Storage Share File Allows All ACL Permissions
- Query id: 48bbe0fd-57e4-4678-a4a1-119e79c90fc3
- Query name: Storage Share File Allows All ACL Permissions
- Platform: Terraform
- Severity: Medium
- Category: Access Control
- CWE: 732
- URL: Github
Description¶
Azure Storage Share File should not allow all ACL (Access Control List) permissions - r (read), w (write), d (delete), and l (list).
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_storage_share" "example" {
name = "sharename"
storage_account_name = azurerm_storage_account.example.name
quota = 50
acl {
id = "MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI"
access_policy {
permissions = "rwdl"
start = "2022-07-02T09:38:21.0000000Z"
expiry = "2021-07-02T10:38:21.0000000Z"
}
}
}
resource "azurerm_storage_share_file" "example" {
name = "my-awesome-content.zip"
storage_share_id = azurerm_storage_share.example.id
source = "some-local-file.zip"
}