Automatic Storage Increase Disabled for Google Cloud SQL Instances
ID: gcloud-sql-auto-storage-disabled
Severity: high
Author: princechaddha
Tags: cloud,devops,gcp,gcloud,google-cloud-sql,gcp-cloud-config
Description
Section titled “Description”Ensure that the Automatic Storage Increase feature is enabled for your production Google Cloud SQL database instances. This feature prevents database servers from running out of storage space and becoming read-only, disrupting normal operations. When a database instance runs out of available space, it can drop existing connections and cause downtime, potentially violating the Google Cloud SQL Service Level Agreement (SLA).
YAML Source
Section titled “YAML Source”id: gcloud-sql-auto-storage-disabled
info: name: Automatic Storage Increase Disabled for Google Cloud SQL Instances author: princechaddha severity: high description: | Ensure that the Automatic Storage Increase feature is enabled for your production Google Cloud SQL database instances. This feature prevents database servers from running out of storage space and becoming read-only, disrupting normal operations. When a database instance runs out of available space, it can drop existing connections and cause downtime, potentially violating the Google Cloud SQL Service Level Agreement (SLA). impact: | If Automatic Storage Increase is disabled, Cloud SQL database instances may run out of space, leading to service disruptions, dropped connections, and downtime. remediation: | Enable the Automatic Storage Increase feature for your Google Cloud SQL database instances to prevent storage exhaustion and ensure uninterrupted operations. reference: - https://cloud.google.com/sql/docs/overview#automatic-storage-increase tags: cloud,devops,gcp,gcloud,google-cloud-sql,gcp-cloud-config
flow: | code(1) for(let projectId of iterate(template.projectIds)){ set("projectId", projectId) code(2) for(let sqlInstance of iterate(template.sqlInstances)){ set("sqlInstance", sqlInstance) code(3) } }
self-contained: true
code: - engine: - sh - bash source: | gcloud projects list --format="json(projectId)"
extractors: - type: json name: projectIds internal: true json: - '.[].projectId'
- engine: - sh - bash source: | gcloud sql instances list --project $projectId --format="json(name)"
extractors: - type: json name: sqlInstances internal: true json: - '.[].name'
- engine: - sh - bash source: | gcloud sql instances describe $sqlInstance --format="value(settings.storageAutoResize)"
matchers: - type: word words: - 'False' condition: or
extractors: - type: dsl dsl: - '"Automatic Storage Increase is disabled for SQL instance " + sqlInstance + " in project " + projectId'# digest: 490a00463044022034f0b736298bed60d74658f208392e24b52d8aa2b1ff2dc509a5c17b3ff9221402200b12677cba62b9a83955fc3c86e3c8c022578c953fc176c8ad637f64c6c20f35:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "cloud/gcp/sql/gcloud-sql-auto-storage-disabled.yaml"