Unrestricted Databricks ACL
- Query id: 2c4fe4a9-f44b-4c70-b09b-5b75cd251805
- Query name: Unrestricted Databricks ACL
- Platform: Terraform
- Severity: High
- Category: Networking and Firewall
- URL: Github
Description¶
ACL allow ingress from 0.0.0.0/0 and/or ::/0
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "databricks_workspace_conf" "positive1" {
custom_config = {
"enableIpAccessLists" : true
}
}
resource "databricks_ip_access_list" "positive1" {
label = "allow_in"
list_type = "ALLOW"
ip_addresses = [
"0.0.0.0/0",
"1.2.5.0/24"
]
depends_on = [databricks_workspace_conf.positive1]
}
Positive test num. 2 - tf file
resource "databricks_workspace_conf" "positive2" {
custom_config = {
"enableIpAccessLists" : true
}
}
resource "databricks_ip_access_list" "positive2" {
label = "allow_in"
list_type = "ALLOW"
ip_addresses = [
"::/0",
"1.2.5.0/24"
]
depends_on = [databricks_workspace_conf.positive2]
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "databricks_workspace_conf" "negative" {
custom_config = {
"enableIpAccessLists" : true
}
}
resource "databricks_ip_access_list" "negative" {
label = "allow_in"
list_type = "ALLOW"
ip_addresses = [
"1.2.3.0/24",
"1.2.5.0/24"
]
depends_on = [databricks_workspace_conf.negative]
}