BOM - GCP SB

  • Query id: 2f06d22c-56bd-4f73-8a51-db001fcf2150
  • Query name: BOM - GCP SB
  • Platform: Terraform
  • Severity: Trace
  • Category: Bill Of Materials
  • CWE: 532
  • URL: Github

Description

A list of Storage Bucket resources found. Buckets are the basic containers that hold your data. Everything that you store in Cloud Storage must be contained in a bucket.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "google_storage_bucket_access_control" "public_rule" {
  bucket = google_storage_bucket.bucket.name
  role   = "READER"
  entity = "allUsers"
}

resource "google_storage_bucket" "bucket" {
  name     = "static-content-bucket"
  location = "US"
}


resource "google_storage_bucket_iam_binding" "binding" {
  bucket = google_storage_bucket.bucket2.name
  role = "roles/storage.admin"
  members = [
    "allUsers",
  ]
}

resource "google_storage_bucket" "bucket2" {
  name     = "static-content-bucket"
  location = "US"
  encryption {
    default_kms_key_name = "somekey"
  }
}

resource "google_storage_bucket_iam_member" "member" {
  bucket = google_storage_bucket.bucket3.name
  role = "roles/storage.admin"
  member = "user:jane@example.com"
}

resource "google_storage_bucket" "bucket3" {
  name     = "static-content-bucket"
  location = "US"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
# negative sample
resource "google_bigquery_dataset" "negative1" {
  dataset_id                  = "example_dataset"
  friendly_name               = "test"
  description                 = "This is a test description"
  location                    = "EU"
  default_table_expiration_ms = 3600000

  labels = {
    env = "default"
  }

  access {
    role          = "OWNER"
    user_by_email = google_service_account.bqowner.email
  }

  access {
    role   = "READER"
    domain = "hashicorp.com"
  }
}