SQL DB Instance With SSL Disabled
- Query id: 02474449-71aa-40a1-87ae-e14497747b00
- Query name: SQL DB Instance With SSL Disabled
- Platform: Terraform
- Severity: High
- Category: Encryption
- CWE: Ongoing
- URL: Github
Description¶
Cloud SQL Database Instance should have SSL enabled
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "google_sql_database_instance" "positive1" {
provider = google-beta
name = "private-instance-${random_id.db_name_suffix.hex}"
region = "us-central1"
depends_on = [google_service_networking_connection.private_vpc_connection]
settings {
tier = "db-f1-micro"
}
}
resource "google_sql_database_instance" "positive2" {
provider = google-beta
name = "private-instance-${random_id.db_name_suffix.hex}"
region = "us-central1"
depends_on = [google_service_networking_connection.private_vpc_connection]
settings {
tier = "db-f1-micro"
ip_configuration {
ipv4_enabled = false
private_network = google_compute_network.private_network.id
}
}
}
resource "google_sql_database_instance" "positive3" {
provider = google-beta
name = "private-instance-${random_id.db_name_suffix.hex}"
region = "us-central1"
depends_on = [google_service_networking_connection.private_vpc_connection]
settings {
tier = "db-f1-micro"
ip_configuration {
ipv4_enabled = false
private_network = google_compute_network.private_network.id
require_ssl = false
}
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "google_sql_database_instance" "negative1" {
provider = google-beta
name = "private-instance-${random_id.db_name_suffix.hex}"
region = "us-central1"
depends_on = [google_service_networking_connection.private_vpc_connection]
settings {
tier = "db-f1-micro"
ip_configuration {
ipv4_enabled = false
private_network = google_compute_network.private_network.id
require_ssl = true
}
}
}