Fixing non large cluster optimization (limiting to runid)

DataDog · Dec 2, 2024 · 6c46a37 · 6c46a37
1 parent 75de949
commit 6c46a37
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 7 deletions.
diff --git a/pkg/kubehound/graph/edge/pod_create.go b/pkg/kubehound/graph/edge/pod_create.go
@@ -86,7 +86,8 @@ func (e *PodCreate) Traversal() types.EdgeTraversal {
 		} else {
 			// In smaller clusters we can still show the (large set of) attack paths generated by this attack
 			g.V().
-				HasLabel("Node").
+				Has("runID", e.runtime.RunID.String()).
+				Has("cluster", e.runtime.ClusterName).
 				Has("class", "Node").
 				As("n").
 				V(inserts...).

diff --git a/pkg/kubehound/graph/edge/pod_exec.go b/pkg/kubehound/graph/edge/pod_exec.go
@@ -86,7 +86,8 @@ func (e *PodExec) Traversal() types.EdgeTraversal {
 		} else {
 			// In smaller clusters we can still show the (large set of) attack paths generated by this attack
 			g.V().
-				HasLabel("Pod").
+				Has("runID", e.runtime.RunID.String()).
+				Has("cluster", e.runtime.ClusterName).
 				Has("class", "Pod").
 				As("p").
 				V(inserts...).

diff --git a/pkg/kubehound/graph/edge/pod_patch.go b/pkg/kubehound/graph/edge/pod_patch.go
@@ -86,7 +86,8 @@ func (e *PodPatch) Traversal() types.EdgeTraversal {
 		} else {
 			// In smaller clusters we can still show the (large set of) attack paths generated by this attack
 			g.V().
-				HasLabel("Pod").
+				Has("runID", e.runtime.RunID.String()).
+				Has("cluster", e.runtime.ClusterName).
 				Has("class", "Pod").
 				As("p").
 				V(inserts...).

diff --git a/pkg/kubehound/graph/edge/token_bruteforce.go b/pkg/kubehound/graph/edge/token_bruteforce.go
@@ -64,7 +64,9 @@ func (e *TokenBruteforce) Traversal() types.EdgeTraversal {
 		if e.cfg.LargeClusterOptimizations {
 			// For larger clusters simply target the system:masters group to reduce redundant attack paths
 			g.V().
-				HasLabel("Identity").
+				Has("runID", e.runtime.RunID.String()).
+				Has("cluster", e.runtime.ClusterName).
+				Has("class", "Identity").
 				Has("name", "system:masters").
 				As("i").
 				V(inserts...).
@@ -75,7 +77,8 @@ func (e *TokenBruteforce) Traversal() types.EdgeTraversal {
 		} else {
 			// In smaller clusters we can still show the (large set of) attack paths generated by this attack
 			g.V().
-				HasLabel("Identity").
+				Has("runID", e.runtime.RunID.String()).
+				Has("cluster", e.runtime.ClusterName).
 				Has("class", "Identity").
 				As("i").
 				V(inserts...).

diff --git a/pkg/kubehound/graph/edge/token_list.go b/pkg/kubehound/graph/edge/token_list.go
@@ -64,7 +64,9 @@ func (e *TokenList) Traversal() types.EdgeTraversal {
 		if e.cfg.LargeClusterOptimizations {
 			// For larger clusters simply target the system:masters group to reduce redundant attack paths
 			g.V().
-				HasLabel("Identity").
+				Has("runID", e.runtime.RunID.String()).
+				Has("cluster", e.runtime.ClusterName).
+				Has("class", "Identity").
 				Has("name", "system:masters").
 				As("i").
 				V(inserts...).
@@ -75,7 +77,8 @@ func (e *TokenList) Traversal() types.EdgeTraversal {
 		} else {
 			// In smaller clusters we can still show the (large set of) attack paths generated by this attack
 			g.V().
-				HasLabel("Identity").
+				Has("runID", e.runtime.RunID.String()).
+				Has("cluster", e.runtime.ClusterName).
 				Has("class", "Identity").
 				As("i").
 				V(inserts...).