checkov icon indicating copy to clipboard operation
checkov copied to clipboard

Published 20 hours ago verified publisher icon bridgecrewio

CKV_GCP_73 False positive finding

Open 1azunna opened this issue 10 months ago • 2 comments

Describe the issue CKV_GCP_73 reports a false-positive due to invalid matching. The pattern used in matching preconfigured rules is probably deprecated.

Examples

resource "google_compute_security_policy" "default" {
  name = "${var.service_name}-cloudrun-security-policy"

  rule {
    action      = "deny(403)"
    priority    = "1"
    description = "cve-canary"
    match {
      expr {
        expression = "evaluatePreconfiguredWaf('cve-canary')"
      }
    }
  }
}

Version (please complete the following information):

  • Checkov Version [3.2.74]

Additional context This could be resolved by changing evaluatePreconfiguredExpr('cve-canary') to evaluatePreconfiguredWaf('cve-canary')

1azunna avatar Apr 26 '24 11:04 1azunna

#4740 - Related Issue

1azunna avatar Apr 26 '24 11:04 1azunna

Hi @1azunna thank you for reaching out. valuatePreconfiguredExpr('cve-canary') is not deprecated. I have made changes in the code and waiting for the approval. Thanks

Ref: https://cloud.google.com/armor/docs/waf-rules#cves_and_other_vulnerabilities

https://github.com/bridgecrewio/checkov/pull/6217

naveednawazkhan avatar Apr 27 '24 00:04 naveednawazkhan

Okay great. Thank you

1azunna avatar May 01 '24 08:05 1azunna