HTTP Port Open To Internet
- Query id: a14ad534-acbe-4a8e-9404-2f7e1045646e
- Query name: HTTP Port Open To Internet
- Platform: Ansible
- Severity: High
- Category: Networking and Firewall
- URL: Github
Description¶
The HTTP port is open to the internet in a Security Group
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: example ec2 group1
amazon.aws.ec2_group:
name: example
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
from_port: 67
to_port: 82
cidr_ip: 0.0.0.0/0
- name: example ec2 group2
amazon.aws.ec2_group:
name: example2
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
ports: 80
cidr_ip: 0.0.0.0/0
- name: example ec2 group3
amazon.aws.ec2_group:
name: example3
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
ports: 79-90
cidr_ip: 0.0.0.0/0
- name: example ec2 group4
amazon.aws.ec2_group:
name: example4
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
ports:
- 100
- 70-90
cidr_ip: 0.0.0.0/0
- name: example ec2 group5
amazon.aws.ec2_group:
name: example5
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
ports:
- 80
- 30-31
cidr_ip: 0.0.0.0/0
- name: example ec2 group6
amazon.aws.ec2_group:
name: example
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
from_port: -1
to_port: 82
cidr_ip: 0.0.0.0/0
- name: example ec2 group7
amazon.aws.ec2_group:
name: example
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
from_port: 67
to_port: -1
cidr_ip: 0.0.0.0/0
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: example ec2 group1
amazon.aws.ec2_group:
name: example
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
from_port: 67
to_port: 82
cidr_ip: 0.0.0.0/1
- name: example ec2 group2
amazon.aws.ec2_group:
name: example2
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
ports: 80
cidr_ip: 0.0.1.0/0
- name: example ec2 group3
amazon.aws.ec2_group:
name: example3
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
ports: 79-90
cidr_ip: 0.1.0.0/0
- name: example ec2 group4
amazon.aws.ec2_group:
name: example3
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
ports:
- 100
- 70-90
cidr_ip: 10.0.0.0/0
- name: example ec2 group5
amazon.aws.ec2_group:
name: example5
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
ports:
- 80
- 30-31
cidr_ip: 0.0.0.0/10
- name: example ec2 group6
amazon.aws.ec2_group:
name: example
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
from_port: -1
to_port: 82
cidr_ip: 0.1.0.0/0
- name: example ec2 group7
amazon.aws.ec2_group:
name: example
description: an example EC2 group
vpc_id: 12345
region: eu-west-1
aws_secret_key: SECRET
aws_access_key: ACCESS
rules:
- proto: tcp
from_port: 67
to_port: -1
cidr_ip: 1.0.0.0/0