SSL Enforce Disabled
- Query id: 0437633b-daa6-4bbc-8526-c0d2443b946e
- Query name: SSL Enforce Disabled
- Platform: Terraform
- Severity: High
- Category: Encryption
- URL: Github
Description¶
Make sure that for PosgreSQL, the 'Enforce SSL connection' is set to 'ENABLED'
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_postgresql_server" "positive1" {
name = "example-psqlserver"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
administrator_login = "psqladminun"
administrator_login_password = "H@Sh1CoR3!"
sku_name = "GP_Gen5_4"
version = "9.6"
storage_mb = 640000
backup_retention_days = 7
geo_redundant_backup_enabled = true
auto_grow_enabled = true
public_network_access_enabled = false
ssl_enforcement_enabled = false
ssl_minimal_tls_version_enforced = "TLS1_2"
}
resource "azurerm_postgresql_server" "positive2" {
name = "example-psqlserver"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
administrator_login = "psqladminun"
administrator_login_password = "H@Sh1CoR3!"
sku_name = "GP_Gen5_4"
version = "9.6"
storage_mb = 640000
backup_retention_days = 7
geo_redundant_backup_enabled = true
auto_grow_enabled = true
public_network_access_enabled = false
ssl_minimal_tls_version_enforced = "TLS1_2"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_postgresql_server" "negative1" {
name = "example-psqlserver"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
administrator_login = "psqladminun"
administrator_login_password = "H@Sh1CoR3!"
sku_name = "GP_Gen5_4"
version = "9.6"
storage_mb = 640000
backup_retention_days = 7
geo_redundant_backup_enabled = true
auto_grow_enabled = true
public_network_access_enabled = false
ssl_enforcement_enabled = true
ssl_minimal_tls_version_enforced = "TLS1_2"
}