PostgreSQL log_checkpoints Flag Not Set To ON

• Query id: 89afe3f0-4681-4ce3-89ed-896cebd4277c
• Query name: PostgreSQL log_checkpoints Flag Not Set To ON
• Platform: Ansible
• Severity: Medium
• Category: Observability
• CWE: 20
• URL: Github

Description

PostgreSQL database instance should have a 'log_checkpoints' flag with its value set to 'on'
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file

- name: create instance
  google.cloud.gcp_sql_instance:
    name: GCP instance
    settings:
      databaseFlags:
      - name: log_checkpoints
        value: off
      tier: db-n1-standard-1
    region: us-central1
    project: test_project
    database_version: POSTGRES_9_6
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
- name: create another instance
  google.cloud.gcp_sql_instance:
    name: GCP instance 2
    settings:
      tier: db-n1-standard-1
    region: us-central1
    project: test_project
    database_version: POSTGRES_9_6
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present

Code samples without security vulnerabilities

Negative test num. 1 - yaml file

- name: create a instance
  google.cloud.gcp_sql_instance:
    name: GCP instance
    settings:
      databaseFlags:
      - name: log_checkpoints
        value: on
      tier: db-n1-standard-1
    region: us-central1
    project: test_project
    database_version: POSTGRES_9_6
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present