From 97614f14a248d3c5f233c1fe3f68bb18e23ce068 Mon Sep 17 00:00:00 2001 From: Robert Clark Date: Fri, 10 Sep 2021 11:34:39 -0700 Subject: [PATCH] Adding refactored examples --- examples/aciExploit/AggregatedDfd-dfd | 19 ++++ examples/aciExploit/AggregatedDfd-dfd.png | Bin 0 -> 8850 bytes ...Attacker looks for runtime information-dfd | 19 ++++ ...cker looks for runtime information-dfd.png | Bin 0 -> 12347 bytes ...w-Attacker looks for runtime information-1 | 5 + ...tacker looks for runtime information-1.png | Bin 0 -> 2538 bytes ...w-Attacker looks for runtime information-2 | 5 + ...tacker looks for runtime information-2.png | Bin 0 -> 2363 bytes examples/buildExamples.sh | 2 + examples/example_ACI_exploit.py | 24 +++++ examples/example_OPA_orchestration.py | 64 +++++++++++ .../example_aws_eks_add_on_permissions.py | 99 ++++++++++++++++++ examples/example_aws_iam_authenticator.py | 64 +++++++++++ examples/example_bookstore.py | 56 ++++++++++ examples/example_nest.py | 40 +++++++ examples/example_process.py | 31 ++++++ examples/example_tiaga.py | 73 +++++++++++++ examples/example_tinkerbell.py | 72 +++++++++++++ 18 files changed, 573 insertions(+) create mode 100644 examples/aciExploit/AggregatedDfd-dfd create mode 100644 examples/aciExploit/AggregatedDfd-dfd.png create mode 100644 examples/aciExploit/Attacker looks for runtime information-dfd create mode 100644 examples/aciExploit/Attacker looks for runtime information-dfd.png create mode 100644 examples/aciExploit/flow-Attacker looks for runtime information-1 create mode 100644 examples/aciExploit/flow-Attacker looks for runtime information-1.png create mode 100644 examples/aciExploit/flow-Attacker looks for runtime information-2 create mode 100644 examples/aciExploit/flow-Attacker looks for runtime information-2.png create mode 100755 examples/buildExamples.sh create mode 100644 examples/example_ACI_exploit.py create mode 100644 examples/example_OPA_orchestration.py create mode 100644 examples/example_aws_eks_add_on_permissions.py create mode 100644 examples/example_aws_iam_authenticator.py create mode 100644 examples/example_bookstore.py create mode 100644 examples/example_nest.py create mode 100644 examples/example_process.py create mode 100644 examples/example_tiaga.py create mode 100644 examples/example_tinkerbell.py diff --git a/examples/aciExploit/AggregatedDfd-dfd b/examples/aciExploit/AggregatedDfd-dfd new file mode 100644 index 0000000..2494408 --- /dev/null +++ b/examples/aciExploit/AggregatedDfd-dfd @@ -0,0 +1,19 @@ +digraph all { + color=blue fontname=Arial rankdir=LR + node [fontname=Arial fontsize=11 shape=box style=rounded] + edge [fontname=Arial fontsize=11] + subgraph cluster_Internet { + graph [color=red fontname=Arial fontsize=11 label=Internet style=dashed] + Researcher + } + subgraph "cluster_ACI Control Plane" { + graph [color=red fontname=Arial fontsize=11 label="ACI Control Plane" style=dashed] + "ACI API" + } + subgraph cluster_Azure { + graph [color=red fontname=Arial fontsize=11 label=Azure style=dashed] + "Kube-API" + } + Researcher -> "ACI API" [dir=forward] + "ACI API" -> "Kube-API" [dir=forward] +} diff --git a/examples/aciExploit/AggregatedDfd-dfd.png b/examples/aciExploit/AggregatedDfd-dfd.png new file mode 100644 index 0000000000000000000000000000000000000000..502a174eaaf81aeb5a30dbaf2cb3833678360c9c GIT binary patch literal 8850 zcmb7q1yqz>)Gh`%2!hg*ABc#8bf++M4&B`#BB6kkN`rt3NP~!kpdcL*A2D=FNee?G zF@!YSt@r=`b?>_Wx_8~fS`PTmymQVzdq4Ymp7VyI)a0*SrM`-TgL6$$K}Hh?=Rza= z{v2@;{yoW;ZGsm(OJ#W(obx|F@9T17ad7^@QIwI=_DWr!^3f;LImg*5{Z-OlGO2TU zl)ypZQ<1F<$Lsp%B`;qdHYFpN4E1BYSAqoxc>1S@<}`-7w^aWjW1{T7th%E3X8r~l z>yW0jCXX(Mn-LdBm+9huo7hH-x#v^Q#JcU%6LfF7`{FNuyZY|bBynUj7vTl?a&%Ka z9n6XpPnZk`r#+As<~}b)go}f-{ZA;&+WR%~0?u=>_Dmd{2lVqO_yDmRD-O=U@$il3TkUBI=eI+^S3KWNcv9>mEILZ@WhR(AKuU` z$91b_l`!qtUK<^FaS3H==%^2INE!=#QLX+`{**0pj%r> zDAzVNDoRTS9n^QfUbX5U94rkuKl9#M3=Rn)3aG5FumAXQe!Sf2p@1kWD=Raz43@(6 zBjVoM_d4t?me@9ifLj04BgI&jYo=!_xfxHNKAj8TP3kVTYU41e8S3eYdLL1kS7Xrc zaot6LB_~sA!8t77T#lWE#kTP!Zi~&d|MB|y*?xn_dI-I)1#?MB$&ZH>DJdy3OgFc6 zpFI~WN%nnJcoA`?;dp`t7*Sb-1F>1!B5{EM<6LV#xQ)^&43TiN@43x~e(o?F!IQ8a?x=Hw!A z38D6U*Sc)2t(lpbcXxNm$jAsyIj$oF9{zZpl47K#75na;uA$+x-@nGP$-GZy6 zzLV=@a#3h#Xe4l&)%za0IXJAG9`7Tir3IYFWppqhGFh3mVt$3FVOw6M#8$678K&^a zNT02rjlb6?yv3$rCCSOj*QKuz(H>x8B(Gk*3jZIPAm+WzoY6;2Kp^V1^pea7c1_(_5~DXOlnu9GwCQ{O6!ia0qq zHqK6uy>4crs3M-b(}z(8)oLFP$hlcR-2X4%~yNq-HEH&IbNRjwF3&Uvg?u3Fkv zLPA0!A`T7?A_U^!*mB*J*WOy?V?x5hJ-(eiJ@im4kVWNH{pD%nHZ7T+A2rbTw7bab)jT@+>n4E za&pqRR>j1GPC5_jt0VRfB6EGB64Rx_58L}wXBl5Q@xcQFr{t(jg=|eh!Ai(2D=L-l+k|Kt^Vh-o{^);^GuYW$gC*PA-AFb0>c_JerSqz*lUi70g0}r4#@9oyH`-3`bU5n|n535%63kd0De3G56Hu;h-MSg|;ll?Ai9kveu|rR~ zxF{Q&Q(wBcRqLz9BHaRUX9hKA^y;c38(YD@|2{a$PDmIH!Y9qo&wm*h_@?GDhRi}| zSo^_)=lSIX!A&J4JVDnZ(S~LA18;80lMTD}_V#*vdkeZucXxK?fB91PZ10|QUQtos z^t7qNzT7N}%-6A>xbtq_*4Fd?{`>DIt=we~5m%=O`{WTp2PNU5)>gdp=BB2Lj6tWT zDyqyR+*E{YY;5C$%B(4ZF6qMVEN7LarM#|MEyF#gwzfH?r8@&z^5n`QqN2DL8v!Wq zsHHB?&ABc0rZIXJTHD!GR#rCb^or(>LkTjI2nz|ZT1sUNw8k)S#&&Eaw9K~NZBm+y z(=5;{nl7~?mU?k^cDB%!0OR=J;Na*;PF8kSSWjnP;gNKXm@J~vHn3r`=82Py%>ryH zfaQl*OmWE8&sXFJ%|)|fh)ED-`4&pTaX)rf25*xn+S}*F#1Km>u*9Ybxi&R7BPEAb z4V|3Us@<1(czLt3vd9T8UAh!QCmOOzC`P~equ9!&7TXFhSkH;^ae%TiFRbND+Wd++ zxSx@s;iKtVVb2ZYAe5HYAmpp(uOCu#w@^Rgn#M})A|oRi#Jrx*umVmR1YP&9M(QxM zKa{RXJX7NwdL;1a)2F1QB)uY2ok@o-Yn~g@0jGPEXWKE7XQ=TKMo&2+`3aw2s+eSw z3wCx(fQ>mhECB)MH+gNDZ{MD(cF%2S2pBCi2@elXo_VE;GAX`l;!lL^?C7xINdowz zs(lRQK3ZhfCjU8_R@lDkHQ$jAuvj;*c7LH!$3-@=Vp3aMym#cVp`pfGA` zL^4r{iHSn~Cthsd^3 zsaI4{IXT(sGchpi_>t)E#j5}M;B;eN40MD3bR?fltubC$ls z60N?Q)8d59fYpgAETPSfT)!%3{4s9TeAGRytsz|trnO!-e4b%vSBDF{OkU>1=`xgD z_3Ov*Uzq%CP&)G2fY;i>%q$}?usP%!%~rybCr<_j22yi*w_U3z8!00Z8^w1Dy^epc zL)$jc*Vi{Ns5_X8Y&h8_$T6r24bsukx;z>;?XxMKO-FCMus3Q38Jxmp(ezOhv7~8go*o|Ey}fdQg?Fz-=ivLrE^_Tp{rm58 z?Rz%G`UhQwg&d!>MXYhO-IWReqaWSeKgqmy?b`3(znO`yBJMr)@aVValb4rQ9cPRV z)>U<=s;Q_DI5|oTk%MT8R~w%#4`hXt-kC#oTvnM&;S2pky+SOvF+jD0sUCoVsiO4>fjw6*8!W4QWUk!S1>*)zzRDhce55V7dYBf&=vWprwX zz~Mp&B?wA*dxv%Ld)&dnp?-n+OaEH`esyzdmlc(+*`F~pHs*kLrAb#;H#$0+*RI#Y z&5g&y>{Wt3d%gQoFQzR98@fbwy+xU{m6Wsmp|i7zv2l99nK$6drO&1r#4c}@vT<>7 z3v|DH*m4z=LpL|yVq}~hH47MCs&t$e5fLGx6DfNsc1FWzLd;Hier5x$AqvIicjQ4GwYa&Nk(_L3YC1hWelNCT zcjUs<%H}5J)nH0a)5!|w2`KFw(iRpLkX9iZ2`~0`cbV_pDb;5;GMeCb8u8s5*5l{r zpPHJ2i*L|uOcx`=xVrPtd+jmVx}Kh%s;WJDW`5$zm@N|<>lJ|$=eVGW0i!T<@ zs@$fI{DOi-MwQWWS?fQFksJw58iPOFmMP7AEgT$f-n=O+Lfq!)=$NCPA@O8YdtGi4 z7-b1hr%2`u?fAq54LyCYHBV_t$!>*a{_9txh?{(&$sV;sz}PH#l4fUT>+0%~N4WE8 zlT%WZvj%{Ul^;u*n~sl<11cGtn4F*NsH?8od(&oy(7WfUun-Uvd%C&RJlo6nA5jqI z!BR6eFQ9nC5)1)2pSZbQB_C<`$ zF5owGu(P8zPNb)N<U97zV4k z+57k$1KqoL=@PI%kAZrJ;_~wQ?CcL8KAik&5tw=W0SWBl5O`D!gXG5Mrpt2uD@03I zH}LJ#&46=YS~IYR9wisoqhIlhZvLop%_=Bx($hxPqqLvdxL zx|&)}t<9>ty}o{8W#ztoee}mpppESJ?*o?`j^iz-9UmBIv@F(yRo76Q4)U3{%1!;Y zD#U8C-M$@+wv1ZVQ|Uz2dh+w}^{?#K)`~f%@YDE8%=GoCt1>#e=WWo5c(g;C`RLNE zE1Tt&M9mvbS-i3F2&M$oS!;qFJsJo69^&|p(@f2|)b^H$NDU-^c6M+c%9MT^JD?ZC zy0u<8Q-8EtP*G74vVqv+i%9syjq$osT3+r4^>??SM8=h<&TS#0p+PdX<70(EX|eqP zlSrDWrlz!ZSf4y?bh-$iCGcPy8yn?!?A#vm9?~!svYqGzLoxcI&!1J;DYSmDpoMoq zW^mSST`YG_CZ&kv2gYUQe~9j<%T!TSjgn#F9(|9j?e4Di-eD%`aA`P|vq&LZ>Thjr z1%;HDm+VW~c0ub3=hl~iRveG++izS%8d+VbO}fOMF>?#i~CGs6`{EMEat$fr}ACA$p2k?H9| zua&tu9_MksfPjEoNjp0C;x~X>tdEy#<*E(K9`hv|h&Nw7XQw_(t%NK(KRex7>>;>z zjqdD`pP!$iVn?~t=#Pg_Q7DvxLfG7wQoFtgnGZjH==V&V><+4nii%m@DjFF*=!>@9=maEQgK2xk>m~MAY~mZUdWDR#x7eX<#5BDRCHN$(M*Mo^`8+eG~OqMv+E^ zY;UtZH2CMbjI8YKJ9jpxz9lr->Tp*-r$)PrgJk>i<;&XYDw(ocx>(234&WLQy%=k} z5;k~vco-0bfRON2WMly-ArAKcL$_jsL9T+31RS2IaE|R-KxF><^$VI>OG}IIPLE*3 zDv&t1g28%WvDluTp37^RuPI194kSi(YL|-5EbSHM=C}6vP z-=x?Q9YM|pd=9Un9Q=~JygZ!(-MjDDjVjoMg}t`~i=0!CKX()=%F6Pb2W1qQ->$B% zo}Vm9(gsm5-?6i{X6^NrmxeXV%fo{8xHmO`MHm}Tg3QAvNM~|!aHuhp%yKeF`k(xs zaJh2j3M3zmWOno2DaBA;^mA&7&`#@;p&{*J{qBHgLEruxA&mklFL{302MO7NMi1EY z!55t1;bsTlkOrbZ^hxW*ix-WJjj*;07cRI}8#BH6n44P!ExNN)iJ1f%2GDM2SUW_y ztIG*COFo7kT~K85O_%8nyFtnPx6OJj!tT2!qgw*4Uf0GIPH3p`Js&f>7JXL^V#2+?K(a_2DQk45{;gppKoth zaC5$=qpfWXKEb0&A(Avfa-JlWXw+Dpk4ydG;sF)|DFIYl@hF+f|MJmnC`0}6#Y53I&4&`xX*78;#f~7CnxB8Ztm{bgo8#0z?5v|1S&$jvsAolAs72fk-h-#oDklpMwn5I`a@@|w^E+Y$r?1ek*SPq6YQHvax+KG0B^elp zhKI8qO_1Z-%BKg(t|xy8*|UQYO9uzVtO0#?T@McrFeYS}1|IvW-ixoPu3m?tY38an z2IetzaNu=v|0E8C^UL=&-v>Be3UCv;gYmVqqpb92j90ndlK53fh2d?$qV)7eXR#j! zS12eb4j7H#ruyt7zG6dteK8%@pj0`HDjseb9WX8dT5ctPRF*+N-69x>O&a{g>ramM z))1Kt{s&US(Y(IdNBDWkwArU;mWj%<1QhIH(b4o&R6>47W%}$Au5&?iIWzx_>i@G@ zWe$Vse!s`wzkmPp=g-7MDmyznF|K9;PU9*rPR`B6o)iNEgYxonU^cP{z}(qNkJ^*% zF0a|Y%AXB=x$MT@0bLD|dAPHLAu#jB$_AmVtT26&=bt@Hye`P5B-=YWcHXJ~?RhFv zEv2%c%J^|FTaJ8`<2DJtbRKkjNOWOgVKp_i>FMd@GN|XFA3xe{OR-Xg&{gbgY}VnW zJCXY!TZhEX`m*yJZjiKvfx%7bFtp`;!?NY}H@Bcp#tU&7hsMYASxj#+k}=7!JV3Tv z^XL#RFW#veS_xEEl0KqLuGC^dX;pl4tehm|oy0-`PWr0@)8UvFB^U~i{)-nc# z1$>Ppc6j39K}Jr_7!=JQNl!^BkCNc!9UL1o;MRV5ef8HbGQ?%4(L%5mK14=#rHOim zOm@8mqCP#X_H~VA!wj0xR1rR^Mx!>#S>-f`X3;;{8S+%(D!4|N+ z@WEvO6dF3ZsOw4!3JNMJz6@K`x0qt3_#>Td*;(EwMNmj#W1ub zyaIsSn5=$AzEdiSDGE4M)|oA8I7@CcXQdC{0Y1hQv@z2Vli|shPQL>l zEmII#pXxJ*_C{Klmdr}E7!kt@ zU>o7l(bE;qDJ(vxKYdcbZ%-9=2O$!zz86INl$@M=c5_aCIl}!AJhqEwXFnS+1)&~2 zD$J*|Yp33$K&iUL=@JI0b~HB50^xzw14ly+ad>>(m&kqV?%kE%G*L*FZ%@~iR8(4G zu3A}HfyTKX+fnoFn=I1}I3)Sr^dDx(*L`5JKo9)D)_E(D7!%XC10^_Ob$R(7 z7@bstk7y&&n&av(qoYV78q1;UQ&Lb=R90q)dAose?#Q+{KhKra4PG^&X%(Cqtc@07 zvK-{2X^Sf=h`{g;I1}@qqot>hzCK>(Be)`Pfu0ju7&?-Y;POjQ)sV7{ZEvYTRGInh z#iLmNwC@|zK)Y#)?%cYC0pKR47du$aiov5i`&HTpatj9RL&xl6pxuSD(N;|tvbh+n zK1L&5i|T$;N22qKirW6uhdBsP<4Ewq&dJtxXCgywyAv&}teVZaz%j$xMdjT)Ia({i zba;IKs0jY6+vCUW9UV9QyY;oSAiHF92O*>Nz8KynyBa!aRU|~DQ_f)}NpxG;l~yTt zaK%F;un|E-1W?&x7I4a6mB=#63Jx|1=43{KD#v7Vz<{_wSYsceGMJr1L zWnaId%9&VVg&~NuT~F#URAJafl)3)apwZw8_h0fH_^H{_dZe`}H|&Ha`_+cc?st%=mVP=t$s}7sf#wB&!f}F+7nmRb^j~Qs z#lcHd(~HqDE$q8%`$w^C5v!4*)|ZI0g+ie?NYzPk9G#ppycci&y?;?xx6tx+PIpZs zqsZ$Y1m2VNF^B+2`xah!9|wuLyZpv910nbH40Wyg+c!}Wk#{tW)_yhS&%L5(XHPO0 z={UV;fDE^5J7l3`WpN|X z9{Ie+Kqen6{UdmL|Sy0iZo+a0NPsWwCx_aw~TLs{;r#5Tp3l zuJPwPJQ!wT;3T#CfYtn?U--Xb+4yP=Xl$6jbKYwPArFs*A&m_4SFoCBp})3fC5rVk00W$GuCJRwU_yZo#{`@pC7nji zh|s`Rq5JxspYBVZ?rQn@)hRIZ1b!lHdvy~7W$eD#4RjUGJ)imb(A3Dc%CeFH52v7{ zoT>Nw1}gd6w~4Q(+=X7Vv7xPPG$q6Vb`P4eNRgp zO3e_PEJ^lUgUBrp%Uynmyg=3Szdp?{+-HD?vn(b3GSdeK4~vz$_(GQ-uA8HFmS}3O zm|rKl^2PX*PSlO1{=h3521#!hu-LG!;BD*9wWgn<->Zxl8X~Iw>F9*sTMNU(3*J}h z#175{*GVT=KkiD%vKHOG@6LLXEKSVB)c;X2u3W%@BqHqnXMXdOe5)JV&=M1dnszD9WnI6iS=F{2yTGo-_ae literal 0 HcmV?d00001 diff --git a/examples/aciExploit/Attacker looks for runtime information-dfd b/examples/aciExploit/Attacker looks for runtime information-dfd new file mode 100644 index 0000000..19080b2 --- /dev/null +++ b/examples/aciExploit/Attacker looks for runtime information-dfd @@ -0,0 +1,19 @@ +digraph "Attacker looks for runtime information" { + color=blue fontname=Arial rankdir=LR + node [fontname=Arial fontsize=11 shape=box style=rounded] + edge [fontname=Arial fontsize=11] + subgraph cluster_Internet { + graph [color=red fontname=Arial fontsize=11 label=Internet style=dashed] + Researcher + } + subgraph "cluster_ACI Control Plane" { + graph [color=red fontname=Arial fontsize=11 label="ACI Control Plane" style=dashed] + "ACI API" + } + subgraph cluster_Azure { + graph [color=red fontname=Arial fontsize=11 label=Azure style=dashed] + "Kube-API" + } + Researcher -> "ACI API" [label="(1) Deploy WhoC container"] + "ACI API" -> "Kube-API" [label="(2) Deploy WhoC container"] +} diff --git a/examples/aciExploit/Attacker looks for runtime information-dfd.png b/examples/aciExploit/Attacker looks for runtime information-dfd.png new file mode 100644 index 0000000000000000000000000000000000000000..b18e266d065e86f399c96044ddfb0f37a0743f47 GIT binary patch literal 12347 zcmb_?by$?!*Y-%r5DF+IBAwERg!F*Y-Q9?iA|Q<-h>`*VA|=u-B}fV~bccj=hmuO@ z0N>)A_x)X8{`bxCI*u^$JbSNwuRGQ&4K?{o1k?lw1mcpSf}9otfz1HVpCYl~|8dN_ zZt&MdD`j~(#M$|O?;CRC5D0pNqMVG5SIW<6ZxikI8NMBSe3{p}(i)3Fj9Sg@mx}3) zaB(%UdE~;2+|WMUqXc6gbV(eiYr_6M*C*A?FW0>=7EqAqMUHD?tRwg6f}xyESrLQi zHr@VP;Y*#0L2QJ(hbQ4GD?KV#0^&MFAKTgE$k4-OAP~|V+`7X5KErONB0PWg)Q7L_ z{8AC`X(P(c|3>8DS#$mKWaIzyONfrk+tC^I;=AhEx#8-ouJlb)$6s4sXJ#H@5Po6x z;$)O;r};asf|fyV-4!*7kK^O$5Cn>UUbwl-Sz1~RxlE(PJf#C(9cRbvi|ZwBAoe;t zq-|{roN)#;qN4cx@aFc(X-hUJ{LJ8f^J*{6Z4V8{WHMQm=}ccfzaRG-|GB}(GZ)T( z^1t2b$UT#k*6UIi5C!pxp%h%NH<6-a&Ke~>Jw1Q^{CWSLe$O#7GV;ZX7X(hPt`s1o zrv-1{cA9PU?|IAbC{(v!!E07uC(;KJBoi^{1l6v3WE_9h~WDaEy%R)awtfh6-#W?2_sVoSn z#F9MZqNlgmTk2f$Zag{oo*wW=F{4)lMUKeJ$jV~&_djX$|LgYIBqsODl`Hmw?~03m zmfLoxq^7RB``Fv(%^Ajaut;f`?X}tY`%9qK+9IzruIuUPVdGtPfAr78)6=fZ!2OPd zghc8R$=%%p*7}Bc9ZE!){7|I3RDOPNN+zplDY=`-6@5PKnD5mt4$|ZZc10uV4}&&6 zzDGOrJ3Bi$IXOi|T=Tz1Mn>}&xeC_S+ZEaal_U%zO;1hbfx+cqQ3H!W%jPqX(U0h%P{CKr5D(Z5uhOx1+ zf`WpKOf%+qKk#TC5A*S{X6)r{laQ82BCZXHJQGF5PWbZGzErU%TT@3zUh}!1TxPd6 zH~;<~Gbhxt>rZR2{Q9Dx;O3q{Hf_h^?qwPgzWaSN>gxS9H6lET;WmVUF?_50$5!F7 zq;Z`oQh@;;9#tKj4;>uBBO{kxMYguKIQ5FWes7Q~?tknvB|xMTD^4q@si}3$I?dF7 z&dz3GW?nkpUlmdJ_V$J=_4oH*UAs5UR$kjq72duGzwJp8ttco6>$QW0n&|Dl#9-s# z@V(-Gf56F~OLUSn43%!nT{}Cj*RNk^W6K>MH*j%r2_{MGR#i|isI-rXic*8!mLY-b zbFWb#??PLB&?{Tst1e-Q^~X=zE^{|{Mi^`}pgUON_T5!V=xg&oJ|78hl; z-gDty#KS8!tZ0KrbF(FsEiElAj!eguQ%1`YxcE=(6XvJra7y2U9}k?Jc~aK4w$fr_ z7dAFF=I3ML;uaScg76-@d2k^7B$+*!8hn12|ILH)e)Z~=hlj_{pFi>O@kd8TMbw>~ zoKPs#^f?-n+N(Yc}xg27`{KrVL5&^XJ%UuQg3f zin6mk7FzLBaEy z`E&5I&i}7x5dD$g>3f;yEiElO+Q-Mo$P5g|FZL_CuRYd>zVCH>JPT%LBwxEcxJluy z^35arlSSI;DJw0-;o)|2HP_Yi>@Nkv=S|$u=}(OI=Z@}Av_^O zJ?&To*{$1@vCeYu^Yb4})jX=O>)lveBf;lFE0zb%*Y|v*Vk2(g`D8tg1+)=YY$geR>DQI zv9OR+Qm(G7Fa{eL8AU`yv1IKD4D*!xHvpB1KW?v9qv@VD);0ttY}NH zZDXQ>?NnA-nUFyabJ7zC)%d)5U~n+QKV|6e^pn|%iHZ3pxZlojMk$)7{Yq9=AM*3p zPfz~hazKgX=jT6r_Uz=(?~0Ef*>B#w^7-oDqus@-swyalhAcRe2Il52j*eU}RjDJt z)je^cjSi)Y4V7X=KHmG#YE)@In4_AkAW-?~laIGI+?=SWsA`JH;Mf>tbSLxe(r{A( z#|c6~Tt(p^x)PJmSqmf~ zGn!8S5J~~2W{=0}9^3X>b=F;caQJp#tz~577oahGhjy;o4IxJZC}&MgO$P@DC=5Bd z;2+^vV`+HuP%)+02#=VQlpY%afJM#}DjFKU&2QY|vQ|(JwY9ZrX=(TS(~9%+71hRo?8Y*&fT`eswGc#IJ(m~jgz5TOTs|v!qinb3PbT01h1W)Og zniU&YUuGDYoV>|##&)29aCcam?kH_Kr6wiaZ94ng};tsOvQL?ouQ4U7(;{+r3(iRVXt!oF-FDx!5sj!Bl8IcQ}acoghQG(RP zaGCIglE;KzQtd@=Z!fw%mW<`VHRk4<3oG^5@#WRkhlhuhijEH+@Cyl<)w**87-(rN ztgg0OmAMKptgW$&C#Bk4(%QqOlk^j@>!IT2=Du+wwamKxbhn)@*m0is%1Ue)W77WV zVzgA4)5jf#v!iw?qDzW{gCC7lZUctD@wEN#GhRO#xy7#d!_gVksK4}a27@8hQkeJ(SPZSf)* z;%Wco$QMIHI@2%vktyw3QZ$!Mc+bD8R*cFzKRtp-M=$66^AU)-xG(<)2Q8Y0Up!d7guEiQBS=kKo^18zRu-kN;|GsA8mH)o@+hYXyL0-EHfTO(7y9DRt-a+9&mr6}F zEj4SBEN))h@FEM>{fA+|Q11rOh_3Hfdd>qB1ZrAcAu%FE4*w#pw}& zUfezB6TsAF1O675l&B@?a)w4mUP|sYtM@8PO-(KMj`j3TL1Ceo=a2FA;ar!gnn6Is zjTKC!QLBpy4GI|&l3#QIp^($Js~pvAp^_r{BReZE9Gg1K$8V(18v^J-5uKU z@X*kQ4T=lzeR9=Osrf9PW@K18Iu_kI>@J8lcX4U?Zafi>C0$V0`p-9(m6ZX(#=b}- z;<52&sy#R7id)pXB^v8ay0b(cQvrVdYquYc0CQW0Ra|uY?0dL%TS&;$-My%!M9sb1CT0c0o+_%I@63vep(o;_Z+nkFiN(TmN9SNdM$Ot+z|706-h}* zpg@mif8qZIVAXWIl1vwf*@eEoKA0K0a8t_|YOUIN+N#W8I9HvQlQZu3#|R>3UpvGI zd3rx!RugbO;MZ8#*t*j+pFQ{kE({>2B?7Vuh=}Ul*N1>(V@^(v{ThQFYK~A9e*Ea# z8Ovg6X$eIpNUbVUl_v!~eSft-IVs88$LAE7Zh`YG-;{66Xf9J-25?75fc+bP=I2vE}ER2oT#{8S6d6r@a6~17W&HH0k$kQ?eU%W)^4$BqCrf$~YqdV$!L3$oaR=?PYoQy2%S|ZgO>ZbX5c5##W zDg=Gf3v{Ut5Cs_-nL@qd*v9wIH#uvJ7v`gQ;dl!$GcBQ=4H9Lt8j*w z>*)6Occ3deIsII0k5=wvTWzQUc>#^Pg#()J=(le(pPZ8EmuJsTt9N8A|04pE?syac zI;Ex2hNEk}_j7(+BGEH9k0z;ow0LjqG8@urv_RL~Z#QJlQd5&ORc&l&$mj0?x7zyJ z8Xq5@i0d4p@ftH5n|#UM)&GkCwNEtW9IXaG99EZ#v9Wh>u;!xz^`~cY{q)|hgK&M| znVGseuaJ;lMiqN{(Qcth%X}cnIa5z-&EbD_rwD$2`!4t}gJFW+@4qyF08zYV<{WRp$O(9r9+xCq=d*tgnRAJ7;_ zmO#C%tbl6f0BXAmnVL>>Xy;&l4XbMr3f{Wa-Pgy%%?;9!gqc>%Gve#KmyZuLmaFER z^KPFR7#IMA_&~AIz}ykbeG7|o3t;1Zqqdk$GMwzhM9M1Lhp{<1tZ?Aoydf(fFsX61 z^zy2iv$VCf_4O5#AvriWVARKhFPqL)Pw!)SiFu6%d?TZwi8wPWvkFN{nuwMmIySm-;Fy|-7;g3o>gbQa@qo1{u)u+=2+>j zEHV%oXlU<=QHoDV0r53GIjLlsL>684;_?mZ8#h#)lBnBeW&);bJ;)L$=;(NbOl=}U z#tOFl$_yRZ#9U^?{ZzARY7CT>H(Os_6>0b{qd<3x3FqR)g<9wtRyx^yYFpe+ztQW#s9mnV%ht@BjXIQnom+U|HRzRrvL{6ela$2r0Akh?R{cfL-pY@A-l4;KKUkPOY;BjO`% z+ibC9r=SuAg@h=a*@C5lo45oe13D$(z5ewrYUCGjb6bKz+Wp#|O`jCFO%#s4B8iXT z0P`bF(*Ne-^{5JRa`Mjdd}v0QF)^g5ypJDW)4vP~3W8#r%LNaCkdUwmv!@*VIy4kd zjYh(!^7H3ofFf`cBDLWB_e^rC1)V+#a0(xOMFrl!D_eb_z12X254Hx<-f*Rq@KRPM`8n<0Ba%w{N! z3<(;ImVH4agB%?jyG2EG_LJon|<5ixb79e5L%+KtUkKx5o9BG9By zwr9j?i5V&ZDB)x^dhf5mU4v^3eVOqRl~jOuTxUI)mo7~wD_dJpSHV4Yp015gP8PFl z!I}Sz6~uzt@x;QBQ7EW2Zwi3bPd!W%3&0$enAXW%DJ(1m&*bhWc6x73B!kQyGm0pB zJ-5pk9F@<#o84*f8(!((Ie$e0jCv$T2#VGTdpaC&6E*y@k()uo?4>Fo@( zv{-e#W&nf1mXF<8Wel*#ak7$wkI!}By-XN;`n}9o!RCqUo11V=l$4Z&0Y)+G92^Wt z)Q)VNoSU1Qq2aYH-2aQoLclt*y0kPm8w16~!@&WZJmNixgTp3>9%#kU)VB#3bPNrT zcjmtW-)9Vl{(Xq1G`F#_Nx9>(0Y6Q>{>6gt9GAet2Uh@!a9-}olS8o0FFt2bhzZVm z2>${noXfDhwWo*Ze!zchnx?Z;-+9yvqH9{_=4apz0Twa^!!f9~{Cbg&j!uz9IX)>V zDK1Xi$S5q3$G1w+4U+I)I?>eT5d-1>!ye;s`>2BE(CHHP&et^O(f$p@}b_uLr zVc}{p0|?T(dU}dVONj{xVjFrSd=ExON9UW8RC1s#6d6{4XUSP5O-j~Q>Lsv^H!F%6 z9v+7N2!(V4`}5M~#g075slaRg0BdV&HZ_on3vx1DA%v8B`}_WWe#}*o-OJ81^`h+T z3Vedw)FBsZEV6j`)ITL?vf4wCsz@g0wv=b*Li5KcXFSkMaRd)41yZ&6D=+(0=WT4u++3JAtt8Gu9q4z zgl3g+IKJ?qpKEJRk5|*-bONFa-?~+ppHJE|P!GKyl$W&h)2b>DS=r|nsC$ne?|*rQ zJ>hr&q6df^d?u*6$W?X{oHBSZbVhjaByt{j04whvANTq(UKT{gljs23?C9wC_rNKI zaZhpHIFDAsM^5YfGeH3ZSiuU!h|t=r4GhwnKw5yd;q@B=4LWyRzU%Q6ydzOU)%iIn0X*@ zzRpkeZjETTB+40S%g3%GjeGu9A^0xx0${bj<&=;I$nRQddV zIR6GD4}Hex;DXVHHUkjWa6Ese%y>ssK@AHfPmAWx@z@8yhV29zvHP<*hzJA3fsVJ;ZgR{f{%2G7l7n`6v`;En?><|%TkOJavZm?v3U~{!;r$`af2zAR$D8HF|O|WpmVT5-Zr$m}@|8$g9HJ9`HjZ42@{$oy8U z0AwuA-#_(&3hC|rS-0Kjd%VY@W>RjW7!Ys@OQct77Wwt}c$qb<&FSeWXiO6x%Cl0S zUa)wh;I4qUEhs8t&R2F!V$M1ooS6yk+2qpK(V?QImh|2W7C)zBXQwCqsbXx_WvS4Y z2um&5*GPdJcQm;J5f_{7)iE{gwGp6`3Yc0x=s-D+Vx70^DOt4zXz{6I*37(ya)8a+ z+HrF(*VK_7tb3&Hn)>YqP|3i9d21ygSOC*I%>U4a&RPO;BL;W)LWo55_4Vg-X=rHR z)ZX0#BaCpXBzD9)_RYlc#ae*bV3MdU=R0j6aH=0Z>%WQF_45WmppMK5e?6O}2n>P5 z_lo8WKLxD?J}<%S)KtAqXDk5qd?+wzkF-HH8g`I+wAF*@psALrfe zdqXn!Cb~?g>He+gb~sgVlMu&<*e-X)&(F^b2?;^e1{FUuGlR^4W&vUdm@X4DbMU=P zNCI}jeTfxd3Z9yt2KffM4lHcwLMA3AM}Ct3Ylha4ke~R5KW-}4qMI?-l1k}?kuo_+1v7%*)1UzmfF{p#h**R|b4AVI-g3BF(1(cRIZ z@B^d78V8Y?nwtd}jKdOjFA)ghrSn;U;O*20j*dP3{gBS2i+h(tTAcWui7=+%E-*Ut z1n%3=P%jau(hoq9bh zqX^b=p82)2vj*A&a16YsmnD6?Dypi#A>gigw74-^i2Dkt9*Dyr4m`JRnVYP*1d05z!Wx#s71L{#sKizTdDUs|_E&EIF? z#&ZLmaPhgOsi`UnPI`ZIc)0JcwV14)SPCXmLv6VqjO<5E8T;j&I>p+ICr>`6_^v}~ zjE|4cX-`;z=Lg0M1#n!m93AKYkc^z2YzHn&?0^>u_T<_?2ITYaKT1gJrMuD=KHhG& z;DfXr%#rkTb5BoCU*Ecjrsrb+WQF1Cru)YjndcV)CgyW(4BHiclxoEa;0JvyFL(3w zj0!t{7&ZEdrd_;QGc%~#Z%s;aDt$4?gHDbwNhSC-FlQ*367wdtj>oj!6B9|0@xOZq za>@9JBj)7I)@)NWiO>GZrBfDGgYO65ij9#O5Nw$aQ97(D#b2G%YU2Ydvfy*P3s}j3 z39!I`37}(vi<3|7Fg_4{?b3K`2ZT#D^s)!E&z&7463KV_HkwXlwa485cl~EetwLKNZcv!^4w#FH+0sskZWMYc6Bs@3@2% z^uc~W!ukgbucU+rT00+~#>c3bj)n>7i6Aps*1HtDT8SyS zjlfu8EvMv2UhPj;el@F}yS8_MBuLoI?*Ocm`~4&+;2_`yuu9oLvw&(rX23wk%a<>~ z%*BuHe;GYShnsxYDri)7-Muy`$q?#1i}%|(HNE4G%>A`B?K_gEsYK{1pr*!tTenem z>CR^MOVMrE3@(c9=H?5tJ$v6>niw)}MS{`+Yb@XtuR0XW z4+uD+6HHEm0da$r6uKD@Lt7i09j|(@OaA=vsdvjC?@35V0G+2^=L?%r>#<3KI%0g! z2NN1#74sT@I&Wp*7YPUqO--5bNonFJenlJ+&HEDVO3Xtd4tbsw7+fz&nX+i#{+~&# zul4^siOuP@#XlR1)3==rqo7A9cuc6ST{{Mw8|*Id z-vD4?=HP8ok||8`fS3gh1br6@>wGuCLxP~Pp#jXoO%~fU0b3(feW%oO&YPpN# z)zLJfTE@o7F)__{6`j1S1j;HZDZ(yk9RW9>@PvhgqN1bak=LlH(_rWg@bL_@Dg|Pq z!J-+9C(#$0OLO)y&l`M%G!g)BG5Zq*m%(eu`ZP7mV59Hfzklt}js(n7AZt#bn^ja) z(#>P+~A3uKN6B9F5S66T2{kC;|j%=GyCUa0r zTbm=PXaF7%ym+T+gRKZuq=U!Q>Q;4ib(8O*TEa7LC#PZ>ei#W5tQySvJln_SBgyqs}Q9^i(x8-R&vd~E7s-4@a8D}hzk)!hy2$TXfpim+8yj&tBt@do2C>FwL42Wv@G zFU<#j4%#d1buqoW(WEuq=>NU7)drA@EJ1PCn+se9m^7;Ya%YVT!ZIMZL8f`=Mb|m2 z3u`$*LcqKR%BC|-67rfO;KJG`L9u}BuD-rBe(SbeuJ*}mXlpKDg|f1;_2ZmtTnr4B zpk2Y(vq=&V&@fCYH^M=n{rvpEUkDRU9OV;0^CG5`&hrH5k?3^y$8q_y$^Lnq{ zHyqj!ir>6>lT0(9Iu7g!u-pRA{>}<)r6Z-EfPv8n)*CJ!o_5`4y%PKF05%ortE}wx z6bOX}T9{ZSB%_GP5wKp6@o{O%Xsuo9tTX+*1U(<0+VkDj2F{sJXJb#Qty@qFyS zz-Kfyd2W$#}bUbsr2P)!gCdK|#=4mqY}(BiT8% z4eAgY1y|YBKomXiwF9o6SIh0T<^!p<%z0`(Ixz6Xt^%;+5j4jTy{vJ53KAxC8MI15!nXu&VgIwyOVl8TRJ&u z#G<3b^u}XM8r&bazRNf6=$M;>QQ##n-wq+%ySHyO8filI0K344-|Ck-tA~8OJCPUo zHWMQwaKwDmSh}ZMThO~{5vcGeG}HB zyR#GY9qjG_xRGb8fv57KRh%vnA@D6GP?nH{)`9zUK5(+R=`EfnaQ!_JJbXTW{<4aS zWS~6By|hvR^##T_PygKH+9_FKH9N_%tA}EJ$PV0 zk7Dl6Q)JlucNoTR1%@mhiJTqYB18<_$j)YXYlrjYe)zq(O)bhJIagZc6IT&-UiHz) zbMXGc_KZK_&wmeJpZ`P>|39PE|2;d-uX8@hgP;ouEv$v_$4^PocvxT}|IftFNLw&| zf%64~G!_LRw*mbaX}WmZeeJ9Zaw=~4;Um5_jI*Po zo~!{@HT7>rujkq=XpQzD*m;Qlc~c1gQ0XUeEhvR`ah9-n;j zPxIR~xhqo|Ooz&a!xN1Su}CL#+m$RPb#$+k3L5MrTq~5-sMBtgkZnR^+kX8!b^z9k zG!z3tTh~SXvb}Av*TGy*gSF$$NoAMw$1ZNmS4xmI7;}C2;j*nt361kOw`eMOFnuE- zCn0<0uG8*K{&^+;7O6YI^1M-ppS9#wU^A#uRs%?lR-~`{);rBi#XR=joK)bQ2V9A7 z{A~DmT&SRWMDhD8b*YP*5qiTa^fx0H#YBG2DtOcX61;t=rs2kd2A(W2AIvWsT3ceN z+cnkkW$;A;H55{I!uZBBqRzY)72#B}C_z9~U@*Ue1-tijY;J%93NaS|ssTzX_7Sy0 z_<5MW1Fe7&6%7SUAVty)2v>I6TPO-;~zyp(Vn zDtZ6lvJ%Mn_*;n>$pPM79j+3mmidUZ5B*@szl+F}hb17tvuSW^C7^v9s9d%BrWY>fWrAm;z2T|_*ScEQwOO3(?uJ9$6n8&(*Z81WIiB=`| zFWiJI*eI8mxvka3u5E=X;V%^w2LjM{MI^5}%RNHd$(#OlhS z8GZ3a*qA?GiVvB5;7ed6pk&j2KoF~wz#jUCb5NNaP5xp-dr z=e7bnvGKlfO3YJ0WXn79%XQ>(JBTp^1x7-CcGI(2Uuffn@*)Ke%r~SIuZ)!WLQ<~f z*+V0QWF{SaXyMnC)wbnY-x<*5Ce$c?2gNn#sF93}L`2#Xu*s*&&76mgFSbPAlN`%? z_e?(}N>CT?^kDjOzApYuOG~cVA;slY(9Be2Wwi==Um4$XWaW+L=f;MtYH<20uMG@1 zT%YA<04V}wmkpka#hG|viod@;_Y5S`D@J=4%Qx5bU@dIRl~V?uua(~Q1hMY+a%?zmT1`bvQ|pgK)9mZ?56cVPl%`1$s|Y3t?u( z!JnZOEjrtir#W$z)6?kC2d)T*q7D-!x_@Pu-6#AONN}ffBE)PLafuP6MadzlW;VZH zq9fT1SPzJ$k|V)05aA0dPW3tM(asDB9&~KzhqMU3zh#wIBNIQaIz`WHRm;QI4~@S? z@oo0G|D%He9gmssUT03bAZk}EviHONu===L({Xt+y>ivSP@Sr9@=;ol_g)|0p>4p} z)@VkLN84W3;#A#0SLWRF4V+s86-v82m!j`DmAekH_4i5!uhgel?G5O%Hb&{%8{+l+ z>$M=1r4~vo{}L2O2tTi@*w4(2|6(ewSo?GTLF3IiLZ4!io_|0!P6*cdG`Xum{Jn97 zKufyftgAy!0`A#d6e7m$A+p$2^Sm@4*%+4?aAn24@SxWMbWexk7V4U^al!9SFy{HE zw4#;+`S*d%_aWO-E;|x!d)H_Yem1pusFO8u<0L0Z!@nHk`^n%DdhgF$Ds%#58TN(~ zz2)H(+kcOVxnZ5nBh`DbZG|mL;c4CnH&n=TW#U+GVrK1AE4?wZdpwt_qYqXRg@>MY zQP}qGk({-yDG8?nJap#)CWbw6zoS2%S%KD!dGyD&CK@#Wst(;gMo-U%(w>CIsr*So zjqUk#gt^(ImOu0Q`Ym1FCF+&tzYj&^YX9t&8%QYHuDAWXsAEoK*JesYCqbogxR*P`7-Haz({0-Yfa?Wo$aB2x z|3w>q83v=q#4^9O;szwYEy5=aCDtF+XKms3@v7N?LRDLFqx5wj4qxCzbLDS5;iMzF oRL5ZJENM1;$LYVV2>#*V6j;Et@{nRn`6X`vtfeES!h&%BpQm=bSpWb4 literal 0 HcmV?d00001 diff --git a/examples/aciExploit/flow-Attacker looks for runtime information-2 b/examples/aciExploit/flow-Attacker looks for runtime information-2 new file mode 100644 index 0000000..3aa5858 --- /dev/null +++ b/examples/aciExploit/flow-Attacker looks for runtime information-2 @@ -0,0 +1,5 @@ +digraph { + graph [bgcolor=transparent fontsize=11 fontstyle=Arial] + node [fontsize=11 fontstyle=Arial shape=plaintext] + struct [label="Unknown|{Deploy WhoC container}" shape=record] +} diff --git a/examples/aciExploit/flow-Attacker looks for runtime information-2.png b/examples/aciExploit/flow-Attacker looks for runtime information-2.png new file mode 100644 index 0000000000000000000000000000000000000000..4262f0a5adf0b11f64098c728b418ba7a8245e15 GIT binary patch literal 2363 zcmbuB`8$-01I6E&v4@ew$d$5$vPZdJ>oE2ZTF9DZOeRaB83r@My;PViNn{c&lSCfhV+iLtzqvJDg065)1#yT9M(oab}SKX9JsTs!IJASJO+0ssIhCr6AY0Kk4# zz+6n^7q7ht75Wt-!7dIMVCNs*dr^@O0Ad0s4EhwYgij~coIb7GVYL>ka!?#=Y;R+^ zjEu$}&=&TQI%C`#0aj{<%ZMsv>A>z7^3iU{hoW+d<>lo$)JN)uo~<2<^x$U|{t*Xu zMMsQ0`(UkC=t52!y!(RFN?Lr*`CRgGs(L*9YwysF+JOzm^TCbk@eO|R8m!Gg@?TCj z(N*jilh(P&I+%XmxFj0pu8yq3CS8CVRB3;ew0hKF)rN}bwh3uYWu*!!828>f-zBnk zAu?RjL^@QtdkK(i6BF74w27hqJ18;i#LfKOrgr*5+FgyH1CI6pJLl9v^HNn$j{73II2#d;| zbaRzM-}ncGbqE*UhL>y#$6($iC8C-Xo=PfJ2DIENV<}CocEAJC^o`N@XLBM!$@Hb` zI9Lj;{qO`TNF~N~w)yCLA(@9HabmPo*xfA5)E)3@`*#k2=nJ&bOTloJFBX&atum= z;-KKZvbP0w3?ChYJa9QjhSHMugZ*(BFuy9&cg=CM)H=Rc&9n%*9E2MJ`?YUI;!ARbcJ3#|wrxZli&EVe1ZA-H)L!*0=zsS*gxYXqpq-KUaGYvdYlw#F%gXMz>*|C?>l zMDTGwh8+5xFY`$Zo=V0D--uOEc1y$BgE#u;yeQE`U<={;xL0J6>F;_6vU^vnMz<3d ze%AY+6VwkL3vzm${wLTD-#mLz|B+P8GFO3a1BJ$ga9vQ;izPwlA7n$DZzQl7V zH?=c@nr=F~8|ep*n~X{O<$1ZQNM*w?_@@7Bys<_%S%!L(CO-MqE$H4^I3>~{yD}Ad9 zRZmXsxNGcH>6h}Ctf*dcWG?II zs7m?jfHWR+S-b5L5^xaQCg9u1U7Q=je7YEBPO29XDTHH#+l#Pr#A%Y z%Zd&rQhFTu73D)aM5q=-oE{!H(R9+GrJqkwD>QsJ$6mxua3pyr%E zHOVu=NZge%>c|3~LUMkfAHu^LbGxfmt=xAlm<0jCQ=v%q**{$n-j@Ue$!2-9mYz@qs}o_1g2T;+}P2yK~`Sa;5DE zE!Ff+RSm-flRI~-{Tt@XYvw`u*CdZ-zjSQ>clMN<#6=_K3_DV!|47q77;g@zKE0#m zkzwYqh~Lw3M$J9g>+KrvTKI?E3(U36T8HAu+zye^8Q0F=7$Z|4{VGQfpkC?vF)twqg$89z4wR>6!4|FZy*-V}2djp9@YL$DS;T)CJsKTs?a~ERDk|n!Yk=!JcZBUMbL7JQ{3xu67M(WrO~DwPh)3 z>+>Ajt3i^85QIbZ;I|w~lx-xr$!z;KL9gtOul|!mxY#5yq6^x88HbZGc!z(_pkb}B zBee4R`R`hte`unRKZ6G^FGa!!KgH;j4z53CbwWxAk&O)c(<`Ssu zbcUo%jq=U54`@s2T#kJg5+?9>c~Aet|MZuk4#@JPYl4sZ-0_^wm!-oOh7p%mIo54y zPSfbznNVh0SM2WVIr{dTC8f3!tfg6`F)am(j3UWR!3jP(4r_G6K$}*`bO_wQ+|jDr z^9bS-gp}}wqwK-kz<-3?mRXFJ)q5ZJ^1&Eio??cO&tj62>vr?Utl+y3*A;T4CU@R^ moVI%~U?ughhast^zAZYeuCbJbN>Kmj8#&pzVXAF{QvU{nM`nWn literal 0 HcmV?d00001 diff --git a/examples/buildExamples.sh b/examples/buildExamples.sh new file mode 100755 index 0000000..8215a24 --- /dev/null +++ b/examples/buildExamples.sh @@ -0,0 +1,2 @@ +#!/bin/sh +for f in example_*.py; do python3 $f; done \ No newline at end of file diff --git a/examples/example_ACI_exploit.py b/examples/example_ACI_exploit.py new file mode 100644 index 0000000..1c5f3dd --- /dev/null +++ b/examples/example_ACI_exploit.py @@ -0,0 +1,24 @@ +from fluentm.entities import Actor, Process, DataFlow, HTTP, MTLS, TLS, DHCP, Unknown + +import fluentm.renderer as renderer + +# An example using scenes to describe how the Azure ACI exploit took place + +scenes = { + # User starts from terminal, with Azure credentials + "Attacker looks for runtime information": [ + DataFlow( + Actor("Researcher").inBoundary("Internet"), + Process("ACI API").inBoundary("Azure").inBoundary("ACI Control Plane"), + TLS(HTTP("Deploy WhoC container")), + ), + DataFlow( + Process("ACI API"), + Process("Kube-API").inBoundary("k8s control plane").inBoundary("Azure"), + Unknown("Deploy WhoC container"), + ), + ] +} + +if __name__ == "__main__": + renderer.report(scenes, outputDir="aciExploit", dfdLabels=True) diff --git a/examples/example_OPA_orchestration.py b/examples/example_OPA_orchestration.py new file mode 100644 index 0000000..13d7c1a --- /dev/null +++ b/examples/example_OPA_orchestration.py @@ -0,0 +1,64 @@ +from fluentm.entities import Actor, Boundary, Process, DataFlow, TLS, HTTP, Internal, GIT, SSH +from fluentm.renderer import report + +# Example of a more code-oriented approach, using variables which will play +# nicely with IDEs. It can be a faster way to write these. + +# Setup scenes here: +scenes = {} + +newK8sClusterBoundary = Boundary("New Kubernetes Cluster").inBoundary("New AWS Account") + +## Developer requests a new cluster +# Participants +developer = Actor("Developer") +clusterOrchestrator = Process("Cluster Orchestrator").inBoundary( + Boundary("Control Cluster") +) +iam = Process("IAM").inBoundary("AWS") +eks = Process("EKS").inBoundary("AWS") +k8sApi = Process("k8s API").inBoundary(Boundary("New Kubernetes Cluster")) +# Flows +scenes["Developer requests a new cluster"] = [ + DataFlow(developer, clusterOrchestrator, TLS(HTTP("Create cluster request"))), + DataFlow(clusterOrchestrator, clusterOrchestrator, Internal("Validates user")), + DataFlow( + clusterOrchestrator, + iam, + TLS(HTTP("Create new account")), + response=TLS(HTTP("Account Details")), + ), + DataFlow( + clusterOrchestrator, + eks, + TLS(HTTP("Create new cluster")), + response=TLS(HTTP("Cluster Details")), + ), + DataFlow( + clusterOrchestrator, k8sApi, TLS(HTTP("Add default admission controller")) + ), +] + +## Developer creates a pod +# New participants (not seen above) +developer = Actor("Developer") +admissionController = Process("Admission Controller").inBoundary("Cluster Orchestrator") +policyRepo = Process("Policy Repo").inBoundary(Boundary("Version Control")) +opa = Process("OPA") +# DataFlows +scenes["Developer creates a pod"] = [ + DataFlow(developer, k8sApi, TLS(HTTP("Create POD"))), + DataFlow(k8sApi, admissionController, TLS(HTTP("Validate pod creation"))), + DataFlow(admissionController, opa, TLS(HTTP("Validate pod creation"))), + DataFlow( + opa, + policyRepo, + SSH(GIT("Get latest policy")), + response=SSH(GIT("Latest policy REGO")), + ), + DataFlow(opa, k8sApi, TLS(HTTP("Validation Decision"))), + DataFlow(k8sApi, developer, TLS(HTTP("Approve/Denied"))), +] + +if __name__ == "__main__": + r = report(scenes, outputDir="OPA_orchestration", dfdLabels=True) diff --git a/examples/example_aws_eks_add_on_permissions.py b/examples/example_aws_eks_add_on_permissions.py new file mode 100644 index 0000000..c39fe34 --- /dev/null +++ b/examples/example_aws_eks_add_on_permissions.py @@ -0,0 +1,99 @@ +from fluentm.entities import Actor, Boundary, Process, DataFlow, TLS, SIGV4, Data + +import fluentm.renderer as renderer + +# 1. Create an IAM OIDC provider for your cluster +# 2. Create an IAM role and attach an IAM policy to it with the permissions that your service accounts need +# 2.a. recommend creating separate roles for each unique collection of permissions +# 3. Associate an IAM role with a service account + +scenes = { + "Create an IAM OIDC provider for cluster": [ + DataFlow( + Actor("User"), + Process("EKS").inBoundary("AWS SVCs"), + TLS(SIGV4("Create OIDC endpoint")) + .addProtocolData(Data("Server x509")) + .addProtocolData(Data("Client x509")), + response="OIDC provider URL", + ), + DataFlow( + Actor("User"), + Process("IAM").inBoundary("AWS SVCs"), + TLS(SIGV4("Add OIDC provider,\n OIDC provider URL")), + ), + ], + "Create an IAM policy & role to allow CPI addon to manage VPC": [ + DataFlow( + Actor("User"), + Process("IAM"), + TLS(SIGV4("Create Policy")), + response=TLS("Policy ARN"), + ), + DataFlow( + Actor("User"), + Process("IAM"), + TLS( + SIGV4( + "Create Role,\nTrusted Entity: Web Identity,\nIdentity Provider: OIDC URL,\nAttach Policy: Policy ARN" + ) + ), + response=TLS("Role ARN"), + ), + ], + "Associate IAM role to a cluster service account": [ + DataFlow( + Actor("User"), + Process("Kube API").inBoundary( + Boundary("Kubernetes Control Plane").inBoundary( + Boundary("Single Tenant VPC") + ) + ), + TLS(SIGV4("Annotate service account $acct with Role ARN")), + ) + ], + "Deploy Addon": [ + DataFlow( + Actor("User"), + Process("EKS"), + TLS(SIGV4("Create add-on CNI,\nCluster: $clusterID")), + ), + DataFlow( + Process("EKS"), + Process("Kube API"), + TLS("Deployment Spec: CNI addon\nRole: Role ARN"), + ), + DataFlow( + Process("Kube API"), + Process("eks-pod-identity-webhook").inBoundary( + Boundary("Kubernetes Control Plane") + ), + TLS("Pod Spec"), + response=TLS("Mutated Pod Spec,\nAdd projected token to spec"), + ), + DataFlow( + Process("Kube API"), + Process("Kubelet").inBoundary( + Boundary("Kubernetes Data Plane").inBoundary( + Boundary("Customer Account") + ) + ), + TLS("Launch Pod,\nPod Spec"), + ), + DataFlow( + Process("Kubelet"), + Process("CNI Pod").inBoundary(Boundary("Kubernetes Data Plane")), + TLS("Launch Pod,\nsvcacct $acct,\nRole ARN,\nJWT STS Token"), + ), + ], + "CNI configures VPC": [ + DataFlow( + Process("CNI Pod"), + Process("VPC").inBoundary(Boundary("AWS SVCs")), + TLS("Update VPC configuration,\nSTS token,\nOperates as Role ARN"), + ), + ], +} + +if __name__ == "__main__": + renderer.report(scenes, outputDir="aws-eks-add-on-permissions", dfdLabels=True) diff --git a/examples/example_aws_iam_authenticator.py b/examples/example_aws_iam_authenticator.py new file mode 100644 index 0000000..3a59b37 --- /dev/null +++ b/examples/example_aws_iam_authenticator.py @@ -0,0 +1,64 @@ +from fluentm.entities import ( + Boundary, + Process, + DataFlow, + Exec, + HTTP, + SIGV4, + TLS, + SIGV4, + Stdout, + Internal, +) +from fluentm.renderer import report + +scenes = { + # Example using variables, which is fine for small things but gets hard with longer flows + "kubectl gets pre-signed URL": [ + DataFlow( + Process("kubectl").inBoundary("User Machine"), + Process("aws-cli").inBoundary("User Machine"), + Exec("Exec aws-cli get-token"), + ), + DataFlow( + Process("aws-cli"), + Process("aws-cli"), + Internal("Sign URL using AWS IAM credentials"), + ), + DataFlow(Process("aws-cli"), Process("kubectl"), Stdout("STS pre-signed URL")), + ], + "API traffic": [ + DataFlow( + Process("kubectl"), + Process("Kubernetes API").inBoundary( + Boundary("EKS Cluster").inBoundary("AWS Cloud") + ), + TLS(HTTP("pre-signed URL as Bearer Token HTTP Header")), + ), + DataFlow( + Process("Kubernetes API"), + Process("aws-iam-authenticator").inBoundary("EKS Cluster"), + TLS(HTTP("TokenReview request with pre-signed URL")), + ), + DataFlow( + Process("aws-iam-authenticator"), + Process("AWS STS").inBoundary("AWS Cloud"), + TLS(HTTP(SIGV4("sts:GetCallerIdentity request"))), + response=TLS(HTTP("sts:GetCallerIdentity response")), + ), + DataFlow( + Process("aws-iam-authenticator"), + Process("Kubernetes API").inBoundary("EKS Cluster"), + TLS(HTTP("TokenReview response with username")), + ), + DataFlow( + Process("aws-iam-authenticator"), + Process("Kubernetes API").inBoundary("EKS Cluster"), + TLS(HTTP(("Async Watch mapped aws-auth ConfigMap "))), + # response=TLS(HTTP("Config Map username mappings")), + ), + ], +} + +if __name__ == "__main__": + report(scenes, outputDir="aws-iam-authenticator", dfdLabels=True) diff --git a/examples/example_bookstore.py b/examples/example_bookstore.py new file mode 100644 index 0000000..cf7000b --- /dev/null +++ b/examples/example_bookstore.py @@ -0,0 +1,56 @@ +from fluentm.entities import Actor, Boundary, Process, DataFlow, TLS, HTTP, SQL +from fluentm.renderer import report + +scenes = { + "Customer Login": [ + DataFlow( + Actor("Customer"), + Process("Nginx").inBoundary(Boundary("Front End")), + TLS(HTTP("GET /Login credentials")), + ), + DataFlow( + Process("Nginx"), + Process("User Database").inBoundary(Boundary("Back End")), + SQL("SELECT user password"), + ), + DataFlow(Process("User Database"), Process("Nginx"), SQL("password")), + DataFlow(Process("Nginx"), Actor("Customer"), TLS(HTTP("Login Cookie"))), + ], + "Customer Lists Books": [ + DataFlow( + Actor("Customer"), Process("Nginx"), TLS(HTTP("GET /list, Login Cookie")) + ), + DataFlow( + Process("Nginx"), + Process("Stock Database").inBoundary(Boundary("Back End")), + SQL("SELECT stock"), + ), + DataFlow( + Process("Stock Database"), + Process("Nginx"), + SQL("Stock Items, Pagination token"), + ), + DataFlow(Process("Nginx"), Actor("Customer"), TLS(HTTP("Page listings"))), + ], + "Customer Views Details": [ + DataFlow( + Actor("Customer"), Process("Nginx"), TLS(HTTP("GET /item, Login Cookie")) + ), + DataFlow(Process("Nginx"), Process("User Database"), HTTP("Log viewed ID")), + DataFlow(Process("Nginx"), Process("Stock Database"), SQL("SELECT ID")), + DataFlow( + Process("Stock Database"), + Process("Nginx"), + SQL("Stock details, CDN image links"), + ), + DataFlow(Process("Nginx"), Actor("Customer"), HTTP("Page html")), + DataFlow( + Actor("Customer"), + Process("CDN").inBoundary(Boundary("External CDN")), + HTTP("GET images"), + ), + ], +} + +if __name__ == "__main__": + r = report(scenes, outputDir="bookstore", dfdLabels=True) diff --git a/examples/example_nest.py b/examples/example_nest.py new file mode 100644 index 0000000..9ef205a --- /dev/null +++ b/examples/example_nest.py @@ -0,0 +1,40 @@ +from fluentm.entities import Actor, Boundary, Process, Data, DataFlow, HTTP, TLS, SQL, Internal +from fluentm.renderer import report + + +scenes = { + # Example using variables, which is fine for small things but gets hard with longer flows + "Towers": [ + DataFlow( + Process("Alice").inBoundary( + Boundary("A Inner").inBoundary( + Boundary("A Mid").inBoundary(Boundary("A Outer")) + ) + ), + Process("Bob").inBoundary( + Boundary("B Inner").inBoundary( + Boundary("B Mid").inBoundary(Boundary("B Outer")) + ) + ), + TLS("Helo"), + response=TLS("Hai"), + ) + ], + "Enter Charlie": [ + DataFlow( + Process("Charlie").inBoundary(Boundary("B Outer")), + Process("Alice"), + TLS("Yo"), + ) + ], + "Enter Geoff": [ + DataFlow( + Process("Geoff").inBoundary(Boundary("B Inner")), + Process("Bob"), + Internal("Oh hai"), + ) + ], +} + +if __name__ == "__main__": + report(scenes, outputDir="nest") diff --git a/examples/example_process.py b/examples/example_process.py new file mode 100644 index 0000000..96c638e --- /dev/null +++ b/examples/example_process.py @@ -0,0 +1,31 @@ +from fluentm.entities import Actor, Boundary, Process, DataFlow +from fluentm.renderer import report + +scenes = { + "FluenTM": [ + DataFlow( + Actor("Security"), + Process("ThreatModel").inBoundary(Boundary("Version Control")), + "Pull Request: Empty ThreatModel", + ), + DataFlow(Actor("Developer"), Process.get("ThreatModel"), "Update threat model"), + DataFlow( + Actor.get("Security"), + Process.get("ThreatModel"), + "Comments in review tooling", + ), + DataFlow( + Process.get("ThreatModel"), + Process("Review Meeting"), + "Security and Dev attend", + ), + DataFlow( + Process.get("Review Meeting"), + Process.get("ThreatModel"), + "Updates from meeting", + ), + ] +} + +if __name__ == "__main__": + r = report(scenes, outputDir="process", dfdLabels=False) diff --git a/examples/example_tiaga.py b/examples/example_tiaga.py new file mode 100644 index 0000000..cc2a4f1 --- /dev/null +++ b/examples/example_tiaga.py @@ -0,0 +1,73 @@ +from fluentm.entities import Actor, Boundary, Process, Data, DataFlow, HTTP, TLS +from fluentm.renderer import report + +# fluentTM Classes are scoped by name, so, I can only have one Boundary called "Internet" +# Attempting to instantiate another with the same name will give you the first one you instantiated +# However, if, for reasons, you wanted to create an Actor called "Internet" and a boundary called "Internet", that's ok. Though it's probably stupid. + +Actor("Customer").inBoundary( + "Internet" +) # Creates an Actor _and_ a Boundary and Associates them. + +# We want to create a big boundary for our Tiagabookstore +Boundary("Tiaga Co") + +# Create a boundary within Tiaga Co called "Front End Systems" +Boundary("Front End Systems").inBoundary(Boundary("Tiaga Co")) +Boundary("Databases").inBoundary(Boundary("Tiaga Co")) + +Boundary("Visa").inBoundary("Internet") + +# Create a process for managing web traffic +Process("Web Server").inBoundary(Boundary("Front End Systems")) +Process("Content DB").inBoundary(Boundary("Databases")) +Process("Stock DB").inBoundary(Boundary("Databases")) + +# Customer views a book online +customer = Actor("Customer") +webserver = Process("Web Server") +contentDb = Process("Content DB") +stockDb = Process("Stock DB") + +scenes = { + # Example using variables, which is fine for small things but gets hard with longer flows + "Customer views book online": [ + DataFlow( + customer, webserver, "View item ID" + ), # Would be nice to describe paramaterized data and transport here easily (Maybe can be inferred by the catcher?) + DataFlow(webserver, contentDb, "Fetch content for ID"), + DataFlow(contentDb, webserver, "Image Content, Description"), + DataFlow(webserver, stockDb, "Get Stock Level"), + DataFlow(stockDb, webserver, "Stock Level"), + DataFlow(webserver, customer, "Rendered Item Information"), + ], + # Example using Borg pattern for registered types (rather than variables), these were all created above + "Customer buys book": [ + DataFlow(Actor("Customer"), Process("Web Server"), TLS(HTTP("Buy Item ID"))), + DataFlow( + Process("Web Server"), + Process("Merchant API").inBoundary(Boundary("Visa")), + "Process payment", + response=TLS(HTTP("Confirmation")), + ), # Dynamic creation of merchant in this flow - not modelled above. + DataFlow(Process("Web Server"), Actor("Customer"), TLS(HTTP("SOLD!"))), + ], + # Example using completely new objects created only here, inline + "Warehouse packages order": [ + DataFlow( + Process("Order Resolver").inBoundary(Boundary("Logistics")), + Process("Label Printer").inBoundary(Boundary("Warehouse")), + TLS(HTTP("Print label")), + response=TLS(HTTP("Label ID")), + ), + DataFlow( + Process("Order Resolver"), + Process("Warehouse Notifier").inBoundary(Boundary("Warehouse")), + TLS(HTTP("Pick stock item and use label")), + response=TLS(HTTP("Confirmation ID")), + ), + ], # TODO: Fix silent error on repeat label names +} + +if __name__ == "__main__": + report(scenes, outputDir="tiaga") diff --git a/examples/example_tinkerbell.py b/examples/example_tinkerbell.py new file mode 100644 index 0000000..81d66e2 --- /dev/null +++ b/examples/example_tinkerbell.py @@ -0,0 +1,72 @@ +from fluentm.entities import ( + Actor, + Process, + DataFlow, + HTTP, + MTLS, + TLS, + DHCP, +) +from fluentm.renderer import report + +scenes = { + # Example using variables, which is fine for small things but gets hard with longer flows + "Tink API traffic": [ + DataFlow( + Actor("tink-cli"), + Process("Tink API").inBoundary("Tink Control Plane Network"), + MTLS(HTTP("API request")), + ), + DataFlow( + Process("Machine").inBoundary("On Premise Network"), + Process("boots").inBoundary("Tink Control Plane Network"), + DHCP("IP Request"), + ), + DataFlow( + Process("boots").inBoundary("Tink Control Plane Network"), + Process("Tink API").inBoundary("Tink Control Plane Network"), + MTLS(HTTP("API request")), + "Boots queries for IP", + ), + DataFlow( + Process("Machine").inBoundary("On Premise Network"), + Process("boots").inBoundary("Tink Control Plane Network"), + DHCP("PXE Location Request"), + ), + DataFlow( + Process("boots").inBoundary("Tink Control Plane Network"), + Process("Tink API").inBoundary("Tink Control Plane Network"), + MTLS(HTTP("API request")), + "Boots queries for PXE OS location", + ), + DataFlow( + Process("Machine").inBoundary("On Premise Network"), + Process("Nginx").inBoundary("Tink Control Plane Network"), + HTTP("Boot OS Request"), + ), + DataFlow( + Process("Machine").inBoundary("On Premise Network"), + Process("Tink API").inBoundary("Tink Control Plane Network"), + TLS(HTTP("Workflow")), + ), + DataFlow( + Process("Machine").inBoundary("On Premise Network"), + Process("Container Registry").inBoundary("Tink Control Plane Network"), + TLS(HTTP("Container Images")), + ), + DataFlow( + Process("Machine").inBoundary("On Premise Network"), + Process("Hegel").inBoundary("Tink Control Plane Network"), + TLS(HTTP("Machine metadata")), + "Metadata request", + ), + DataFlow( + Process("Machine").inBoundary("On Premise Network"), + Process("Nginx").inBoundary("Tink Control Plane Network"), + HTTP("Workload OS"), + ), + ] +} + +if __name__ == "__main__": + report(scenes, outputDir="tinkerbell", dfdLabels=True)