diff --git a/ScoutSuite/providers/gcp/facade/base.py b/ScoutSuite/providers/gcp/facade/base.py index fd110eb29..5fefd2e96 100755 --- a/ScoutSuite/providers/gcp/facade/base.py +++ b/ScoutSuite/providers/gcp/facade/base.py @@ -210,7 +210,7 @@ async def is_api_enabled(self, project_id, service): elif service == 'CloudStorage': endpoint = 'storage-component' elif service == 'CloudSQL': - endpoint = 'sql-component' + endpoint = 'sqladmin' elif service == 'ComputeEngine': endpoint = 'compute' elif service == 'Functions': diff --git a/ScoutSuite/providers/gcp/facade/gke.py b/ScoutSuite/providers/gcp/facade/gke.py index f6cf669aa..8168a494e 100644 --- a/ScoutSuite/providers/gcp/facade/gke.py +++ b/ScoutSuite/providers/gcp/facade/gke.py @@ -27,7 +27,8 @@ async def get_clusters(self, project_id): async def _get_and_set_private_google_access_enabled(self, cluster, project_id): try: region = self._get_cluster_region(cluster) - subnetwork = await self._gce_facade.get_subnetwork(project_id, region, cluster['subnetwork']) + subnetwork_project_id = self._get_cluster_subnetwork_project(cluster) + subnetwork = await self._gce_facade.get_subnetwork(subnetwork_project_id, region, cluster['subnetwork']) if subnetwork: cluster['privateIpGoogleAccess'] = subnetwork.get('privateIpGoogleAccess') else: @@ -42,3 +43,8 @@ def _get_cluster_region(self, cluster): region_regex = re.compile("^([\\w]+-[\\w]+)") result = region_regex.search(cluster['location']) return result.group(1) + + # Subnetwork can be in different project + # networkConfig.subnetwork is like projects/{project}/regions/{region}/subnetworks/{subnetworkname} + def _get_cluster_subnetwork_project(self, cluster): + return cluster['networkConfig']['subnetwork'].split('/')[1] diff --git a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py index 0c7d2fcb7..720910ad0 100644 --- a/ScoutSuite/providers/gcp/resources/functions/functions_v1.py +++ b/ScoutSuite/providers/gcp/resources/functions/functions_v1.py @@ -31,12 +31,12 @@ def _parse_function(self, raw_function): function_dict['max_instances'] = raw_function['maxInstances'] function_dict['docker_registry'] = raw_function['dockerRegistry'] function_dict['url'] = raw_function.get('httpsTrigger', {}).get('url') - function_dict['security_level'] = raw_function.get('httpsTrigger', {}).get('securityLevel') + function_dict['security_level'] = 'SECURE_ALWAYS' if function_dict['url'] is None else raw_function.get('httpsTrigger', {}).get('securityLevel') function_dict['ingress_settings'] = raw_function['ingressSettings'] function_dict['bindings'] = raw_function['bindings'] - function_dict['environment_variables'] = raw_function['environmentVariables'] + function_dict['environment_variables'] = raw_function.get('environmentVariables', {}) function_dict['environment_variables_secrets'] = get_environment_secrets(function_dict['environment_variables']) function_dict['labels'] = raw_function['labels'] diff --git a/ScoutSuite/providers/gcp/resources/functions/functions_v2.py b/ScoutSuite/providers/gcp/resources/functions/functions_v2.py index 6a73a4d36..a0cb3a5b1 100644 --- a/ScoutSuite/providers/gcp/resources/functions/functions_v2.py +++ b/ScoutSuite/providers/gcp/resources/functions/functions_v2.py @@ -35,7 +35,7 @@ def _parse_function(self, raw_function): function_dict['service_account'] = raw_function.get('serviceConfig', {}).get('serviceAccountEmail') function_dict['bindings'] = raw_function['bindings'] - function_dict['environment_variables'] = raw_function.get('serviceConfig', {}).get('environmentVariables') + function_dict['environment_variables'] = raw_function.get('serviceConfig', {}).get('environmentVariables', {}) function_dict['environment_variables_secrets'] = get_environment_secrets(function_dict['environment_variables']) function_dict['labels'] = raw_function['labels']