From bb05f012659d7b4fbd7d9f7146475d49406b858a Mon Sep 17 00:00:00 2001
From: 13370verride <lawrence@sendyit.com>
Date: Tue, 20 Dec 2022 11:11:13 +0300
Subject: [PATCH] use cloudasset v1 api

---
 bfs.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/bfs.py b/bfs.py
index 34b1afa..de4742c 100644
--- a/bfs.py
+++ b/bfs.py
@@ -44,7 +44,6 @@ def bfs_search(org, base_id):
         visited.append(service_account)
         JSON_REQUEST={
           "analysisQuery": {
-            "parent": org,
             "identitySelector": {
                 "identity": "serviceAccount:{}".format(service_account)
             },
@@ -55,7 +54,7 @@ def bfs_search(org, base_id):
         }
         for dangerous_permission in dangerous_permissions:
             JSON_REQUEST["analysisQuery"]["accessSelector"]["permissions"].append(dangerous_permission)
-        res = requests.post("https://cloudasset.googleapis.com/v1p4beta1/organizations/{}:analyzeIamPolicy".format(org), headers=headers, json=JSON_REQUEST)
+        res = requests.post("https://cloudasset.googleapis.com/v1/organizations/{}:analyzeIamPolicy".format(org), headers=headers, json=JSON_REQUEST)
         results = res.json()
         if "analysisResults" in results["mainAnalysis"]:
             for result in results["mainAnalysis"]["analysisResults"]:
@@ -103,4 +102,4 @@ def bfs_search(org, base_id):
     print("\n\n~~~~~~~{} can move laterally to the following identities ~~~~~~~~~~~".format(base_id))
     for service_account in visited:
         if service_account != base_id:
-            print("{} from project {}".format(service_account, info[service_account]))
+            print("{} from project {}".format(service_account, info[service_account]))
\ No newline at end of file