Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(cloudsql): add trusted client certificates case for cloudsql_instance_ssl_connections #6682

Merged
merged 1 commit into from
Jan 24, 2025
Merged

fix(cloudsql): add trusted client certificates case for cloudsql_instance_ssl_connections #6682

merged 1 commit into from
Jan 24, 2025

Conversation

puchy22
Copy link
Member

@puchy22 puchy22 commented Jan 24, 2025

Context

Check cloudsql_instance_ssl_connections was not supporting for trusted clients certificates that is a way of SSL connection.

Fix #6668

Description

  • Change check logic to only FAIL with unencrypted connections
  • Cover the case with tests.

Checklist

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@puchy22 puchy22 added backport-to-v3 Backport PR to the v3 branch backport-to-v4.6 Backport PR to the v4.6 branch labels Jan 24, 2025
@puchy22 puchy22 requested review from a team as code owners January 24, 2025 11:14
@github-actions github-actions bot added the provider/gcp Issues/PRs related with the Google Cloud Platform provider label Jan 24, 2025
@puchy22 puchy22 mentioned this pull request Jan 24, 2025
Closed
@puchy22 puchy22 changed the title fix: add trusted client certificates case fix(cloudsql): add trusted client certificates case for cloudsql_instance_ssl_connections Jan 24, 2025
@codecov Codecov
Copy link

codecov bot commented Jan 24, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 89.36%. Comparing base (86950c3) to head (524fa75).
Report is 2 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #6682      +/-   ##
==========================================
- Coverage   89.38%   89.36%   -0.02%     
==========================================
  Files        1182     1182              
  Lines       33816    33816              
==========================================
- Hits        30226    30221       -5     
- Misses       3590     3595       +5
Flag Coverage Δ
prowler 89.36% <100.00%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
prowler 89.36% <100.00%> (-0.02%) ⬇️
api ∅ <ø> (∅)

@puchy22 puchy22 added backport-to-v5.0 Backport PR to the v5.0 branch backport-to-v5.1 Backport PR to the v5.1 branch backport-to-v5.2 Backport PR to the v5.2 branch labels Jan 24, 2025
@ejohn20
Copy link

ejohn20 commented Jan 24, 2025

@puchy22 Looks great! This PR gives me a good idea of what the corresponding test case would need to look like. Thank you for adjusting that.

MrCloudSec
MrCloudSec approved these changes Jan 24, 2025
View reviewed changes
Copy link
Member

@MrCloudSec MrCloudSec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch!! 👏🏼👏🏼👏🏼👏🏼

@MrCloudSec MrCloudSec merged commit bcc246d into master Jan 24, 2025
15 of 16 checks passed
@MrCloudSec MrCloudSec deleted the PRWLR-6095-false-positive-in-cloudsql-instance-ssl-connections branch January 24, 2025 15:42
@prowler-bot prowler-bot mentioned this pull request Jan 24, 2025
Closed
@prowler-bot prowler-bot added the was-backported The PR was successfully backported to the target branch label Jan 24, 2025
This was referenced Jan 24, 2025
Merged
Merged
Merged
Merged
@prowler-bot
Copy link
Collaborator

💚 All backports created successfully

Status Branch Result
v3
v4.6
v5.0
v5.1
v5.2

Questions ?

Please refer to the Backport tool documentation and see the Github Action logs for details

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MrCloudSec MrCloudSec MrCloudSec approved these changes

Assignees
No one assigned
Labels
backport-to-v3 Backport PR to the v3 branch backport-to-v4.6 Backport PR to the v4.6 branch backport-to-v5.0 Backport PR to the v5.0 branch backport-to-v5.1 Backport PR to the v5.1 branch backport-to-v5.2 Backport PR to the v5.2 branch provider/gcp Issues/PRs related with the Google Cloud Platform provider was-backported The PR was successfully backported to the target branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

GCP cloudsql_instance_ssl_connections check false positive
4 participants
@puchy22 @ejohn20 @prowler-bot @MrCloudSec