BigQuery Dataset Is Public
- Query id: e576ce44-dd03-4022-a8c0-3906acca2ab4
- Query name: BigQuery Dataset Is Public
- Platform: Terraform
- Severity: High
- Category: Access Control
- URL: Github
Description¶
BigQuery dataset is anonymously or publicly accessible
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "google_bigquery_dataset" "positive1" {
dataset_id = "example_dataset"
friendly_name = "test"
description = "This is a test description"
location = "EU"
default_table_expiration_ms = 3600000
labels = {
env = "default"
}
access {
role = "OWNER"
special_group = "allAuthenticatedUsers"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
# negative sample
resource "google_bigquery_dataset" "negative1" {
dataset_id = "example_dataset"
friendly_name = "test"
description = "This is a test description"
location = "EU"
default_table_expiration_ms = 3600000
labels = {
env = "default"
}
access {
role = "OWNER"
user_by_email = google_service_account.bqowner.email
}
access {
role = "READER"
domain = "hashicorp.com"
}
}