MySQL SSL Connection Disabled

  • Query id: 2a901825-0f3b-4655-a0fe-e0470e50f8e6
  • Query name: MySQL SSL Connection Disabled
  • Platform: Ansible
  • Severity: Medium
  • Category: Encryption
  • CWE: 319
  • URL: Github

Description

Make sure that for MySQL Database Server, 'Enforce SSL connection' is enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
---
- name: Create (or update) MySQL Server
  azure.azcollection.azure_rm_mysqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    version: 5.6
    admin_username: cloudsa
    admin_password: password
- name: Create (or update) MySQL Server2
  azure.azcollection.azure_rm_mysqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    enforce_ssl: false
    version: 5.6
    admin_username: cloudsa
    admin_password: password

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Create (or update) MySQL Server
  azure.azcollection.azure_rm_mysqlserver:
    resource_group: myResourceGroup
    name: testserver
    sku:
      name: B_Gen5_1
      tier: Basic
    location: eastus
    storage_mb: 1024
    enforce_ssl: true
    version: 5.6
    admin_username: cloudsa
    admin_password: password