bug(compute): false positive for egress ports on GCP

[manuelbernhardt]

IDs

AVD-GCP-0035

Description

Misconfiguration is detected even though destination_ranges is specified. Perhaps this is related to the destination_ranges values being computed dynamically.

Reproduction Steps

locals {
  allowed_egress_ips = toset([
    for ip in flatten([for domain in var.allowed_egress_domains : try(data.dns_a_record_set.allowed_domains[domain].addrs, [])]) : "${ip}/32"
  ])
}

data "dns_a_record_set" "allowed_domains" {
  for_each = toset(["www.google.com", "www.aquasec.com"])
  host     = each.value
}


resource "google_compute_firewall" "reproducer" {
  name        = "egress-rule"
  network     = "default"
  project     = "project"
  description = "Allow outbound TCP traffic on port 443"
  direction   = "EGRESS"
  priority    = 1000

  allow {
    protocol = "tcp"
    ports    = ["443"]
  }

  destination_ranges = local.allowed_egress_ips
  target_tags        = ["twingate-connector-${var.environment}"]
}

Target

Filesystem

Scanner

Misconfiguration

Target OS

No response

Debug Output

AVD-GCP-0035 (CRITICAL): Firewall rule allows unrestricted egress to any IP address.
═══════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════════
Opening up ports to connect out to the public internet is generally to be avoided. You should restrict access to IP addresses or ranges that are explicitly required where possible.


See https://avd.aquasec.com/misconfig/avd-gcp-0035
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 modules/twingate/main.tf:144-158
   via production/main.tf:17-25 (module.twingate)
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
 144 ┌ resource "google_compute_firewall" "twingate_allow_egress_udp" {
 145 │   name        = "twingate-allow-egress-udp-${var.environment}"
 146 │   network     = var.gcp_network_id
 147 │   project     = var.gcp_project_id
 148 │   description = "Allow all outbound UDP traffic for Twingate connectors"
 149 │   direction   = "EGRESS"
 150 │   priority    = 1000
 151 │
 152 └   allow {
 ...
───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Version

Version: 0.68.2
Vulnerability DB:
  Version: 2
  UpdatedAt: 2025-11-19 06:25:13.689698917 +0000 UTC
  NextUpdate: 2025-11-20 06:25:13.689698627 +0000 UTC
  DownloadedAt: 2025-11-19 08:01:56.256788 +0000 UTC
Java DB:
  Version: 1
  UpdatedAt: 2025-11-17 00:57:32.898348603 +0000 UTC
  NextUpdate: 2025-11-20 00:57:32.898348483 +0000 UTC
  DownloadedAt: 2025-11-17 08:32:30.946413 +0000 UTC
Check Bundle:
  Digest: sha256:0491169789b867ae5a7353381220c1d4d97b3a0d6d9dfd84a25d06f0ba68aa93
  DownloadedAt: 2026-01-29 19:23:56.208559 +0000 UTC

Checklist

• Read the documentation regarding wrong detection
• Ran Trivy with -f json that shows data sources and confirmed that the security advisory in data sources was correct

[nikpivkin]

Hi @manuelbernhardt !

Trivy uses static analysis, so evaluating configurations that rely on data blocks dependent on cloud state is limited—this is a known limitation.

In your example, the value of the expression data.dns_a_record_set.allowed_domains[domain].addrs is unknown because Trivy does not execute provider queries. As a result, the try function returns an empty list, and the allowed_egress_ips variable ends up being empty, which can lead to false positives. From a static analysis perspective, this behavior is correct. If, for instance, the try function were absent and the expression used data.dns_a_record_set.allowed_domains[domain].addrs directly, the allowed_egress_ips variable would be unknown, causing the AVD-GCP-0035 check to not trigger.

You can safely ignore this check for this resource using the following rule:

# trivy:ignore:GCP-0035
resource "google_compute_firewall" "reproducer" {

Or # trivy:ignore:AVD-GCP-0035 if you are using Trivy < 0.69.0.