BOM - GCP SB

  • Query id: c7781feb-a955-4f9f-b9cf-0d7c6f54bb59
  • Query name: BOM - GCP SB
  • Platform: GoogleDeploymentManager
  • Severity: Trace
  • Category: Bill Of Materials
  • CWE: 200
  • URL: Github

Description

A list of Storage Bucket resources found. Buckets are the basic containers that hold your data. Everything that you store in Cloud Storage must be contained in a bucket.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
resources:
- name: sample-input
  type: storage.v1.bucket
  properties:
    storageClass: STANDARD
    location: EUROPE-WEST3
    iamConfiguration:
      uniformBucketLevelAccess:
        enabled: true
    encryption:
      defaultKmsKeyName: some-key
- name: sample-input2
  type: storage.v1.bucket
  properties:
    storageClass: STANDARD
    location: EUROPE-WEST3
    iamConfiguration:
      uniformBucketLevelAccess:
        enabled: true
- name: sample-input3
  type: storage.v1.bucket
  properties:
    storageClass: STANDARD
    location: EUROPE-WEST3
    iamConfiguration:
      uniformBucketLevelAccess:
        enabled: true
    acl:
    - entity: "project-viewers-ucg-configuration-project"
      role: READER
    - entity: allUsers
      role: READER
- name: sample-input4
  type: storage.v1.bucket
  properties:
    storageClass: STANDARD
    location: EUROPE-WEST3
    iamConfiguration:
      uniformBucketLevelAccess:
        enabled: true
    defaultObjectAcl:
    - entity: allUsers
      role: READER
- name: sample-input5
  type: storage.v1.bucket
  properties:
    storageClass: STANDARD
    location: EUROPE-WEST3
    iamConfiguration:
      uniformBucketLevelAccess:
        enabled: true
- name: sample-ac
  type: storage.v1.bucketAccessControl
  properties:
    bucket: sample-input5
    entity: allUsers
    role: OWNER

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
- name: vm-template4
  type: compute.v1.instance
  properties:
    zone: us-central1-a
    machineType: zones/us-central1-a/machineTypes/n1-standard-1
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        sourceImage: projects/debian-cloud/global/images/family/debian-9
      diskEncryptionKey:
        sha_256: 68b4caecf5d5130426a8b8f0222cdd7f31232b5c99a5bf0daf19099e26e2ec29
        rawKey: SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0=
    networkInterfaces:
    - network: global/networks/default