admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-02 00:33:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ba03e54063a94de8155adf476dc07e5b39bca341
nuclei-templates/cloud/gcp/api/gcloud-api-key-restrictions-missing.yaml
Prince Chaddha ea7a5969c8 Revert "chore: update TemplateMan 🤖" 
This reverts commit c31d574176.
2025-05-27 10:39:47 +08:00

73 lines
2.3 KiB
YAML
Raw Blame History

id: gcloud-api-key-restrictions-missing
info:
name: Missing API Key API Restrictions
author: princechaddha
severity: medium
description: |
Ensure that the usage of your Google Cloud API keys is restricted to specific APIs such as Cloud Key Management Service (KMS) API, Cloud Storage API, Cloud Monitoring API, and Cloud Logging API. All Google Cloud API keys that are being used for production applications should use API restrictions.
impact: |
API keys without specific API restrictions can be used to access any GCP API, potentially leading to unauthorized access and misuse of resources. Implementing API restrictions helps in limiting the scope of API keys to intended services only.
remediation: |
Apply API restrictions to each Google Cloud API key to limit their usage to specific APIs. This can be managed through the Google Cloud Console or using the gcloud command-line tool.
reference:
- https://cloud.google.com/api-keys/docs/restricting-api-keys
tags: cloud,devops,gcp,gcloud,api-keys,gcp-cloud-config
flow: |
code(1)
for(let projectId of iterate(template.projectIds)){
set("projectId", projectId)
code(2)
for(let apiKey of iterate(template.apiKeys)){
set("apiKeyUid", apiKey)
code(3)
}
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
gcloud projects list --format="json(projectId)"
extractors:
- type: json
name: projectIds
internal: true
json:
- '.[].projectId'
- engine:
- sh
- bash
source: |
gcloud alpha services api-keys list --project=$projectId --format="json(uid)"
extractors:
- type: json
name: apiKeys
internal: true
json:
- '.[].uid'
- engine:
- sh
- bash
source: |
gcloud alpha services api-keys describe $apiKeyUid --format="json(restrictions)"
matchers:
- type: word
part: body
words:
- 'null'
extractors:
- type: dsl
dsl:
- '"Unrestricted API Key: " + apiKeyUid + " in Project: " + projectId'
# digest: 4b0a00483046022100b6b2f16aaed30fbe7cf6f76b17cd99ebb5394c3f78c791dd66de6d10bdbab3ab022100858dcb4e5f0139b7c9e1431d7318a4ddf89998fb7cc475285f14c0c5fb3819a0:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink