Google Compute Network Using Firewall Rule that Allows All Ports
- Query id: 22ef1d26-80f8-4a6c-8c15-f35aab3cac78
- Query name: Google Compute Network Using Firewall Rule that Allows All Ports
- Platform: Terraform
- Severity: Medium
- Category: Networking and Firewall
- URL: Github
Description¶
Google Compute Network should not use a firewall rule that allows all ports
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "google_compute_firewall" "positive1" {
name = "test-firewall"
network = google_compute_network.positive1.name
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["0-65535"]
}
source_tags = ["web"]
}
resource "google_compute_network" "positive1" {
name = "test-network"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "google_compute_firewall" "negative1" {
name = "test-firewall"
network = google_compute_network.negative1.name
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["80", "8080"]
}
source_tags = ["web"]
}
resource "google_compute_network" "negative1" {
name = "test-network"
}