Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
DigitalOcean Functions, also known as "DO Functions," is a serverless computing platform that lets you run code without having to worry about the underlying infrastructure. With DO Functions, you can write and deploy your code as "functions" that can be triggered via API, HTTP requests (if enabled) or cron. These functions are executed in a fully managed environment, so you don't need to worry about scaling, security, or maintenance.
In DO, to create a function first you need to create a namespace which will be grouping functions. Inside the namespace you can then create a function.
The way to trigger a function via REST API (always enabled, it's the method the cli uses) is by triggering a request with an authentication token like:
To see how is the doctl cli tool getting this token (so you can replicate it), the following command shows the complete network trace:
When HTTP trigger is enabled, a web function can be invoked through these HTTP methods GET, POST, PUT, PATCH, DELETE, HEAD and OPTIONS.
In DO functions, environment variables cannot be encrypted (at the time of this writing). I couldn't find any way to read them from the CLI but from the console it's straight forward.
Functions URLs look like this: https://<random>.doserverless.co/api/v1/web/<namespace-id>/default/<function-name>
There isn't metadata endpoint from the Functions sandbox.
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
