Skip to content

PRP: Exposed K8s dashboard #670

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 8, 2025
Merged

PRP: Exposed K8s dashboard #670

merged 4 commits into from
Oct 8, 2025
+232 −0

Conversation

JamesFoxxx
Copy link
Contributor

@JamesFoxxx JamesFoxxx commented Aug 1, 2025
edited
Loading

@JamesFoxxx JamesFoxxx mentioned this pull request Aug 1, 2025
Merged
@tooryx tooryx linked an issue Aug 4, 2025 that may be closed by this pull request
PRP: exposed K8s dashboard #457
Closed
@leonardo-doyensec leonardo-doyensec self-requested a review August 21, 2025 14:05
@giacomo-doyensec
Copy link
Collaborator

Hi @JamesFoxxx, thanks for your contribution!
I’m running into some issues with the detector. If the callback server returns a 404 or is unavailable, the workflow fails and skips the cleanup phase. Similarly, if the job already exists, the detector fails and again skips cleanup.

Could you update the implementation to handle these edge cases properly? Ideally, the job should use a random name (to avoid clashes with existing ones), and a cleanup action should be added to trigger_code_execution . Thanks!

@JamesFoxxx
Copy link
Contributor Author

About the random string, I think we need to borrow a random string from the target server itself(like the csrftoken) and append it to the job name, or we can use a constant job name and ignore the matching of job cleanup action response status code and run this action after the fingerprint action( it will be rerun as a cleanup action again). The reason for ignoring the response status code is that if the job with a constant name doesn't exist, it returns 404; if the job is created and exists, then it returns 200.

@JamesFoxxx
use initial job clean up since we are using a constant job name it mi…
9ac3977 
…sses some cases we didn't clean the job with cleanup_actions
@JamesFoxxx
Copy link
Contributor Author

@giacomo-doyensec I implemented an additional job to clean up after the fingerprint action for demonstration.

@giacomo-doyensec
Copy link
Collaborator

giacomo-doyensec commented Oct 2, 2025
edited
Loading

LGTM - Approved
@tooryx we can merge this and google/security-testbeds#146

Reviewer: Giacomo, Doyensec
Plugin: Exposed K8s Dashboard

@giacomo-doyensec giacomo-doyensec removed the request for review from leonardo-doyensec October 2, 2025 08:49
@copybara-service copybara-service bot merged commit 849bf5c into google:master Oct 8, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tooryx tooryx tooryx approved these changes

Assignees

@JamesFoxxx JamesFoxxx

Labels
lgtm templated
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PRP: exposed K8s dashboard
3 participants
@JamesFoxxx @giacomo-doyensec @tooryx