chore: add oraclecloud/database metadata update to changelog

prowler/CHANGELOG.md

@@ -83,6 +83,8 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Update AWS ECS service metadata to new format [(#8888)](https://github.com/prowler-cloud/prowler/pull/8888)
 - Update AWS Kinesis service metadata to new format [(#9262)](https://github.com/prowler-cloud/prowler/pull/9262)
 - Update AWS DocumentDB service metadata to new format [(#8862)](https://github.com/prowler-cloud/prowler/pull/8862)
+- Update oraclecloud database service metadata to new format [(#9372)](https://github.com/prowler-cloud/prowler/pull/9372)
+
 
 ### Fixed
 - Check `check_name` has no `resource_name` error for GCP provider [(#9169)](https://github.com/prowler-cloud/prowler/pull/9169)

prowler/providers/oraclecloud/services/database/database_autonomous_database_access_restricted/database_autonomous_database_access_restricted.metadata.json

@@ -1,34 +1,38 @@
 {
   "Provider": "oraclecloud",
   "CheckID": "database_autonomous_database_access_restricted",
-  "CheckTitle": "Ensure Oracle Autonomous Shared Database (ADB) access is restricted or deployed within a VCN",
-  "CheckType": [
-    "Software and Configuration Checks",
-    "Industry and Regulatory Standards",
-    "CIS OCI Foundations Benchmark"
-  ],
+  "CheckTitle": "Oracle Autonomous Shared Database (ADB) is deployed within a VCN or restricts public access with whitelisted IPs excluding 0.0.0.0/0",
+  "CheckType": [],
   "ServiceName": "database",
   "SubServiceName": "",
-  "ResourceIdTemplate": "oci:database:autonomousdatabase",
+  "ResourceIdTemplate": "",
   "Severity": "high",
   "ResourceType": "AutonomousDatabase",
-  "Description": "Autonomous Shared Database instances should either have IP whitelisting configured or be deployed within a VCN to restrict network access and improve security posture.",
-  "Risk": "Public or unrestricted Autonomous Database access increases the attack surface and risk of unauthorized access.",
-  "RelatedUrl": "https://docs.oracle.com/en/cloud/paas/autonomous-database/adbsa/autonomous-private-endpoints.html",
+  "Description": "**Autonomous Database (shared)** network exposure is evaluated: instances are treated as restricted when using a **VCN private endpoint** or when **ACLs** allow only specified IPs/VCNs. It identifies configurations with no ACL and no VCN, or ACLs permitting `0.0.0.0/0`.",
+  "Risk": "With **open access**, attackers can probe endpoints, brute-force credentials, or abuse leaked wallets to connect.\n\nImpact:\n- Confidentiality: unauthorized queries and data exfiltration\n- Integrity: malicious changes\n- Availability: heavy queries or scans causing service disruption",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://docs.oracle.com/en/cloud/paas/autonomous-database/adbsa/autonomous-private-endpoints.html",
+    "https://mjromeo81.com/2020/12/24/oracle-autonomous-database-setting-up-acls-and-private-endpoints/",
+    "https://mjromeo81.com/category/cloud/autonomous-database/",
+    "https://icodealot.com/dbtools-connections-with-adb-access-control-list/",
+    "https://www.oracle.com/cloud/networking/private-endpoint/supported-services/"
+  ],
   "Remediation": {
     "Code": {
-      "CLI": "oci db autonomous-database create-private-endpoint --autonomous-database-id <adb-ocid> --subnet-id <subnet-ocid>",
+      "CLI": "oci db autonomous-database update --autonomous-database-id <adb-ocid> --is-access-control-enabled true --whitelisted-ips '[\"<ALLOWED_IP_OR_CIDR>\"]'",
       "NativeIaC": "",
-      "Other": "1. Navigate to Autonomous Database\n2. Select the database instance\n3. Click 'More Actions' → 'Update'\n4. Under Network Access, select 'Private endpoint access only'\n5. Configure VCN and subnet for private endpoint\n6. Alternatively, configure Access Control List (ACL) with specific IP addresses",
-      "Terraform": "resource \"oci_database_autonomous_database\" \"adb\" {\n  compartment_id = var.compartment_id\n  db_name = \"MyADB\"\n  display_name = \"My Autonomous Database\"\n  is_free_tier = false\n  db_workload = \"OLTP\"\n  whitelisted_ips = [\"10.0.0.0/24\"]\n  nsg_ids = [oci_core_network_security_group.adb_nsg.id]\n  subnet_id = oci_core_subnet.private_subnet.id\n}"
+      "Other": "1. In OCI Console, go to Autonomous Database and select the instance\n2. Click More Actions > Update\n3. Under Network Access, enable Access control list (ACL)\n4. Add an allowed IP/CIDR (exclude 0.0.0.0/0) and remove any 0.0.0.0/0 entry\n5. Click Save",
+      "Terraform": "```hcl\nresource \"oci_database_autonomous_database\" \"<example_resource_name>\" {\n  is_access_control_enabled = true                 # Critical: enable ACLs to restrict public access\n  whitelisted_ips           = [\"<ALLOWED_IP_OR_CIDR>\"]  # Critical: allow only specific IP/CIDR; do not use 0.0.0.0/0\n}\n```"
     },
     "Recommendation": {
-      "Text": "Deploy Autonomous Databases within a VCN using private endpoints or configure strict IP whitelisting to restrict access.",
-      "Url": "https://hub.prowler.com/check/oci/database_autonomous_database_access_restricted"
+      "Text": "Prefer **VCN private endpoints** to eliminate internet exposure. If public access is required, enforce **least privilege** by limiting ACLs to specific CIDRs or VCNs; never use `0.0.0.0/0`.\n\nAdd **defense in depth** with NSGs and private connectivity (VPN/peering), monitor access, and rotate client wallets regularly.",
+      "Url": "https://hub.prowler.com/check/database_autonomous_database_access_restricted"
     }
   },
   "Categories": [
-    "network-security"
+    "internet-exposed",
+    "trust-boundaries"
   ],
   "DependsOn": [],
   "RelatedTo": [],