Google Compute Network Using Firewall Rule that Allows Port Range
- Query id: e6f61c37-106b-449f-a5bb-81bfcaceb8b4
- Query name: Google Compute Network Using Firewall Rule that Allows Port Range
- Platform: Terraform
- Severity: Low
- Category: Networking and Firewall
- CWE: 285
- URL: Github
Description¶
Google Compute Network should not use a firewall rule that allows port range
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "google_compute_firewall" "positive1" {
name = "test-firewall"
network = google_compute_network.positive1.name
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["80", "8080", "1000-2000"]
}
source_tags = ["web"]
}
resource "google_compute_network" "positive1" {
name = "test-network"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "google_compute_firewall" "negative1" {
name = "test-firewall"
network = google_compute_network.negative1.name
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["80", "8080"]
}
source_tags = ["web"]
}
resource "google_compute_network" "negative1" {
name = "test-network"
}