Check for Sufficient Data Retention Period for Cloud Storage Buckets
ID: gcloud-insufficient-data-retention-period
Severity: medium
Author: princechaddha
Tags: cloud,devops,gcp,gcloud,google-cloud-storage,retention,security,compliance,gcp-cloud-config
Description
Section titled “Description”Ensure that the objects stored within your Google Cloud Storage buckets have a sufficient data retention period configured to meet security and compliance requirements. Retention policies prevent the deletion or modification of objects for a specified duration.
YAML Source
Section titled “YAML Source”id: gcloud-insufficient-data-retention-period
info: name: Check for Sufficient Data Retention Period for Cloud Storage Buckets author: princechaddha severity: medium description: | Ensure that the objects stored within your Google Cloud Storage buckets have a sufficient data retention period configured to meet security and compliance requirements. Retention policies prevent the deletion or modification of objects for a specified duration. impact: | Insufficient retention periods can lead to data being prematurely deleted, resulting in potential security, compliance, and operational risks. remediation: | Configure a sufficient data retention period for your Google Cloud Storage buckets based on your organization's security and compliance policies. reference: - https://cloud.google.com/storage/docs/bucket-lock tags: cloud,devops,gcp,gcloud,google-cloud-storage,retention,security,compliance,gcp-cloud-config
flow: | code(1) for(let projectId of iterate(template.projectIds)){ set("projectId", projectId) code(2) for(let bucketName of iterate(template.buckets)){ set("bucketName", bucketName) code(3) } }
self-contained: true
code: - engine: - sh - bash source: | gcloud projects list --format="json(projectId)"
extractors: - type: json name: projectIds internal: true json: - '.[].projectId'
- engine: - sh - bash source: | gsutil ls -p $projectId | jq -R . | jq -s .
extractors: - type: json name: buckets internal: true json: - '.[]'
- engine: - sh - bash source: | gsutil retention get $bucketName
matchers: - type: word words: - 'no Retention Policy'
extractors: - type: dsl dsl: - '"The bucket " + bucketName + " in project " + projectId + " does not have a sufficient retention period configured or the retention policy is unlocked."'# digest: 4a0a0047304502207f5416cd328cd9c1c6aaf0c142bec14b386177b045f39f031b1d4e49bda28530022100e769e089a1df86a265f135fb02e6f6c875b33d3fed709e1ae6ff6f1690990656:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "cloud/gcp/storage/gcloud-insufficient-data-retention-period.yaml"