Not Proper Email Account In Use

  • Query id: a21b8df3-c840-4b3d-a41a-10fb2afda171
  • Query name: Not Proper Email Account In Use
  • Platform: GoogleDeploymentManager
  • Severity: High
  • Category: Insecure Configurations
  • URL: Github

Description

Gmail accounts are being used instead of corporate credentials
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
resources:
- name: a-new-pubsub-topic
  type: pubsub.v1.topic

  accessControl:
    gcpIamPolicy:
      bindings:
      - role: roles/pubsub.publisher
        members:
        - "user:jane@gmail.com"
        - "serviceAccount:my-other-app@appspot.gserviceaccount.com"

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
- name: a-new-pubsub-topic
  type: pubsub.v1.topic

  accessControl:
    gcpIamPolicy:
      bindings:
      - role: roles/pubsub.publisher
        members:
        - "user:jane@example.com"
        - "serviceAccount:my-other-app@appspot.gserviceaccount.com"