g3rzi
commented
5 years ago Seems that some JWT token contains a 0x82 and the "utf-8" doesn't like it.
You can add "print (decoded_data)" between line 6 to line 7 here: https://github.com/cyberark/KubiScan/blob/5349e97e24256d220714ce6c134a2563e75346ef/engine/jwt_token.py#L6
It should print the decoded token before the decoding to UTF-8 and you can share it here if it is not sensitive.
But the problem is probably because the data contains 0x82 byte.
Easy solution is that I will ignore that errors but it will give you the token without the 0x82 byte.
Another solution is that I will print it in bytes if it fails.
I will try to reproduce it and think about good solution, I will update.
kbroughton
Running from the google cloud shell against a faily vanilla GKE deployment. kubiscan -rp
File "/KubiScan/KubiScan.py", line 469, in main print_all_risky_containers() File "/KubiScan/KubiScan.py", line 92, in print_all_risky_containers pods = engine.utils.get_risky_pods() File "/KubiScan/engine/utils.py", line 307, in get_risky_pods risky_containers = get_risky_containers(pod, risky_users) File "/KubiScan/engine/utils.py", line 290, in get_risky_containers jwtbody, = get_jwt_token_from_container(pod, container.name) File "/KubiScan/engine/utils.py", line 276, in get_jwt_token_from_container decoded_data = decode_jwt_token_data(resp) File "/KubiScan/engine/jwt_token.py", line 7, in decode_jwt_token_data return decoded_data.decode("utf-8") UnicodeDecodeError: 'utf-8' codec can't decode byte 0x82 in position 0: invalid start byte