diff --git a/ScoutSuite/providers/kubernetes/facade/base.py b/ScoutSuite/providers/kubernetes/facade/base.py index 8c220ae3b..6860fafb6 100644 --- a/ScoutSuite/providers/kubernetes/facade/base.py +++ b/ScoutSuite/providers/kubernetes/facade/base.py @@ -1,5 +1,4 @@ from json import dumps, loads -from typing import Callable from yaml import safe_dump from google.auth.credentials import Credentials as GCPCredentials @@ -16,7 +15,7 @@ class KubernetesBaseFacade: - def continue_upon_exception(function: Callable): + def continue_upon_exception(function): def continue_upon_exception_callback(self, **kwargs): try: return function(self, **kwargs) diff --git a/ScoutSuite/providers/kubernetes/facade/core.py b/ScoutSuite/providers/kubernetes/facade/core.py index 2009d22f1..f55cabc48 100644 --- a/ScoutSuite/providers/kubernetes/facade/core.py +++ b/ScoutSuite/providers/kubernetes/facade/core.py @@ -32,8 +32,19 @@ def get_resources(self) -> dict: # Redact sensitive resources if kind in ['Secret']: for i in range(len(resources)): - for key in resources[i]['data']: - resources[i]['data'][key] = 'REDACTED' + # Do not naively assume all secrets have `data` + secret_data = resources[i].get('data') + if not secret_data: continue + + # Do not assume `data` is a dictionary either + if type(secret_data) == dict: + for key in secret_data: + resources[i]['data'][key] = 'REDACTED' + elif type(secret_data) == str: + resources[i]['data'] = 'REDACTED' + elif type(secret_data) == list: + for j in range(len(secret_data)): + resources[i]['data'][j] = 'REDACTED' data[kind] = data.get(kind, {}) data[kind][version] = resources