Invalid Authorization when try SSRF attack #25
Description
Hi @nishantsharmax, I hope you are always healthy.
I had an issue when trying to deploy GCPgoat. The Python 3.7 and NodeJS 12 versions that you use in Cloud Run are deprecated. Now, I can deploy GCPgoat using Python 3.8 and NodeJS 18. But when I try to do the first scenario (SSRF Attack), I get an issue. When I try to input file:///etc/passwd in the Image URL textbox, I get Invalid Authorization even though the pop-up "URL File upload successfully" has appeared in the bottom left corner.
When I check log on backend function, I get Invalid Token.
{
"textPayload": "Invalid Token",
"insertId": "680f4070000cd5a567895d8f",
"resource": {
"type": "cloud_function",
"labels": {
"project_id": "gcp-goat-9cf71f2eec0216e7",
"region": "us-west1",
"function_name": "backend-function"
}
},
"timestamp": "2025-04-28T08:46:40.841125Z",
"labels": {
"instance_id": "007f65c6d21619db5ef0dc4583bf2e58f43c20ba2d0cc66b4e93439165c716864ede46e6fdc537785eff6eef26c852663182bf849ad7097fb847a8b8fcdac8b685570b57dcfea0f4a38e2e93d1d9",
"runtime_version": "python38_20250420_3_8_20_RC00",
"execution_id": "el1htxh4sf7o"
},
"logName": "projects/gcp-goat-9cf71f2eec0216e7/logs/cloudfunctions.googleapis.com%2Fcloud-functions",
"trace": "projects/gcp-goat-9cf71f2eec0216e7/traces/ec71eb858e5609865661df9e17500a15",
"receiveTimestamp": "2025-04-28T08:46:41.174471368Z"
}
Is there a step that I missed? Or is it true that we can't use this method on Cloud Run?