BOM - GCP SB
- Query id: 2f06d22c-56bd-4f73-8a51-db001fcf2150
- Query name: BOM - GCP SB
- Platform: Terraform
- Severity: Trace
- Category: Bill Of Materials
- CWE: 532
- URL: Github
Description¶
A list of Storage Bucket resources found. Buckets are the basic containers that hold your data. Everything that you store in Cloud Storage must be contained in a bucket.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "google_storage_bucket_access_control" "public_rule" {
bucket = google_storage_bucket.bucket.name
role = "READER"
entity = "allUsers"
}
resource "google_storage_bucket" "bucket" {
name = "static-content-bucket"
location = "US"
}
resource "google_storage_bucket_iam_binding" "binding" {
bucket = google_storage_bucket.bucket2.name
role = "roles/storage.admin"
members = [
"allUsers",
]
}
resource "google_storage_bucket" "bucket2" {
name = "static-content-bucket"
location = "US"
encryption {
default_kms_key_name = "somekey"
}
}
resource "google_storage_bucket_iam_member" "member" {
bucket = google_storage_bucket.bucket3.name
role = "roles/storage.admin"
member = "user:jane@example.com"
}
resource "google_storage_bucket" "bucket3" {
name = "static-content-bucket"
location = "US"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
# negative sample
resource "google_bigquery_dataset" "negative1" {
dataset_id = "example_dataset"
friendly_name = "test"
description = "This is a test description"
location = "EU"
default_table_expiration_ms = 3600000
labels = {
env = "default"
}
access {
role = "OWNER"
user_by_email = google_service_account.bqowner.email
}
access {
role = "READER"
domain = "hashicorp.com"
}
}