Redis Cache Allows Non SSL Connections
- Query id: 6c7cfec3-c686-4ed2-bf58-a1ec054b63fc
- Query name: Redis Cache Allows Non SSL Connections
- Platform: Crossplane
- Severity: Medium
- Category: Encryption
- URL: Github
Description¶
Redis Cache resource should not allow non-SSL connections.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - yaml file
apiVersion: cache.azure.crossplane.io/v1beta1
kind: Redis
metadata:
name: azureRedis3
spec:
providerConfigRef:
name: crossplane-azure
forProvider:
location: West Europe
sku:
name: Basic
family: C
capacity: 0
enableNonSslPort: true
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
apiVersion: cache.azure.crossplane.io/v1beta1
kind: Redis
metadata:
name: azureRedis
spec:
providerConfigRef:
name: crossplane-azure
forProvider:
location: West Europe
sku:
name: Basic
family: C
capacity: 0
enableNonSslPort: false
---
apiVersion: cache.azure.crossplane.io/v1beta1
kind: Redis
metadata:
name: azureRedis2
spec:
providerConfigRef:
name: crossplane-azure
forProvider:
location: West Europe
sku:
name: Basic
family: C
capacity: 0