SQL DB Instance With SSL Disabled
- Query id: d0f7da39-a2d5-4c78-bb85-4b7f338b3cbb
- Query name: SQL DB Instance With SSL Disabled
- Platform: Ansible
- Severity: High
- Category: Encryption
- CWE: Ongoing
- URL: Github
Description¶
Cloud SQL Database Instance should have SSL enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: create a instance
google.cloud.gcp_sql_instance:
name: "{{ resource_name }}-2"
region: us-central1
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
- name: create a second instance
google.cloud.gcp_sql_instance:
name: "{{ resource_name }}-2"
settings:
tier: db-n1-standard-1
region: us-central1
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
- name: create a third instance
google.cloud.gcp_sql_instance:
name: "{{ resource_name }}-2"
settings:
ip_configuration:
authorized_networks:
- name: google dns server
value: 8.8.8.8/32
tier: db-n1-standard-1
region: us-central1
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
- name: create a forth instance
google.cloud.gcp_sql_instance:
name: "{{ resource_name }}-2"
settings:
ip_configuration:
require_ssl: no
authorized_networks:
- name: google dns server
value: 8.8.8.8/32
tier: db-n1-standard-1
region: us-central1
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: create a instance
google.cloud.gcp_sql_instance:
name: '{{ resource_name }}-2'
settings:
ip_configuration:
require_ssl: yes
authorized_networks:
- name: google dns server
value: 8.8.8.8/32
tier: db-n1-standard-1
region: us-central1
project: test_project
auth_kind: serviceaccount
service_account_file: /tmp/auth.pem
state: present