Add attribute to result without printing it

[hannestrunde]

@princechaddha I'm currently using your Kubernetes templates (which I like a lot btw) to test a huge Kubernetes cluster. One problem I encountered is that sometimes pods residing in different namespaces have the same name. The output Container '${container.name}' in pod '${podData.pod}' running with allowPrivilegeEscalation enabled is missing the namespace information, which makes tracking down the affected pod harder.

Furthermore, I wanted to parse the nuclei JSONL output programmatically with a custom script to display the results in different ways.

I was thinking about the following two solutions:

1. Always include the full location '<Namespace>/<Deployment>/<Pod>/<Container>' to an affected component in the resulting text, like:

   • "'<Namespace>//<Pod>/<Container>' has allowPrivilegeEscalation enabled"
   • "'<Namespace>/Deployment//' is missing cpu limits."

   This approach would be quite straightforward, however, then I'm still trying to parse somewhat unstructured text and have to hope that no one ever changes this text.

2. Include a custom property like "location" to the resulting JSON (when using -jsonl-export), but don't have that property written to the terminal. Then this property could contain a structured JSON object with Namespace, Deployment, etc., which would be easily parsable. However, I'm not sure if that is possible with extractors or Exports... The idea would be an output like the following:

    # One line from a JSONL-Export
    [...]
    "response": "Deployment 'depl' in namespace 'nsp' lacks CPU limits.",
    "location": "{"namespace": "nsp", "deployment": "depl", "pod": "", "container": ""}"
    "timestamp": "2024-08-19T10:37:55.66982574+01:00",
    "matcher-status": true

The JSON object from a result also contained the following property:

    "extracted-results": [
        "Deployment 'depl' in namespace 'nsp' lacks CPU limits."
    ],

Is it possible, to extract other values and store them in the extracted-results property without having them printed in the terminal?

What are your thoughts on this? Is suggestion 2 even possible?

[princechaddha]

@hannestrunde, thank you so much for initiating this discussion and providing your feedback. The first suggestion seems very valid and can be implemented. Regarding the second suggestion, I need to confirm with the dev team and will keep you informed.