search

DataDog / KubeHound

Kubernetes Attack Graph
https://kubehound.io
Apache License 2.0
703 stars 36 forks source link

Python query data not working perfectly #168

Closed Ant0in3bzh closed 4 months ago

Ant0in3bzh commented 4 months ago

Describe the bug Hi, I'm trying to make a simple query with the _gremlinpython package and it's not working well. I think in the gremlin_python package the implementation of DataType.custom is not implemented yet, take a look here: https://github.com/../gremlin-python/../graphbinaryV1.py. And you have to add its definition here : https://github.com/../gremlin-python/../traversal.py. I tried to create it on my own but without success. Is there another way in python to extract the data for this type of query, like in json,csv or yaml or any other format ?

To Reproduce Steps to reproduce the behavior:

  1. I run this code : 

    KH_QUERY = "kh.V().critical()"
c = Client("ws://127.0.0.1:8182/gremlin", "kh")
results = c.submit(KH_QUERY).all().result()
print(results)

  2. And i encounter this issue : 

    KeyError: <DataType.custom: 0>

Expected behavior Result in list form or dict.

Desktop (please complete the following information):

Conclusion

Maybe I need to create an issue in https://github.com/apache/tinkerpop/tree/master. But I think you're implementing things for Kubehound there, so maybe you'll answer my issue.

d0g0x01 commented 4 months ago

I think your query is returning a gremlin traversal which python does not understand. If you want a map back, can you try

kh.V().critical().elementMap()
Ant0in3bzh commented 4 months ago

great, it works, thank you for your advice. May I ask where I can find the documentation on the rules element value? For example i got this :

        "rules": "[API(batch)::R(cronjobs)::N()::V(get,list,update,watch), API(batch)::R(jobs)::N()::V(create,delete,get,list,patch,update,watch), API(batch)::R(cronjobs/status)::N()::V(update), API(batch)::R(cronjobs/finalizers)::N()::V(update), API()::R(pods)::N()::V(delete,list), API(,events.k8s.io)::R(events)::N()::V(create,patch,update)]",

I understand N = node, V maybe a vertex ?

d0g0x01 commented 4 months ago

https://kubehound.io/reference/entities/permissionset/ https://github.com/DataDog/KubeHound/blob/main/pkg/kubehound/models/converter/graph.go#L160

(gremlin support for nested arrays is tricky so we have to flatten to a single string)

Ant0in3bzh commented 4 months ago

Thanks for the help