Cloud Storage Bucket Is Publicly Accessible

  • Query id: 77c1fa3f-83dc-4c9d-bfed-e1d0cc8fd9dc
  • Query name: Cloud Storage Bucket Is Publicly Accessible
  • Platform: GoogleDeploymentManager
  • Severity: Medium
  • Category: Access Control
  • CWE: 1188
  • URL: Github

Description

Cloud Storage Bucket is anonymously or publicly accessible
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
resources:
  - name: bucket-access-control
    type: storage.v1.bucketAccessControl
    properties:
      entity: allUsers
Positive test num. 2 - yaml file
resources:
  - name: bucket-access-control
    type: storage.v1.bucketAccessControl
    properties:
      entity: allAuthenticatedUsers

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
  - name: bucket-access-control
    type: storage.v1.bucketAccessControl
    properties:
      storageClass: STANDARD
      location: EUROPE-WEST3
Negative test num. 2 - yaml file
resources:
  - name: bucket-access-control
    type: storage.v1.bucketAccessControl
    properties:
      storageClass: STANDARD
      location: EUROPE-WEST3
      entity: user-liz@example.com