Felix Dreissig F30
F30
/ find_keys.py
Last active
February 27, 2026 18:25
Check for GCP API keys affected by the retroactive enablement of the Generative Language (Gemini) API. See https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules for details. Use at your own discretion, provided 'as is' without any warranties or liability for potential issues.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| """ | |
| Find GCP projects with the Generative Language (Gemini) API enabled and API keys that could access it | |
| (unrestricted or explicitly allowed). | |
| Checks for API keys affected by the issue described at: | |
| https://trufflesecurity.com/blog/google-api-keys-werent-secrets-but-then-gemini-changed-the-rules | |
| Requirements: |
F30
/ apparmor-profile.txt
Last active
February 20, 2026 14:00
Adjusted version of the default Docker AppArmor profile (see https://github.com/moby/profiles/blob/b8f391e/apparmor/template.go) that allows additional operations required for container image builds within containers. See https://www.codecentric.de/en/knowledge-hub/blog/7-ways-to-replace-kaniko-in-your-container-image-builds for details.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <tunables/global> | |
| # Put in "/etc/apparmor.d" and load with: | |
| # apparmor_parser -r -W /etc/apparmor.d/docker-gitlab | |
| profile docker-gitlab flags=(attach_disconnected,mediate_deleted) { | |
| #include <abstractions/base> | |
| network, | |
| capability, |
F30
/ seccomp-profile.json
Last active
February 20, 2026 14:00
Adjusted version of the default Docker seccomp profile (see https://stackoverflow.com/q/51844955) that allows additional syscalls required for container image builds within containers. See https://www.codecentric.de/en/knowledge-hub/blog/7-ways-to-replace-kaniko-in-your-container-image-builds for details.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // For the GitLab Docker Executor: | |
| // Remove this comment, minimize using `jq -c` and add the result to the Runner config inline(!) like this: | |
| // security_opt = ['seccomp={"defaultAction": ... | |
| { | |
| "defaultAction": "SCMP_ACT_ERRNO", | |
| "defaultErrnoRet": 1, | |
| "archMap": [ | |
| { | |
| "architecture": "SCMP_ARCH_X86_64", |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| import sys | |
| import os | |
| import gnupg | |
| TRUST_LEVEL_MAP = { | |
| 'q': '???', |