mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-09 20:23:21 +08:00
72 lines
2.1 KiB
YAML
72 lines
2.1 KiB
YAML
id: gcloud-object-versioning-not-enabled
|
|
|
|
info:
|
|
name: Enable Object Versioning for Cloud Storage Buckets
|
|
author: princechaddha
|
|
severity: medium
|
|
description: |
|
|
Ensure that your Cloud Storage buckets are configured with object versioning to protect your object data from being overwritten or accidentally deleted. Object versioning allows multiple variants of an object to be stored in the same bucket, enabling data recovery and restoration.
|
|
impact: |
|
|
Without object versioning, data loss or accidental overwrites cannot be recovered, leading to potential operational disruptions or compliance issues.
|
|
remediation: |
|
|
Enable object versioning for your Cloud Storage buckets to preserve object versions and allow for data recovery.
|
|
reference:
|
|
- https://cloud.google.com/storage/docs/object-versioning
|
|
tags: cloud,devops,gcp,gcloud,google-cloud-storage,object-versioning,backup,gcp-cloud-config
|
|
|
|
flow: |
|
|
code(1)
|
|
for(let projectId of iterate(template.projectIds)){
|
|
set("projectId", projectId)
|
|
code(2)
|
|
for(let bucketName of iterate(template.buckets)){
|
|
set("bucketName", bucketName)
|
|
code(3)
|
|
}
|
|
}
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
gcloud projects list --format="json(projectId)"
|
|
|
|
extractors:
|
|
- type: json
|
|
name: projectIds
|
|
internal: true
|
|
json:
|
|
- '.[].projectId'
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
gsutil ls -p $projectId | jq -R . | jq -s .
|
|
|
|
extractors:
|
|
- type: json
|
|
name: buckets
|
|
internal: true
|
|
json:
|
|
- '.[]'
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
gsutil versioning get $bucketName
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- 'Suspended'
|
|
|
|
extractors:
|
|
- type: dsl
|
|
dsl:
|
|
- '"Object versioning is not enabled for the bucket " + bucketName + " in project " + projectId'
|
|
# digest: 490a004630440220477f24518070b2a6dfce93bdcd2563f055d3da0a95ec935418b97a3768728a7e02205b8995667957a9d1897cecc1ea9749b5e28e5d026780823cee7f969aab1cdb37:922c64590222798bb761d5b6d8e72950 |