gcloud-insufficient-data-retention-period: Check for Sufficient Data Retention Period for Cloud Storage Buckets

日期: 2025-08-01 | 影响软件: gcloud | POC: 已公开

漏洞描述

Ensure that the objects stored within your Google Cloud Storage buckets have a sufficient data retention period configured to meet security and compliance requirements. Retention policies prevent the deletion or modification of objects for a specified duration.

PoC代码[已公开]

id: gcloud-insufficient-data-retention-period

info:
  name: Check for Sufficient Data Retention Period for Cloud Storage Buckets
  author: princechaddha
  severity: medium
  description: |
    Ensure that the objects stored within your Google Cloud Storage buckets have a sufficient data retention period configured to meet security and compliance requirements. Retention policies prevent the deletion or modification of objects for a specified duration.
  impact: |
    Insufficient retention periods can lead to data being prematurely deleted, resulting in potential security, compliance, and operational risks.
  remediation: |
    Configure a sufficient data retention period for your Google Cloud Storage buckets based on your organization's security and compliance policies.
  reference:
    - https://cloud.google.com/storage/docs/bucket-lock
  tags: cloud,devops,gcp,gcloud,google-cloud-storage,retention,security,compliance,gcp-cloud-config

flow: |
  code(1)
  for(let projectId of iterate(template.projectIds)){
    set("projectId", projectId)
    code(2)
    for(let bucketName of iterate(template.buckets)){
      set("bucketName", bucketName)
      code(3)
    }
  }

self-contained: true

code:
  - engine:
      - sh
      - bash
    source: |
      gcloud projects list --format="json(projectId)"

    extractors:
      - type: json
        name: projectIds
        internal: true
        json:
          - '.[].projectId'

  - engine:
      - sh
      - bash
    source: |
      gsutil ls -p $projectId | jq -R . | jq -s .

    extractors:
      - type: json
        name: buckets
        internal: true
        json:
          - '.[]'

  - engine:
      - sh
      - bash
    source: |
      gsutil retention get $bucketName

    matchers:
      - type: word
        words:
          - 'no Retention Policy'

    extractors:
      - type: dsl
        dsl:
          - '"The bucket " + bucketName + " in project " + projectId + " does not have a sufficient retention period configured or the retention policy is unlocked."'
# digest: 4a0a0047304502207f5416cd328cd9c1c6aaf0c142bec14b386177b045f39f031b1d4e49bda28530022100e769e089a1df86a265f135fb02e6f6c875b33d3fed709e1ae6ff6f1690990656:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./cloud/gcp/storage/gcloud-insufficient-data-retention-period.yaml

相关漏洞推荐