BigQuery Dataset Is Public

  • Query id: e576ce44-dd03-4022-a8c0-3906acca2ab4
  • Query name: BigQuery Dataset Is Public
  • Platform: Terraform
  • Severity: High
  • Category: Access Control
  • CWE: 732
  • URL: Github

Description

BigQuery dataset is anonymously or publicly accessible
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "google_bigquery_dataset" "positive1" {
  dataset_id                  = "example_dataset"
  friendly_name               = "test"
  description                 = "This is a test description"
  location                    = "EU"
  default_table_expiration_ms = 3600000

  labels = {
    env = "default"
  }

  access {
    role          = "OWNER"
    special_group = "allAuthenticatedUsers"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
# negative sample
resource "google_bigquery_dataset" "negative1" {
  dataset_id                  = "example_dataset"
  friendly_name               = "test"
  description                 = "This is a test description"
  location                    = "EU"
  default_table_expiration_ms = 3600000

  labels = {
    env = "default"
  }

  access {
    role          = "OWNER"
    user_by_email = google_service_account.bqowner.email
  }

  access {
    role   = "READER"
    domain = "hashicorp.com"
  }
}