BOM - GCP PD
- Query id: dd7d70aa-a6ec-460d-b5d2-38b40253b16f
- Query name: BOM - GCP PD
- Platform: Terraform
- Severity: Trace
- Category: Bill Of Materials
- CWE: 532
- URL: Github
Description¶
A list of Persistent Disk resources found. Persistent Disk is Google's local durable storage service, fully integrated with Google Cloud products, Compute Engine and Google Kubernetes Engine.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "google_compute_disk" "positive1" {
name = "test-disk"
type = "pd-ssd"
zone = "us-central1-a"
image = "debian-9-stretch-v20200805"
labels = {
environment = "dev"
}
physical_block_size_bytes = 4096
}
resource "google_compute_disk" "positive2" {
name = "test-disk"
type = "pd-ssd"
zone = "us-central1-a"
image = "debian-9-stretch-v20200805"
labels = {
environment = "dev"
}
physical_block_size_bytes = 4096
disk_encryption_key {
sha256 = "A"
}
}
resource "google_compute_disk" "positive3" {
name = "test-disk"
type = "pd-ssd"
zone = "us-central1-a"
image = "debian-9-stretch-v20200805"
labels = {
environment = "dev"
}
physical_block_size_bytes = 4096
disk_encryption_key {
raw_key = ""
sha256 = "A"
}
}
resource "google_compute_disk" "positive4" {
name = "test-disk"
type = "pd-ssd"
zone = "us-central1-a"
image = "debian-9-stretch-v20200805"
labels = {
environment = "dev"
}
physical_block_size_bytes = 4096
disk_encryption_key {
kms_key_self_link = ""
sha256 = "A"
}
}
resource "google_compute_disk" "negative1" {
name = "test-disk"
type = "pd-ssd"
zone = "us-central1-a"
image = "debian-9-stretch-v20200805"
labels = {
environment = "dev"
}
physical_block_size_bytes = 4096
disk_encryption_key {
kms_key_self_link = "disk-crypto-key"
sha256 = "A"
}
}
resource "google_compute_disk" "negative2" {
name = "test-disk"
type = "pd-ssd"
zone = "us-central1-a"
image = "debian-9-stretch-v20200805"
labels = {
environment = "dev"
}
physical_block_size_bytes = 4096
disk_encryption_key {
raw_key = "SGVsbG8gZnJvbSBHb29nbGUgQ2xvdWQgUGxhdGZvcm0="
sha256 = "A"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
# negative sample
resource "google_bigquery_dataset" "negative1" {
dataset_id = "example_dataset"
friendly_name = "test"
description = "This is a test description"
location = "EU"
default_table_expiration_ms = 3600000
labels = {
env = "default"
}
access {
role = "OWNER"
user_by_email = google_service_account.bqowner.email
}
access {
role = "READER"
domain = "hashicorp.com"
}
}