BOM - GCP PD

  • Query id: 268c65a8-58ad-43e4-9019-1a9bbc56749f
  • Query name: BOM - GCP PD
  • Platform: GoogleDeploymentManager
  • Severity: Trace
  • Category: Bill Of Materials
  • CWE: 200
  • URL: Github

Description

A list of Persistent Disk resources found. Persistent Disk is Google's local durable storage service, fully integrated with Google Cloud products, Compute Engine and Google Kubernetes Engine.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
resources:
- type: compute.v1.disk
  name: disk-1-data
  properties:
    sizeGb: 10
    zone: us-east1-c
    diskEncryptionKey:
      sha_256: 68b4caecf5d5130426a8b8f0222cdd7f31232b5c99a5bf0daf19099e26e2ec29
      rawKey: SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=
- type: compute.v1.disk
  name: disk-2-data
  properties:
    sizeGb: 10
    zone: us-east1-c
    diskEncryptionKey:
      sha_256: 68b4caecf5d5130426a8b8f0222cdd7f31232b5c99a5bf0daf19099e26e2ec29
      kmsKeyName: disk-crypto-key
- type: compute.v1.disk
  name: disk-3-data
  properties:
    sizeGb: 10
    zone: us-east1-c
- type: compute.v1.disk
  name: disk-4-data
  properties:
    sizeGb: 10
    zone: us-east1-c
    diskEncryptionKey:
      sha_256: 68b4caecf5d5130426a8b8f0222cdd7f31232b5c99a5bf0daf19099e26e2ec29
- type: compute.v1.disk
  name: disk-5-data
  properties:
    sizeGb: 10
    zone: us-east1-c
    diskEncryptionKey:
      sha_256: 68b4caecf5d5130426a8b8f0222cdd7f31232b5c99a5bf0daf19099e26e2ec29
      rawKey: ""

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
- name: vm-template4
  type: compute.v1.instance
  properties:
    zone: us-central1-a
    machineType: zones/us-central1-a/machineTypes/n1-standard-1
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        sourceImage: projects/debian-cloud/global/images/family/debian-9
      diskEncryptionKey:
        sha_256: 68b4caecf5d5130426a8b8f0222cdd7f31232b5c99a5bf0daf19099e26e2ec29
        rawKey: SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=
    networkInterfaces:
    - network: global/networks/default