Google Storage Bucket Level Access Disabled
- Query id: bb0db090-5509-4853-a827-75ced0b3caa0
- Query name: Google Storage Bucket Level Access Disabled
- Platform: Terraform
- Severity: Medium
- Category: Insecure Configurations
- URL: Github
Description¶
Google Storage Bucket Level Access should be enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "google_storage_bucket" "positive1" {
name = "image-store.com"
location = "EU"
force_destroy = true
uniform_bucket_level_access = false
website {
main_page_suffix = "index.html"
not_found_page = "404.html"
}
cors {
origin = ["http://image-store.com"]
method = ["GET", "HEAD", "PUT", "POST", "DELETE"]
response_header = ["*"]
max_age_seconds = 3600
}
}
resource "google_storage_bucket" "positive2" {
name = "image-store.com"
location = "EU"
force_destroy = true
website {
main_page_suffix = "index.html"
not_found_page = "404.html"
}
cors {
origin = ["http://image-store.com"]
method = ["GET", "HEAD", "PUT", "POST", "DELETE"]
response_header = ["*"]
max_age_seconds = 3600
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "google_storage_bucket" "negative1" {
name = "image-store.com"
location = "EU"
force_destroy = true
uniform_bucket_level_access = true
website {
main_page_suffix = "index.html"
not_found_page = "404.html"
}
cors {
origin = ["http://image-store.com"]
method = ["GET", "HEAD", "PUT", "POST", "DELETE"]
response_header = ["*"]
max_age_seconds = 3600
}
}