User Options Flag Enabled in Google Cloud SQL Server Instances
ID: gcloud-sql-user-options
Severity: medium
Author: princechaddha
Tags: cloud,devops,gcp,gcloud,google-cloud-sql,sql-database-flags,gcp-cloud-config
Description
Section titled “Description”Checks if the “user options” database flag is configured for Google Cloud SQL Server instances, which can define global defaults for all database users.
YAML Source
Section titled “YAML Source”id: gcloud-sql-user-options
info: name: User Options Flag Enabled in Google Cloud SQL Server Instances author: princechaddha severity: medium description: | Checks if the "user options" database flag is configured for Google Cloud SQL Server instances, which can define global defaults for all database users. impact: | Configuring the "user options" database flag can lead to unintended global defaults for all database users, potentially causing performance issues or undesired behavior. remediation: | Disable the "user options" database flag for your Google Cloud SQL Server instances to avoid global defaults for all database users. reference: - https://cloud.google.com/sql/docs/sqlserver/configure-database-flags tags: cloud,devops,gcp,gcloud,google-cloud-sql,sql-database-flags,gcp-cloud-config
flow: | code(1) for(let projectId of iterate(template.projectIds)){ set("projectId", projectId) code(2) for(let sqlInstance of iterate(template.sqlInstances)){ set("sqlInstance", sqlInstance) code(3) }}
self-contained: true
code: - engine: - sh - bash source: | gcloud projects list --format="json(projectId)"
extractors: - type: json name: projectIds internal: true json: - '.[].projectId'
- engine: - sh - bash source: | gcloud sql instances list --project $projectId --filter='DATABASE_VERSION:SQLSERVER*' --format="json(name)"
extractors: - type: json name: sqlInstances internal: true json: - '.[]'
- engine: - sh - bash source: | gcloud sql instances describe $sqlInstance --format=json | jq '.settings.databaseFlags // [] | map(select(.name == "user options")) | .[].value'
matchers: - type: regex regex: - '^(?:100|[1-9][0-9]?)$'
extractors: - type: dsl dsl: - '"The user options database flag is enabled for the SQL Server instance " + sqlInstance + " in project " + projectId + "."'# digest: 490a0046304402203c01857319c55cdc041ae74ddabc606fb98272b5ee6587a17d4650a8a380bc8c02205286226ff88c4459f48beb977f4c2d228b79f3948431dfce05b9aa38fabc68a4:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "cloud/gcp/sql/gcloud-sql-user-options.yaml"