feat(query): implemented query to cover "Ensure Legacy Networks Do Not Exist For Older Project" for terraform/gcp

[cx-ricardo-jesus]

Reason for Proposed Changes

• Currently, no query for Terraform/GCP checks if legacy networks do not exist for older projects.

Proposed Changes

• Implemented the query that returns a positive result when the field auto_create_subnetworks is not defined ir is set to true, when it's associated with a resource of type google_project through the field project or when this field is missing, through the provider defined on the template.
• The query implementation consists of two policies.
• The first policy is for the cases when the project field is defined inside the resource of type google_compute_network. In these cases, the field project is defined on the following syntax google_project.<GOOGLE_PROJECT_NAME>.id. So the policy just checks if the google project resource name is the same as the one referenced on the field and if it is, it returns a positive result if the field auto_create_subnetworks is not defined or is defined to true.
• The second policy, is for the cases when the project field is not defined inside the google_compute_network resource, and in these scenarios, the resource uses the value present on the provider(for this case, it can be google or google-beta). in all the examples found through some research, the provider is defined with the following syntax:

provider "google" {
  project = "my-project-id"
  region  = "us-central1"
}

• The value on the project field, inside the provider declaration, has to have the same value as the value present on the field project_id from the google_project resource, which differs from the first case, which uses the name of thegoogle_project resource.
• Choosed the severity MEDIUM, since a similar query also has this severity.
• The CWE that seemed the most suited for this case is the CWE CWE: 276 - Incorrect Default Permissions, because the default value of the field auto_create_subnetworks is unsafe.
• NOTE: after further investigation, some information about the default value of the field auto_create_subnetworks was found on the google terraform provider official git repository, and its default value is set to true which should return a positive result.

I submit this contribution under the Apache-2.0 license.

[github-actions]

KICS version: v2.1.17

Category Results CRITICAL 0 HIGH 0 MEDIUM 0 LOW 0 INFO 0 TRACE 0 TOTAL 0	Metric Values Files scanned 1 Files parsed 1 Files failed to scan 0 Total executed queries 47 Queries failed to execute 0 Execution time 0

[cx-eduardo-semanas]

You should update the assets/similarityID_transition/terraform_gcp.yaml file with a new entry corresponding to this query with change: 2

[cx-eduardo-semanas]

LGTM

[cx-eduardo-semanas]

LGTM

[cx-eduardo-semanas]

LGTM