Skip to content
Nuclei Templates

Trace Flag 3625 Enabled in SQL Server Database Instances

ID: gcloud-sql-trace-3625-enabled

Severity: medium

Author: princechaddha

Tags: cloud,devops,gcp,gcloud,google-cloud-sql,sqlserver,gcp-cloud-config

Description

Section titled “Description”

Ensure that the 3625 trace flag is turned off for all your Google Cloud SQL Server database instances to follow security best practices. Trace flag 3625 controls the format of certain error messages, which may reveal sensitive information if enabled.

YAML Source

Section titled “YAML Source”
id: gcloud-sql-trace-3625-enabled


info:
  name: Trace Flag 3625 Enabled in SQL Server Database Instances
  author: princechaddha
  severity: medium
  description: |
    Ensure that the 3625 trace flag is turned off for all your Google Cloud SQL Server database instances to follow security best practices. Trace flag 3625 controls the format of certain error messages, which may reveal sensitive information if enabled.
  impact: |
    Enabling the 3625 trace flag may expose sensitive information through detailed error messages, potentially violating security best practices and compliance requirements.
  remediation: |
    Disable the 3625 trace flag in your SQL Server database instance configuration to enhance security and protect sensitive information.
  reference:
    - https://cloud.google.com/sql/docs/sqlserver/flags
  tags: cloud,devops,gcp,gcloud,google-cloud-sql,sqlserver,gcp-cloud-config


flow: |
  code(1)
  for(let projectId of iterate(template.projectIds)){
    set("projectId", projectId)
    code(2)
    for(let sqlInstance of iterate(template.sqlInstances)){
      set("sqlInstance", sqlInstance)
      code(3)
    }
  }


self-contained: true


code:
  - engine:
      - sh
      - bash
    source: |
      gcloud projects list --format="json(projectId)"


    extractors:
      - type: json
        name: projectIds
        internal: true
        json:
          - '.[].projectId'


  - engine:
      - sh
      - bash
    source: |
      gcloud sql instances list --project $projectId --filter='DATABASE_VERSION:SQLSERVER*' --format="json(name)"


    extractors:
      - type: json
        name: sqlInstances
        internal: true
        json:
          - '.[].name'


  - engine:
      - sh
      - bash
    source: |
      gcloud sql instances describe $sqlInstance --project $projectId --format=json | jq '.settings.databaseFlags // [] | map(select(.name=="3625")) | .[].value'


    matchers:
      - type: word
        words:
          - 'on'


    extractors:
      - type: dsl
        dsl:
          - '"The 3625 trace flag is enabled for SQL Server instance " + sqlInstance + " in project " + projectId'
# digest: 4a0a00473045022100fabf4bdd0819f315ded887e8fbfa2e43433ee540e0f7949cd3f5c6e6b53a8e1202203391c86be2aa663853a2015113b1eecacbaed38eaee1ecebba88e7d9c0729712:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "cloud/gcp/sql/gcloud-sql-trace-3625-enabled.yaml"

View on Github