Beta - Google DNS Policy Logging Disabled

• Query id: cc9e464e-5abc-4c8f-8077-a9aa7ebe6a05
• Query name: Beta - Google DNS Policy Logging Disabled
• Platform: Terraform
• Severity: Medium
• Category: Observability
• CWE: 778
• Risk score: 3.0
• URL: Github

Description

The 'google_dns_policy' should always have the 'enable_logging' field set to true
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "google_dns_policy" "example-policy" {
  name                      = "example-policy"
  enable_inbound_forwarding = true

}

resource "google_dns_policy" "example-policy-2" {
  name                      = "example-policy-2"
  enable_inbound_forwarding = true

  enable_logging = false
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "google_dns_policy" "example-policy" {
  name                      = "example-policy"
  enable_inbound_forwarding = true

  enable_logging = true
}