🧠 Google GCE Network allows unrestricted traffic to OracleDB - prod.logic.yaml🟢
- Contextual name: 🧠 prod.logic.yaml🟢
- ID:
/ce/ca/google/vpc/network-oracledb-access/prod.logic.yaml - Tags:
Uses
Test Results 🟢
Generated at: 2025-10-25T12:03:00.787951799Z Open
| Result | Id | Condition Index | Condition Text | Runtime Error |
|---|---|---|---|---|
| 🟢 | a4b0e1 | ✔️ 200 | ✔️ otherwise | ✔️ null |
| 🟢 | a4b0e12 | ✔️ 200 | ✔️ otherwise | ✔️ null |
| 🟢 | a4b0e13 | ✔️ 200 | ✔️ otherwise | ✔️ null |
| 🟢 | a4b0e14 | ✔️ 200 | ✔️ otherwise | ✔️ null |
| 🟢 | a4b0e16 | ✔️ 199 | ✔️ CA10__Google_GCE_Firewall_Rules__r.has(INCOMPLIANT) | ✔️ null |
| 🟢 | a4b0e17 | ✔️ 199 | ✔️ CA10__Google_GCE_Firewall_Rules__r.has(INCOMPLIANT) | ✔️ null |
| 🟢 | a4b0e18 | ✔️ 199 | ✔️ CA10__Google_GCE_Firewall_Rules__r.has(INCOMPLIANT) | ✔️ null |
| 🟢 | a4b0e19 | ✔️ 199 | ✔️ CA10__Google_GCE_Firewall_Rules__r.has(INCOMPLIANT) | ✔️ null |
Generation Bundle
| File | MD5 | |
|---|---|---|
| Open | /ce/ca/google/vpc/network-oracledb-access/policy.yaml | 4BA0220543219599DE38A48453CB3709 |
| Open | /ce/ca/google/vpc/network-oracledb-access/prod.logic.yaml | 80F51E8C88446DC36F816937397BAE09 |
| Open | /ce/ca/google/vpc/network-oracledb-access/test-data.json | C53880F01CE8DDEDED5926B6B6C1CB7D |
| Open | /types/CA10__CaGoogleGceFirewallRule__c/object.extracts.yaml | AE08F20196B487A130FB166DA77692D3 |
Available Commands
repo-manager policies generate FULL /ce/ca/google/vpc/network-oracledb-access/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/google/vpc/network-oracledb-access/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/google/vpc/network-oracledb-access/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/google/vpc/network-oracledb-access/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/google/vpc/network-oracledb-access/prod.logic.yaml
Content
---
inputType: "CA10__CaGoogleGceNetwork__c"
testData:
- file: test-data.json
conditions:
- status: "INCOMPLIANT"
currentStateMessage: "The Network has GCE Firewall Rules which allow unrestricted OracleDB access."
remediationMessage: "Modify the firewall rule to remove unrestricted access."
check:
RELATED_LIST_HAS:
status: "INCOMPLIANT"
relationshipName: "CA10__Google_GCE_Firewall_Rules__r"
otherwise:
status: "COMPLIANT"
currentStateMessage: "OracleDB access is restricted from the internet."
relatedLists:
- relationshipName: "CA10__Google_GCE_Firewall_Rules__r"
importExtracts:
- file: /types/CA10__CaGoogleGceFirewallRule__c/object.extracts.yaml
conditions:
- status: "INAPPLICABLE"
currentStateMessage: "This is not an ingress security firewall rule."
check:
NOT_EQUAL:
left:
EXTRACT: "CA10__direction__c"
right:
TEXT: "INGRESS"
- status: "INAPPLICABLE"
currentStateMessage: "This security firewall rule does not allow unrestricted access."
check:
AND:
args:
- NOT_EQUAL:
left:
EXTRACT: "CA10__sourceRanges__c"
right:
TEXT: "0.0.0.0/0"
- NOT_EQUAL:
left:
EXTRACT: "CA10__sourceRanges__c"
right:
TEXT: "::/0"
- status: "INCOMPLIANT"
currentStateMessage: "This firewall rule is unrestricted."
remediationMessage: "Modify the firewall rule."
check:
GREATER_THAN:
left:
JSON_QUERY_NUMBER:
arg:
EXTRACT: "caJsonFrom__allowedProtocolsPortsJson__c"
expression: "length(ports[?((protocol=='tcp' || protocol=='udp') && (startPort=='2483' || endPort=='2483' || startPort=='2484' || endPort=='2484' || (startPort<'2483' && endPort>'2484'))) || ((protocol=='tcp') && (startPort=='1521' || endPort=='1521' || (startPort<'1521' && endPort>'1521')))])"
undeterminedIf:
evaluationError: "The JSON query failed."
resultTypeMismatch: "The JSON query did not return number type."
right:
NUMBER: 0.0
otherwise:
status: "COMPLIANT"
currentStateMessage: "This firewall rule does not allow unrestricted traffic to OracleDB ports."