Storage Container Is Publicly Accessible
- Query id: dd5230f8-a577-4bbb-b7ac-f2c2fe7d5299
- Query name: Storage Container Is Publicly Accessible
- Platform: Terraform
- Severity: High
- Category: Access Control
- URL: Github
Description¶
Anonymous, public read access to a container and its blobs are enabled in Azure Blob Storage
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_storage_container" "positive1" {
name = "vhds"
storage_account_name = azurerm_storage_account.example.name
container_access_type = "blob"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_storage_container" "negative1" {
name = "vhds"
storage_account_name = azurerm_storage_account.example.name
container_access_type = "private"
}
resource "azurerm_storage_container" "negative2" {
name = "vhds2"
storage_account_name = azurerm_storage_account.example.name
// default is "private"
}