Google Storage Bucket Level Access Disabled

• Query id: 1239f54b-33de-482a-8132-faebe288e6a6
• Query name: Google Storage Bucket Level Access Disabled
• Platform: GoogleDeploymentManager
• Severity: High
• Category: Insecure Configurations
• CWE: 1357
• URL: Github

Description

Google Storage Bucket Level Access should be enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

resources:
- name: a-new-pubsub-topic1
  type: storage.v1.bucket
  properties:
    storageClass: STANDARD
    location: EUROPE-WEST3
    versioning:
      enabled: true
    iamConfiguration:
      uniformBucketLevelAccess:
        enabled: false

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

resources:
- name: a-new-pubsub-topic2
  type: storage.v1.bucket
  properties:
    storageClass: STANDARD
    location: EUROPE-WEST3
    versioning:
      enabled: true
    iamConfiguration:
      uniformBucketLevelAccess:
        enabled: true