🧠 Oracle IAAS Network Security Group allows unrestricted RDP traffic - prod.logic.yaml🟢

Contextual name: 🧠 prod.logic.yaml🟢
ID: /ce/ca/oracle/network/network-security-group-allows-unrestricted-rdp-traffic/prod.logic.yaml
Tags:
- 🟢 Logic test success
- 🟢 Logic with extracts
- 🟢 Logic with test data

Uses

Test Results 🟢

Generated at: 2026-05-02T12:07:27.043492198Z Open

Result	Id	Condition Index	Condition Text	Runtime Error
🟢	test1	✔️ `199`	✔️ `CA10O1__Oracle_IAAS_Network_Security_Group_Rules__r.has(INCOMPLIANT)`	✔️ `null`
🟢	test2	✔️ `200`	✔️ `otherwise`	✔️ `null`

Generation Bundle

	File	MD5
Open	`/ce/ca/oracle/network/network-security-group-allows-unrestricted-rdp-traffic/policy.yaml`	`D0066637F9A30E57C36A3DFB55372B9D`
Open	`/ce/ca/oracle/network/network-security-group-allows-unrestricted-rdp-traffic/prod.logic.yaml`	`DD740B5E044879826E3AC2A0CA9A033B`
Open	`/ce/ca/oracle/network/network-security-group-allows-unrestricted-rdp-traffic/test-data.json`	`95704BED6C6527A88AAAEEA74FCFBDC4`
Open	`/types/CA10O1__CaOracleIaasNetworkSecurityGroupRule__c/object.extracts.yaml`	`11138716137450A863FB5835E1C9375B`

Available Commands

repo-manager policies generate FULL /ce/ca/oracle/network/network-security-group-allows-unrestricted-rdp-traffic/prod.logic.yaml
repo-manager policies generate DEBUG /ce/ca/oracle/network/network-security-group-allows-unrestricted-rdp-traffic/prod.logic.yaml
repo-manager policies generate CAPTURE_TEST_DATA /ce/ca/oracle/network/network-security-group-allows-unrestricted-rdp-traffic/prod.logic.yaml
repo-manager policies generate TESTS /ce/ca/oracle/network/network-security-group-allows-unrestricted-rdp-traffic/prod.logic.yaml
# Execute tests
repo-manager policies test /ce/ca/oracle/network/network-security-group-allows-unrestricted-rdp-traffic/prod.logic.yaml

Content

Open File

---
inputType: "CA10O1__CaOracleIaasNetworkSecurityGroup__c"
testData:
  - file: "test-data.json"
conditions:
  - status: "INCOMPLIANT"
    currentStateMessage: "The network security group has ingress rules that allow unrestricted RDP access."
    remediationMessage: "Remove public RDP ingress or restrict it to approved source CIDRs."
    check:
      RELATED_LIST_HAS:
        status: "INCOMPLIANT"
        relationshipName: "CA10O1__Oracle_IAAS_Network_Security_Group_Rules__r"
otherwise:
  status: "COMPLIANT"
  currentStateMessage: "The network security group does not allow unrestricted RDP access."
relatedLists:
  - relationshipName: "CA10O1__Oracle_IAAS_Network_Security_Group_Rules__r"
    importExtracts:
      - file: "/types/CA10O1__CaOracleIaasNetworkSecurityGroupRule__c/object.extracts.yaml"
    conditions:
      - status: "INAPPLICABLE"
        currentStateMessage: "This is not an ingress rule."
        check:
          NOT_EQUAL:
            left:
              EXTRACT: "CA10O1__direction__c"
            right:
              TEXT: "INGRESS"
      - status: "INAPPLICABLE"
        currentStateMessage: "This ingress rule is not sourced from the internet."
        check:
          AND:
            args:
              - NOT_EQUAL:
                  left:
                    EXTRACT: "CA10O1__source__c"
                  right:
                    TEXT: "0.0.0.0/0"
              - NOT_EQUAL:
                  left:
                    EXTRACT: "CA10O1__source__c"
                  right:
                    TEXT: "::/0"
      - status: "INAPPLICABLE"
        currentStateMessage: "This ingress rule does not use ALL or TCP protocol."
        check:
          NOT:
            arg:
              CONTAINS:
                arg:
                  SET:
                    itemType: "TEXT"
                    items:
                      - "ALL"
                      - "TCP"
                search:
                  EXTRACT: "CA10O1__protocol__c"
      - status: "INCOMPLIANT"
        currentStateMessage: "This ingress rule allows RDP access from the internet."
        remediationMessage: "Remove this rule or restrict the source CIDR to approved administrative ranges."
        check:
          IS_EQUAL:
            left:
              EXTRACT: "CA10O1__protocol__c"
            right:
              TEXT: "ALL"
      - status: "INCOMPLIANT"
        currentStateMessage: "This ingress rule allows RDP access from the internet."
        remediationMessage: "Remove this rule or restrict the source CIDR to approved administrative ranges."
        check:
          AND:
            args:
              - IS_EQUAL:
                  left:
                    EXTRACT: "CA10O1__protocol__c"
                  right:
                    TEXT: "TCP"
              - OR:
                  args:
                    - AND:
                        args:
                          - IS_EMPTY:
                              arg:
                                EXTRACT: "CA10O1__destinationPortMin__c"
                          - IS_EMPTY:
                              arg:
                                EXTRACT: "CA10O1__destinationPortMax__c"
                    - AND:
                        args:
                          - LESS_THAN_EQUAL:
                              left:
                                EXTRACT: "CA10O1__destinationPortMin__c"
                              right:
                                NUMBER: 3389.0
                          - GREATER_THAN_EQUAL:
                              left:
                                EXTRACT: "CA10O1__destinationPortMax__c"
                              right:
                                NUMBER: 3389.0
    otherwise:
      status: "COMPLIANT"
      currentStateMessage: "This ingress rule does not allow unrestricted RDP access."

Uses​

Test Results 🟢​

Generation Bundle​

Available Commands​

Content​

Uses

Test Results 🟢

Generation Bundle

Available Commands

Content