PostgreSQL Misconfigured Logging Duration Flag

  • Query id: aed98a2a-e680-497a-8886-277cea0f4514
  • Query name: PostgreSQL Misconfigured Logging Duration Flag
  • Platform: Ansible
  • Severity: High
  • Category: Insecure Configurations
  • URL: Github

Description

PostgreSQL database 'log_min_duration_statement' flag isn't set to '-1'
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: sql_instance
  google.cloud.gcp_sql_instance:
    auth_kind: serviceaccount
    database_version: SQLSERVER_13_1
    name: "{{ resource_name }}-2"
    project: test_project
    region: us-central1
    service_account_file: /tmp/auth.pem
    settings:
      database_flags:
      - name: log_min_duration_statement
        value: 0
      tier: db-n1-standard-1
    state: present

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: sql_instance
  google.cloud.gcp_sql_instance:
    auth_kind: serviceaccount
    database_version: SQLSERVER_13_1
    name: '{{ resource_name }}-2'
    project: test_project
    region: us-central1
    service_account_file: /tmp/auth.pem
    settings:
      database_flags:
      - name: log_min_duration_statement
        value: -1
      tier: db-n1-standard-1
    state: present