OSS Bucket Lifecycle Rule Disabled

  • Query id: 7db8bd7e-9772-478c-9ec5-4bc202c5686f
  • Query name: OSS Bucket Lifecycle Rule Disabled
  • Platform: Terraform
  • Severity: Low
  • Category: Backup
  • CWE: 664
  • URL: Github

Description

OSS Bucket should have lifecycle rule enabled and set to true
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "alicloud_oss_bucket" "oss_bucket_lifecycle_enabled2" {
  bucket = "bucket-170309-lifecycle"
  acl    = "public-read"

  lifecycle_rule {
    id      = "rule-days"
    prefix  = "path1/"
    enabled = false

    expiration {
      days = 365
    }
  }
  lifecycle_rule {
    id      = "rule-date"
    prefix  = "path2/"
    enabled = true

    expiration {
      date = "2018-01-12"
    }
  }
}
Positive test num. 2 - tf file
resource "alicloud_oss_bucket" "oss_bucket_lifecycle_enabled3" {
  bucket = "bucket-170309-versioning"
  acl    = "private"

  versioning {
    status = "Enabled"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "alicloud_oss_bucket" "oss_bucket_lifecycle_enabled1" {
  bucket = "bucket-170309-lifecycle"
  acl    = "public-read"

  lifecycle_rule {
    id      = "rule-days"
    prefix  = "path1/"
    enabled = true

    expiration {
      days = 365
    }
  }
  lifecycle_rule {
    id      = "rule-date"
    prefix  = "path2/"
    enabled = true

    expiration {
      date = "2018-01-12"
    }
  }
}