We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When scanning a GCP Project with a bucket with public access enabled (AllUsers), the current ScoutSuite logic will never flag it.
The current ScoutSuite logic is as follows:
"conditions": [ "and", ["or", [ "cloudstorage.projects.id.buckets.id.member_bindings", "withKey", "_ARG_0_" ], [ "cloudstorage.projects.id.buckets.id.acls", "containString", "_ARG_0_" ] ], [ "cloudstorage.projects.id.buckets.id.public_access_prevention", "notEqual", "enforced" ], [ "cloudstorage.projects.id.buckets.id.public_access_prevention", "notEqual", "inherited" ] ],
but according to Google documentation about public access prevention
the bucket state can only be set to enforced or inherited
so one of these will always be false
[ "cloudstorage.projects.id.buckets.id.public_access_prevention", "notEqual", "enforced" ], [ "cloudstorage.projects.id.buckets.id.public_access_prevention", "notEqual", "inherited" ]
making the whole condition always false.
Credits to @martinpestoni who found the issue.
The text was updated successfully, but these errors were encountered:
#1597 fixes this bug
Sorry, something went wrong.
No branches or pull requests
When scanning a GCP Project with a bucket with public access enabled (AllUsers), the current ScoutSuite logic will never flag it.
The current ScoutSuite logic is as follows:
but according to Google documentation about public access prevention
so one of these will always be false
making the whole condition always false.
Credits to @martinpestoni who found the issue.
The text was updated successfully, but these errors were encountered: