feat(query): implements "Beta - SQL DB Instance With Contained Database Authentication"

[cx-andre-pereira]

Reason for Proposed Changes

• Currently there is no query to ensure that a "google_sql_database_instance" resource with a "SQLSERVER" based "database_version" has the 'contained database authentication' flag set to "off".

• Quoting CIS_Google_Cloud_Platform_Foundation_Benchmark_v4.0.0 page 262: "When contained databases are enabled, database users with the ALTER ANY USER permission, such as members of the db_owner and db_accessadmin database roles, can grant access to databases and by doing so, grant access to the instance of SQL Server. This means that control over access to the server is no longer limited to members of the sysadmin and securityadmin fixed server role, and logins with the server level CONTROL SERVER and ALTER ANY LOGIN permission. It is recommended to set contained database authentication database flag for Cloud SQL on the SQL Server instance to off.

Proposed Changes

• Implemented the missing query.
• The query will flag for a specific instance : (after ensuring "database_version" is SQLSERVER based (possible values list))
  • Setting the "contained database authentication" flag to a value that is not "off" (default value is off)

Tenable reference

I submit this contribution under the Apache-2.0 license.

[github-actions]

KICS version: v2.1.13

Category Results CRITICAL 0 HIGH 0 MEDIUM 0 LOW 0 INFO 0 TRACE 0 TOTAL 0	Metric Values Files scanned 1 Files parsed 1 Files failed to scan 0 Total executed queries 47 Queries failed to execute 0 Execution time 0

[cx-artur-ribeiro]

Just quality of life changes.
AppSec will review these queries so it's not the most critical issue, but let me know what you think.