Google Compute Network Using Default Firewall Rule
- Query id: 29b8224a-60e9-4011-8ac2-7916a659841f
- Query name: Google Compute Network Using Default Firewall Rule
- Platform: Ansible
- Severity: Medium
- Category: Networking and Firewall
- CWE: 1188
- URL: Github
Description¶
Google Compute Network should not use default firewall rule
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: create a firewall2
google.cloud.gcp_compute_firewall:
name: default
allowed:
- ip_protocol: tcp
ports:
- '22'
state: present
network: "{{ my_network2 }}"
- name: create a network2
google.cloud.gcp_compute_network:
name: test_object2
auto_create_subnetworks: 'true'
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
register: my_network2
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: create a firewall
google.cloud.gcp_compute_firewall:
name: test_object
allowed:
- ip_protocol: tcp
ports:
- '22'
target_tags:
- test-ssh-server
- staging-ssh-server
source_tags:
- test-ssh-clients
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
network: "{{ my_network }}"
- name: create a network
google.cloud.gcp_compute_network:
name: test_object
auto_create_subnetworks: 'true'
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
register: my_network