ScoutSuite icon indicating copy to clipboard operation
ScoutSuite copied to clipboard

Published 20 hours ago verified publisher icon nccgroup

GPC ID in json objects

Open kareem-DA opened this issue 4 years ago • 1 comments

Describe the bug

Please provide:

The GCP ID is not the value provided by Google.

It looks like the IDs used to track objects in GCP scans is a SHA1 has of the name of the object. I am fine with the object being tracked with an arbitrary value, but it would be nice if the ID in the object would be the correct value provided by google. I would like to have the correct value as a reference when comparing outputs of other tools.

To Reproduce Look at the JSON provided by a scan. At any instance of a compute node. Compare the value of the compute node ID to the actual value provided by GCP.

Please provide:

  • The exact CLI parameters used to run Scout Suite.
  • Any specific configuration within the cloud account which might have lead to the issue.

Additional context

Add any other context about the problem here. image

kareem-DA avatar Dec 02 '20 14:12 kareem-DA

Thanks, will address this medium-term.

x4v13r64 avatar Dec 02 '20 16:12 x4v13r64