Merge pull request #323 from accurics/fix-check-ip-forward

fixed checkIpForward rule (gcp)
tenable · Sep 14, 2020 · 1a90445 · 1a90445
2 parents cbe6c35 + 688b7d1
commit 1a90445
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 5 deletions.
diff --git a/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.130.json b/pkg/policies/opa/rego/gcp/google_compute_instance/accurics.gcp.NS.130.json
@@ -1,10 +1,14 @@
 {
     "name": "checkIpForward",
     "file": "checkIpForward.rego",
-    "template_args": null,
+    "template_args": {
+        "name": "checkIpForward",
+        "prefix": "",
+        "suffix": ""
+    },
     "severity": "MEDIUM",
     "description": "Ensure IP forwarding is not enabled on Instances.",
     "reference_id": "accurics.gcp.NS.130",
     "category": "Network Security",
     "version": 1
-}
+}
diff --git a/pkg/policies/opa/rego/gcp/google_compute_instance/checkIpForward.rego b/pkg/policies/opa/rego/gcp/google_compute_instance/checkIpForward.rego
@@ -1,7 +1,8 @@
 package accurics
 
-checkIpForward[api.id]
+{{.prefix}}{{.name}}{{.suffix}}[api.id]
 {
      api := input.google_compute_instance[_]
-     not api.config.can_ip_forward == true
-}
+     api.config.can_ip_forward == true
+}
+