Missing User-Defined Labels in Google Cloud Functions
ID: gcloud-func-missing-labels
Severity: low
Author: princechaddha
Tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config
Description
Section titled “Description”Ensure that user-defined labels are being used to tag, collect, and organize Google Cloud functions within your Google Cloud Platform (GCP) projects. User-defined labels are a lightweight and efficient way to group together related or associated cloud resources.
YAML Source
Section titled “YAML Source”id: gcloud-func-missing-labels
info: name: Missing User-Defined Labels in Google Cloud Functions author: princechaddha severity: low description: | Ensure that user-defined labels are being used to tag, collect, and organize Google Cloud functions within your Google Cloud Platform (GCP) projects. User-defined labels are a lightweight and efficient way to group together related or associated cloud resources. impact: | Not using labels can lead to challenges in managing, identifying, and organizing resources, potentially increasing the complexity of operations and governance. remediation: | Define and apply user-defined labels to all Google Cloud functions to enhance resource management capabilities and improve operational efficiency. reference: - https://cloud.google.com/resource-manager/docs/creating-managing-labels tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config
flow: | code(1) for(let projectId of iterate(template.projectIds)){ set("projectId", projectId) code(2) for(let functionDetail of iterate(template.functions)){ set("functionName", functionDetail) code(3) } }
self-contained: true
code: - engine: - sh - bash source: | gcloud projects list --format="json(projectId)"
extractors: - type: json name: projectIds internal: true json: - '.[].projectId'
- engine: - sh - bash source: | gcloud functions list --project $projectId --format="json(name)"
extractors: - type: json name: functions internal: true json: - '.[].name'
- engine: - sh - bash source: | gcloud functions describe $functionName --format="json(labels)"
matchers: - type: word words: - 'null'
extractors: - type: dsl dsl: - '"Missing labels for function: " + functionName + " in " + projectId + " project"'# digest: 4a0a004730450221009067d1e03e4170ee7a43672d9b82b01904b5ac69c5a3194e5f7d9b7722365dae02207f5df45308acb20653a56a1a8321d8feb4f6d9a4cb414be431bea5822becee13:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "cloud/gcp/function/gcloud-func-missing-labels.yaml"