BigQuery Dataset Is Public

• Query id: 2263b286-2fe9-4747-a0ae-8b4768a2bbd2
• Query name: BigQuery Dataset Is Public
• Platform: Ansible
• Severity: High
• Category: Access Control
• URL: Github

Description

BigQuery dataset is anonymously or publicly accessible
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - yaml file

---
- name: create a dataset
  google.cloud.gcp_bigquery_dataset:
    name: my_example_dataset
    access:
      - special_group: allAuthenticatedUsers
    dataset_reference:
      dataset_id: my_example_dataset
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: create a dataset
  google.cloud.gcp_bigquery_dataset:
    name: my_example_dataset
    dataset_reference:
      dataset_id: my_example_dataset
    project: test_project
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present