OSS Bucket Public Access Enabled
- Query id: 62232513-b16f-4010-83d7-51d0e1d45426
- Query name: OSS Bucket Public Access Enabled
- Platform: Terraform
- Severity: High
- Category: Access Control
- CWE: 284
- URL: Github
Description¶
OSS Bucket should have public access disabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "alicloud_oss_bucket" "bucket_public_access_enabled2" {
bucket = "bucket-170309-acl"
acl = "public-read"
}
Positive test num. 2 - tf file
resource "alicloud_oss_bucket" "bucket_public_access_enabled3" {
bucket = "bucket-170309-acl"
acl = "public-read-write"
}
resource "alicloud_oss_bucket" "bucket-logging" {
bucket = "bucket-170309-logging"
logging {
target_bucket = alicloud_oss_bucket.bucket-target.id
target_prefix = "log/"
}
}