Cloud Storage Bucket Versioning Disabled

  • Query id: 7814ddda-e758-4a56-8be3-289a81ded929
  • Query name: Cloud Storage Bucket Versioning Disabled
  • Platform: Ansible
  • Severity: Medium
  • Category: Observability
  • CWE: 710
  • URL: Github

Description

Cloud Storage Bucket should have versioning enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
---
- name: create a bucket
  google.cloud.gcp_storage_bucket:
    name: ansible-storage-module
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
- name: create a second bucket
  google.cloud.gcp_storage_bucket:
    name: ansible-storage-module
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
    versioning:
      enabled: no

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: create a bucket
  google.cloud.gcp_storage_bucket:
    name: ansible-storage-module
    project: test_project
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present
    versioning:
      enabled: yes