SSL Enforce Disabled
- Query id: 961ce567-a16d-4d7d-9027-f0ec2628a555
- Query name: SSL Enforce Disabled
- Platform: Ansible
- Severity: Medium
- Category: Encryption
- CWE: 319
- URL: Github
Description¶
Make sure that for PosgreSQL, the 'Enforce SSL connection' is set to 'ENABLED'
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: Create (or update) PostgreSQL Server
azure.azcollection.azure_rm_postgresqlserver:
resource_group: myResourceGroup
name: testserver
sku:
name: B_Gen5_1
tier: Basic
location: eastus
storage_mb: 1024
admin_username: cloudsa
admin_password: password
- name: Create (or update) PostgreSQL Server2
azure.azcollection.azure_rm_postgresqlserver:
resource_group: myResourceGroup
name: testserver
sku:
name: B_Gen5_1
tier: Basic
location: eastus
storage_mb: 1024
enforce_ssl: no
admin_username: cloudsa
admin_password: password
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Create (or update) PostgreSQL Server
azure.azcollection.azure_rm_postgresqlserver:
resource_group: myResourceGroup
name: testserver
sku:
name: B_Gen5_1
tier: Basic
location: eastus
storage_mb: 1024
enforce_ssl: yes
admin_username: cloudsa
admin_password: password
- name: Create (or update) PostgreSQL Server2
azure.azcollection.azure_rm_postgresqlserver:
resource_group: myResourceGroup
name: testserver
sku:
name: B_Gen5_1
tier: Basic
location: eastus
storage_mb: 1024
enforce_ssl: Yes
admin_username: cloudsa
admin_password: password
- name: Create (or update) PostgreSQL Server3
azure.azcollection.azure_rm_postgresqlserver:
resource_group: myResourceGroup
name: testserver
sku:
name: B_Gen5_1
tier: Basic
location: eastus
storage_mb: 1024
enforce_ssl: true
admin_username: cloudsa
admin_password: password
- name: Create (or update) PostgreSQL Server4
azure.azcollection.azure_rm_postgresqlserver:
resource_group: myResourceGroup
name: testserver
sku:
name: B_Gen5_1
tier: Basic
location: eastus
storage_mb: 1024
enforce_ssl: true
admin_username: cloudsa
admin_password: password
- name: Create (or update) PostgreSQL Server5
azure.azcollection.azure_rm_postgresqlserver:
resource_group: myResourceGroup
name: testserver
sku:
name: B_Gen5_1
tier: Basic
location: eastus
storage_mb: 1024
enforce_ssl: yes
admin_username: cloudsa
admin_password: password
- name: Create (or update) PostgreSQL Server6
azure.azcollection.azure_rm_postgresqlserver:
resource_group: myResourceGroup
name: testserver
sku:
name: B_Gen5_1
tier: Basic
location: eastus
storage_mb: 1024
enforce_ssl: Yes
admin_username: cloudsa
admin_password: password
- name: Create (or update) PostgreSQL Server7
azure.azcollection.azure_rm_postgresqlserver:
resource_group: myResourceGroup
name: testserver
sku:
name: B_Gen5_1
tier: Basic
location: eastus
storage_mb: 1024
enforce_ssl: 'true'
admin_username: cloudsa
admin_password: password
- name: Create (or update) PostgreSQL Server8
azure.azcollection.azure_rm_postgresqlserver:
resource_group: myResourceGroup
name: testserver
sku:
name: B_Gen5_1
tier: Basic
location: eastus
storage_mb: 1024
enforce_ssl: 'True'
admin_username: cloudsa
admin_password: password