gcp-cloud-func-gen1-deprecated: Deprecated 1st Generation Google Cloud Functions

日期: 2025-08-01 | 影响软件: gcp-cloud-func-gen1-deprecated | POC: 已公开

漏洞描述

Ensure that none of your Google Cloud functions are 1st (first) generation functions. 1st generation Google Cloud functions are considered deprecated and no longer receive updates or support, making them less secure, less performant, and lacking in new features compared to newer generations.

PoC代码[已公开]

id: gcp-cloud-func-gen1-deprecated

info:
  name: Deprecated 1st Generation Google Cloud Functions
  author: princechaddha
  severity: high
  description: |
    Ensure that none of your Google Cloud functions are 1st (first) generation functions. 1st generation Google Cloud functions are considered deprecated and no longer receive updates or support, making them less secure, less performant, and lacking in new features compared to newer generations.
  impact: |
    Using deprecated 1st generation functions can expose your applications to security vulnerabilities, degrade performance, and miss out on new features provided by newer generations.
  remediation: |
    Migrate all 1st generation Google Cloud functions to newer generation runtimes as recommended by Google to ensure continued support and access to the latest features and security enhancements.
  reference:
    - https://cloud.google.com/functions/docs/migrating
  tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config

flow: |
  code(1)
  for(let projectId of iterate(template.projectIds)){
    set("projectId", projectId)
    code(2)
    for(let functionDetail of iterate(template.functions)){
      set("functionName", functionDetail)
      code(3)
    }
  }

self-contained: true

code:
  - engine:
      - sh
      - bash
    source: |
      gcloud projects list --format="json(projectId)"

    extractors:
      - type: json
        name: projectIds
        internal: true
        json:
          - '.[].projectId'

  - engine:
      - sh
      - bash
    source: |
      gcloud functions list --project $projectId --format="json(name)"

    extractors:
      - type: json
        name: functions
        internal: true
        json:
          - '.[].name'

  - engine:
      - sh
      - bash
    source: |
      gcloud functions describe $functionName --format="json(environment)"

    matchers:
      - type: word
        words:
          - 'null'

    extractors:
      - type: dsl
        dsl:
          - '"Deprecated 1st Generation function: " + functionName + " in Project: " + projectId'
# digest: 4a0a0047304502210086da9298c287a6dad8e2e2435bc1c7d31f691ccbf2169e471d878ac20baf04d5022036776312a4e1594caa72525f396fd8a7e755c2ac84bc5ea99238256f2c6a2162:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./cloud/gcp/function/gcp-cloud-func-gen1-deprecated.yaml