BOM - GCP PST

  • Query id: 4b82202a-b18e-4891-a1eb-a0989850bbb3
  • Query name: BOM - GCP PST
  • Platform: Terraform
  • Severity: Trace
  • Category: Bill Of Materials
  • CWE: 532
  • URL: Github

Description

A list of Pub/Sub Topic resources found. Cloud Pub/Sub is designed to provide reliable, many-to-many, asynchronous messaging between applications. Publisher applications can send messages to a 'topic' and other applications can subscribe to that topic to receive the messages.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "google_pubsub_topic_iam_binding" "binding" {
  project = google_pubsub_topic.example.project
  topic = google_pubsub_topic.example1.name
  role = "roles/viewer"
  members = [
    "user:jane@example.com",
  ]
}

resource "google_pubsub_topic_iam_member" "member" {
  project = google_pubsub_topic.example.project
  topic = google_pubsub_topic.example2.name
  role = "roles/viewer"
  member = "user:jane@example.com"
}

resource "google_pubsub_topic_iam_binding" "binding_public" {
  project = google_pubsub_topic.example.project
  topic = google_pubsub_topic.example3.name
  role = "roles/pubsub.publisher"
  members = [
    "allUsers",
    "allAuthenticatedUsers"
  ]
}

resource "google_pubsub_topic_iam_member" "member_public" {
  project = google_pubsub_topic.example.project
  topic = google_pubsub_topic.example4.name
  role = "roles/pubsub.publisher"
  member = "allUsers"
}

resource "google_pubsub_topic" "example1" {
  name         = "example-topic"
  kms_key_name = google_kms_crypto_key.crypto_key.id
}

resource "google_pubsub_topic" "example2" {
  name         = "example-topic"
  kms_key_name = google_kms_crypto_key.crypto_key.id
}

resource "google_pubsub_topic" "example3" {
  name = "example-topic"

  labels = {
    foo = "bar"
  }

  message_retention_duration = "86600s"
}

resource "google_pubsub_topic" "example4" {
  name = "example-topic"

  labels = {
    foo = "bar"
  }

  message_retention_duration = "86600s"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
# negative sample
resource "google_bigquery_dataset" "negative1" {
  dataset_id                  = "example_dataset"
  friendly_name               = "test"
  description                 = "This is a test description"
  location                    = "EU"
  default_table_expiration_ms = 3600000

  labels = {
    env = "default"
  }

  access {
    role          = "OWNER"
    user_by_email = google_service_account.bqowner.email
  }

  access {
    role   = "READER"
    domain = "hashicorp.com"
  }
}