admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-16 15:43:29 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
e2e9901bf9ec94de03e5ed7490847aac0ccbc598
nuclei-templates/cloud/gcp/loadbalancing/gcloud-lb-backend-unsecured.yaml
Prince Chaddha ea7a5969c8 Revert "chore: update TemplateMan 🤖" 
This reverts commit c31d574176.
2025-05-27 10:39:47 +08:00

89 lines
2.7 KiB
YAML
Raw Blame History

id: gcloud-lb-backend-unsecured
info:
name: Unsecured Backend Services in Google Cloud Load Balancers
author: princechaddha
severity: medium
description: |
Ensure that the backend services associated with your Google Cloud load balancers are protected with edge security policies provided by the Cloud Armor service in order to shield your backend services from a range of potential attacks. Edge security policies let you control access to your cloud resources at the Google Cloud Platform (GCP) network edge.
impact: |
Without edge security policies, backend services are vulnerable to a variety of network-based attacks, which can compromise data integrity and availability.
remediation: |
Attach an edge security policy to your backend services via the Google Cloud Console or using the Cloud Armor APIs to enhance security at your network's edge.
reference:
- https://cloud.google.com/armor/docs/security-policy-overview
tags: cloud,devops,gcp,gcloud,google-cloud-load-balancer,gcp-cloud-config
flow: |
code(1)
for(let projectId of iterate(template.projectIds)){
set("projectId", projectId)
code(2)
for(let urlMapName of iterate(template.urlMaps)){
set("urlMapName", urlMapName)
code(3)
for(let backendService of iterate(template.backendServices)){
set("backendService", backendService)
code(4)
}
}
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
gcloud projects list --format="json(projectId)"
extractors:
- type: json
name: projectIds
internal: true
json:
- '.[].projectId'
- engine:
- sh
- bash
source: |
gcloud compute url-maps list --project $projectId --format="json(name)"
extractors:
- type: json
name: urlMaps
internal: true
json:
- '.[].name'
- engine:
- sh
- bash
source: |
gcloud compute url-maps describe $urlMapName --format="json(defaultService)"
extractors:
- type: json
name: backendServices
internal: true
json:
- '.defaultService'
- engine:
- sh
- bash
source: |
gcloud compute backend-services describe $backendService --format="json(securityPolicy)"
matchers:
- type: word
words:
- 'null'
extractors:
- type: dsl
dsl:
- '"Unsecured Backend Service " + backendService + " for URL Map " + urlMapName + " in Project " + projectId'
# digest: 490a004630440220279358e65ac5b963edec13c94cb6c092c5cd7bb5efc2d6556cf1a14174d428060220347ee3311f47662b5d3cdf9870d49478b018f98ddf6703f283187f7878c26d69:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink