Cloud Storage Bucket Logging Not Enabled

• Query id: 6c2d627c-de0f-45fb-b33d-dad9bffbb421
• Query name: Cloud Storage Bucket Logging Not Enabled
• Platform: Crossplane
• Severity: Medium
• Category: Observability
• CWE: 778
• URL: Github

Description

Cloud storage bucket should have logging enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

apiVersion: storage.gcp.crossplane.io/v1alpha3
kind: Bucket
metadata:
  name: bucketSample
spec:
  location: EU
  storageClass: MULTI_REGIONAL
  providerConfigRef:
    name: crossplane-gcp
  labels:
    made-by: crossplane
  deletionPolicy: Delete

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

apiVersion: storage.gcp.crossplane.io/v1alpha3
kind: Bucket
metadata:
  name: bucketSample
spec:
  location: EU
  logging:
    logBucket: example-logs-bucket
  storageClass: MULTI_REGIONAL
  providerConfigRef:
    name: crossplane-gcp
  labels:
    made-by: crossplane
  deletionPolicy: Delete