BigQuery Dataset Is Public

• Query id: 83103dff-d57f-42a8-bd81-40abab64c1a7
• Query name: BigQuery Dataset Is Public
• Platform: GoogleDeploymentManager
• Severity: High
• Category: Access Control
• URL: Github

Description

BigQuery dataset is anonymously or publicly accessible. Attribute access.specialGroup should not contain 'allAuthenticatedUsers'
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

resources:
  - name: bigquery
    type: bigquery.v2.dataset
    properties:
      access:
        - role: owner
          specialGroup: allAuthenticatedUsers
        - role: owner
          specialGroup: my-group

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

resources:
  - name: bigquery
    type: bigquery.v2.dataset
    properties:
      access:
        - role: owner
          specialGroup: my-group

Negative test num. 2 - yaml file

resources:
  - name: bigquery
    type: bigquery.v2.dataset
    properties:
      description: my-bigquery