gcloud-func-unrestricted-outbound: Unrestricted Outbound Network Access in Google Cloud Functions

日期: 2025-08-01 | 影响软件: Google Cloud Functions | POC: 已公开

漏洞描述

Ensure that your Google Cloud functions are not configured to allow unrestricted outbound network access in order to prevent security vulnerabilities and minimize cloud costs. To ensure that your function's outbound traffic is restricted to internal IP ranges and can't communicate with external networks or the public Internet, set the VpcConnectorEgressSettings parameter to PRIVATE_RANGES_ONLY.

PoC代码[已公开]

id: gcloud-func-unrestricted-outbound

info:
  name: Unrestricted Outbound Network Access in Google Cloud Functions
  author: princechaddha
  severity: high
  description: |
    Ensure that your Google Cloud functions are not configured to allow unrestricted outbound network access in order to prevent security vulnerabilities and minimize cloud costs. To ensure that your function's outbound traffic is restricted to internal IP ranges and can't communicate with external networks or the public Internet, set the VpcConnectorEgressSettings parameter to PRIVATE_RANGES_ONLY.
  impact: |
    Allowing unrestricted outbound network access can lead to potential security risks such as data exfiltration and increased cloud costs from unexpected external network communications.
  remediation: |
    Configure the VpcConnectorEgressSettings of your Google Cloud functions to PRIVATE_RANGES_ONLY to ensure all outgoing traffic is limited to internal IP ranges only.
  reference:
    - https://cloud.google.com/functions/docs/networking/network-settings
  tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config

flow: |
  code(1)
  for(let projectId of iterate(template.projectIds)){
    set("projectId", projectId)
    code(2)
    for(let functionDetail of iterate(template.functions)){
      set("functionName", functionDetail)
      code(3)
    }
  }

self-contained: true

code:
  - engine:
      - sh
      - bash
    source: |
      gcloud projects list --format="json(projectId)"

    extractors:
      - type: json
        name: projectIds
        internal: true
        json:
          - '.[].projectId'

  - engine:
      - sh
      - bash
    source: |
      gcloud functions list --project $projectId --format="json(name)"

    extractors:
      - type: json
        name: functions
        internal: true
        json:
          - '.[].name'

  - engine:
      - sh
      - bash
    source: |
      gcloud functions describe $functionName --format="json(serviceConfig.vpcConnectorEgressSettings)"

    matchers:
      - type: word
        words:
          - 'null'
          - 'ALL_TRAFFIC'
        condition: or

    extractors:
      - type: dsl
        dsl:
          - '"Unrestricted Outbound Network Access in function: " + functionName + ", Region: " + functionRegion + ", Project: " + projectId'
# digest: 4b0a00483046022100a75b77f6381dd1f3ca9111e082c1350f036c6632e7d5f8ca4ae70a2ff607073b022100eaa16389e41d43946e1f6a7aa2c230084341a13c49f03ca90a57eab049b3b02f:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./cloud/gcp/function/gcloud-func-unrestricted-outbound.yaml

相关漏洞推荐