error)
- type Experiment
- type ExperimentConfig
- type ExperimentMetadata
- type ExperimentsConfig
- type HostPath
- type HostPathMount
- type HostPathMountExperimentConfig
- func (p *HostPathMountExperimentConfig) Cleanup(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
- func (p *HostPathMountExperimentConfig) Description() string
- func (p *HostPathMountExperimentConfig) Framework() string
- func (p *HostPathMountExperimentConfig) Run(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
- func (p *HostPathMountExperimentConfig) Tactic() string
- func (p *HostPathMountExperimentConfig) Technique() string
- func (p *HostPathMountExperimentConfig) Type() string
- func (p *HostPathMountExperimentConfig) Verify(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) (*verifier.Outcome, error)
- type K8sSecretsParameters
- type ListK8sSecretsConfig
- func (p *ListK8sSecretsConfig) Cleanup(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
- func (p *ListK8sSecretsConfig) Description() string
- func (p *ListK8sSecretsConfig) Framework() string
- func (p *ListK8sSecretsConfig) Run(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
- func (p *ListK8sSecretsConfig) Tactic() string
- func (p *ListK8sSecretsConfig) Technique() string
- func (p *ListK8sSecretsConfig) Type() string
- func (p *ListK8sSecretsConfig) Verify(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) (*verifier.Outcome, error)
- type PrivilegedContainer
- type PrivilegedContainerExperimentConfig
- func (p *PrivilegedContainerExperimentConfig) Cleanup(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
- func (p *PrivilegedContainerExperimentConfig) Description() string
- func (p *PrivilegedContainerExperimentConfig) Framework() string
- func (p *PrivilegedContainerExperimentConfig) Run(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
- func (p *PrivilegedContainerExperimentConfig) Tactic() string
- func (p *PrivilegedContainerExperimentConfig) Technique() string
- func (p *PrivilegedContainerExperimentConfig) Type() string
- func (p *PrivilegedContainerExperimentConfig) Verify(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) (*verifier.Outcome, error)
- type RemoteExecuteAPIExperimentConfig
- func (p *RemoteExecuteAPIExperimentConfig) Cleanup(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
- func (p *RemoteExecuteAPIExperimentConfig) Description() string
- func (p *RemoteExecuteAPIExperimentConfig) Framework() string
- func (p *RemoteExecuteAPIExperimentConfig) Run(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
- func (p *RemoteExecuteAPIExperimentConfig) Tactic() string
- func (p *RemoteExecuteAPIExperimentConfig) Technique() string
- func (p *RemoteExecuteAPIExperimentConfig) Type() string
- func (p *RemoteExecuteAPIExperimentConfig) Verify(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) (*verifier.Outcome, error)
- type Result
- type Runner
- type URLResult
Constants ¶
This section is empty.
Variables ¶
var ExperimentsRegistry = []Experiment{ &PrivilegedContainerExperimentConfig{}, &HostPathMountExperimentConfig{}, &ClusterAdminBindingExperimentConfig{}, &ContainerSecretsExperimentConfig{}, &RemoteExecuteAPIExperimentConfig{}, &ListK8sSecretsConfig{}, }
ExperimentsRegistry is a list of all experiments
Functions ¶
This section is empty.
Types ¶
type ClusterAdminBinding ¶
type ClusterAdminBinding struct{}
type ClusterAdminBindingExperimentConfig ¶
type ClusterAdminBindingExperimentConfig struct { Metadata ExperimentMetadata `yaml:"metadata"` Parameters ClusterAdminBinding `yaml:"parameters"` }
func (*ClusterAdminBindingExperimentConfig) Cleanup ¶
func (p *ClusterAdminBindingExperimentConfig) Cleanup(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
func (*ClusterAdminBindingExperimentConfig) Description ¶
func (p *ClusterAdminBindingExperimentConfig) Description() string
func (*ClusterAdminBindingExperimentConfig) Framework ¶
func (p *ClusterAdminBindingExperimentConfig) Framework() string
func (*ClusterAdminBindingExperimentConfig) Run ¶
func (p *ClusterAdminBindingExperimentConfig) Run(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
func (*ClusterAdminBindingExperimentConfig) Tactic ¶
func (p *ClusterAdminBindingExperimentConfig) Tactic() string
func (*ClusterAdminBindingExperimentConfig) Technique ¶
func (p *ClusterAdminBindingExperimentConfig) Technique() string
func (*ClusterAdminBindingExperimentConfig) Type ¶
func (p *ClusterAdminBindingExperimentConfig) Type() string
type ContainerSecrets ¶
type ContainerSecrets struct { ConfigMapCheck bool `yaml:"config_map_check"` PodEnvCheck bool `yaml:"pod_env_check"` Env []ContainerSecretsEnv `yaml:"env"` }
type ContainerSecretsEnv ¶
type ContainerSecretsExperimentConfig ¶
type ContainerSecretsExperimentConfig struct { Metadata ExperimentMetadata `yaml:"metadata"` Parameters ContainerSecrets `yaml:"parameters"` }
func (*ContainerSecretsExperimentConfig) Cleanup ¶
func (p *ContainerSecretsExperimentConfig) Cleanup(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
func (*ContainerSecretsExperimentConfig) Description ¶
func (p *ContainerSecretsExperimentConfig) Description() string
func (*ContainerSecretsExperimentConfig) Framework ¶
func (p *ContainerSecretsExperimentConfig) Framework() string
func (*ContainerSecretsExperimentConfig) Run ¶
func (p *ContainerSecretsExperimentConfig) Run(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
func (*ContainerSecretsExperimentConfig) Tactic ¶
func (p *ContainerSecretsExperimentConfig) Tactic() string
func (*ContainerSecretsExperimentConfig) Technique ¶
func (p *ContainerSecretsExperimentConfig) Technique() string
func (*ContainerSecretsExperimentConfig) Type ¶
func (p *ContainerSecretsExperimentConfig) Type() string
type Experiment ¶
type Experiment interface { // Type returns the type of the experiment Type() string // Description describes the experiment in a brief sentence Description() string // Framework returns the attack framework e.g., MITRE/OWASP Framework() string // Tactic returns the attack tactic category Tactic() string // Technique returns the attack method Technique() string // Run runs the experiment, returning an error if it fails Run(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error // Verify verifies the experiment, returning an error if it fails Verify(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) (*verifier.Outcome, error) // Cleanup cleans up the experiment, returning an error if it fails Cleanup(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error }
Experiment is the interface for an experiment
type ExperimentConfig ¶
type ExperimentConfig struct { // Metadata for the experiment Metadata ExperimentMetadata `yaml:"metadata"` // Parameters for the experiment Parameters interface{} `yaml:"parameters"` }
ExperimentConfig is a structure which represents the configuration for an experiment
type ExperimentMetadata ¶
type ExperimentMetadata struct { // Name of the experiment Name string `yaml:"name"` // Namespace to apply the experiment to Namespace string `yaml:"namespace"` // Type of the experiment Type string `yaml:"type"` }
ExperimentMetadata is a structure which represents the metadata required for an experiment
type ExperimentsConfig ¶
type ExperimentsConfig struct {
ExperimentConfigs []ExperimentConfig `yaml:"experiments"`
}
ExperimentsConfig is a structure which represents the configuration for a set of experiments
type HostPathMount ¶
type HostPathMount struct {
HostPath HostPath `yaml:"host_path"`
}
type HostPathMountExperimentConfig ¶
type HostPathMountExperimentConfig struct { Metadata ExperimentMetadata `yaml:"metadata"` Parameters HostPathMount `yaml:"parameters"` }
func (*HostPathMountExperimentConfig) Cleanup ¶
func (p *HostPathMountExperimentConfig) Cleanup(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
func (*HostPathMountExperimentConfig) Description ¶
func (p *HostPathMountExperimentConfig) Description() string
func (*HostPathMountExperimentConfig) Framework ¶
func (p *HostPathMountExperimentConfig) Framework() string
func (*HostPathMountExperimentConfig) Run ¶
func (p *HostPathMountExperimentConfig) Run(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
func (*HostPathMountExperimentConfig) Tactic ¶
func (p *HostPathMountExperimentConfig) Tactic() string
func (*HostPathMountExperimentConfig) Technique ¶
func (p *HostPathMountExperimentConfig) Technique() string
func (*HostPathMountExperimentConfig) Type ¶
func (p *HostPathMountExperimentConfig) Type() string
type K8sSecretsParameters ¶
type K8sSecretsParameters struct { ExecutorConfig executor.RemoteExecuteAPI `yaml:"executor_config"` Namespaces []string `yaml:"namespaces"` }
type ListK8sSecretsConfig ¶
type ListK8sSecretsConfig struct { Metadata ExperimentMetadata `yaml:"metadata"` Parameters K8sSecretsParameters `yaml:"parameters"` }
func (*ListK8sSecretsConfig) Cleanup ¶
func (p *ListK8sSecretsConfig) Cleanup(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
func (*ListK8sSecretsConfig) Description ¶
func (p *ListK8sSecretsConfig) Description() string
func (*ListK8sSecretsConfig) Framework ¶
func (p *ListK8sSecretsConfig) Framework() string
func (*ListK8sSecretsConfig) Run ¶
func (p *ListK8sSecretsConfig) Run(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
func (*ListK8sSecretsConfig) Tactic ¶
func (p *ListK8sSecretsConfig) Tactic() string
func (*ListK8sSecretsConfig) Technique ¶
func (p *ListK8sSecretsConfig) Technique() string
func (*ListK8sSecretsConfig) Type ¶
func (p *ListK8sSecretsConfig) Type() string
type PrivilegedContainer ¶
type PrivilegedContainer struct { Privileged bool `yaml:"privileged"` HostPid bool `yaml:"host_pid"` HostNetwork bool `yaml:"host_network"` RunAsRoot bool `yaml:"run_as_root"` }
PrivilegedContainer is an experiment that creates a deployment with a privileged container
type PrivilegedContainerExperimentConfig ¶
type PrivilegedContainerExperimentConfig struct { Metadata ExperimentMetadata `yaml:"metadata"` Parameters PrivilegedContainer `yaml:"parameters"` }
func (*PrivilegedContainerExperimentConfig) Cleanup ¶
func (p *PrivilegedContainerExperimentConfig) Cleanup(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
func (*PrivilegedContainerExperimentConfig) Description ¶
func (p *PrivilegedContainerExperimentConfig) Description() string
func (*PrivilegedContainerExperimentConfig) Framework ¶
func (p *PrivilegedContainerExperimentConfig) Framework() string
func (*PrivilegedContainerExperimentConfig) Run ¶
func (p *PrivilegedContainerExperimentConfig) Run(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
func (*PrivilegedContainerExperimentConfig) Tactic ¶
func (p *PrivilegedContainerExperimentConfig) Tactic() string
func (*PrivilegedContainerExperimentConfig) Technique ¶
func (p *PrivilegedContainerExperimentConfig) Technique() string
func (*PrivilegedContainerExperimentConfig) Type ¶
func (p *PrivilegedContainerExperimentConfig) Type() string
type RemoteExecuteAPIExperimentConfig ¶
type RemoteExecuteAPIExperimentConfig struct { Metadata ExperimentMetadata `yaml:"metadata"` Parameters executor.RemoteExecuteAPI `yaml:"parameters"` }
RemoteExecuteAPI is an experiment that uses the remote executor to check a remote output The image must be created independently -- the current default is `alconen/egress_server`, which runs a simple web app on port 4000 that checks http connectivity to a few domains ("https://google.com", "https://linkedin.com", "https://openai.com/") and responds with a success based on the success of those calls. The source can be found at cmd/executor-server
func (*RemoteExecuteAPIExperimentConfig) Cleanup ¶
func (p *RemoteExecuteAPIExperimentConfig) Cleanup(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
func (*RemoteExecuteAPIExperimentConfig) Description ¶
func (p *RemoteExecuteAPIExperimentConfig) Description() string
func (*RemoteExecuteAPIExperimentConfig) Framework ¶
func (p *RemoteExecuteAPIExperimentConfig) Framework() string
func (*RemoteExecuteAPIExperimentConfig) Run ¶
func (p *RemoteExecuteAPIExperimentConfig) Run(ctx context.Context, client *k8s.Client, experimentConfig *ExperimentConfig) error
func (*RemoteExecuteAPIExperimentConfig) Tactic ¶
func (p *RemoteExecuteAPIExperimentConfig) Tactic() string
func (*RemoteExecuteAPIExperimentConfig) Technique ¶
func (p *RemoteExecuteAPIExperimentConfig) Technique() string
func (*RemoteExecuteAPIExperimentConfig) Type ¶
func (p *RemoteExecuteAPIExperimentConfig) Type() string