Control: Cloud Armor prevents message lookup in Log4j2

powerpipe control run terraform_gcp_compliance.control.compute_security_policy_prevent_message_lookup

powerpipe login
powerpipe control run terraform_gcp_compliance.control.compute_security_policy_prevent_message_lookup --share

select
  address as resource,
  case
    when jsonb_typeof(attributes_std -> 'rule') = 'object' and ((attributes_std -> 'rule' -> 'match' -> 'expr' ->> 'expression' <> 'evaluatePreconfiguredExpr(''cve-canary'')') or (attributes_std -> 'rule' ->> 'action' = 'allow') or (attributes_std -> 'rule' ->> 'preview' = 'true')) then 'alarm'
    when jsonb_typeof(attributes_std -> 'rule') = 'array' and exists(select 1 from jsonb_array_elements(attributes_std -> 'rule') as rules where ((rules -> 'match' -> 'expr' ->> 'expression' <> 'evaluatePreconfiguredExpr(''cve-canary'')') or (rules ->> 'action' = 'allow') or (rules ->> 'preview' = 'true'))) then 'alarm'
    else 'ok'
  end status,
  split_part(address, '.', 2) || case
    when jsonb_typeof(attributes_std -> 'rule') = 'object' and ((attributes_std -> 'rule' -> 'match' -> 'expr' ->> 'expression' <> 'evaluatePreconfiguredExpr(''cve-canary'')') or (attributes_std -> 'rule' ->> 'action' = 'allow') or (attributes_std -> 'rule' ->> 'preview' = 'true')) then ' does not prevent message lookup'
    when jsonb_typeof(attributes_std -> 'rule') = 'array' and exists(select 1 from jsonb_array_elements(attributes_std -> 'rule') as rules where ((rules -> 'match' -> 'expr' ->> 'expression' <> 'evaluatePreconfiguredExpr(''cve-canary'')') or (rules ->> 'action' = 'allow') or (rules ->> 'preview' = 'true'))) then ' does not prevent message lookup'
    else ' prevents message lookup'
  end || '.' reason
  
  , path || ':' || start_line
from
  terraform_resource
where
  type = 'google_compute_security_policy';