Default Azure Storage Account Network Access Is Too Permissive
- Query id: ca4df748-613a-4fbf-9c76-f02cbd580307
- Query name: Default Azure Storage Account Network Access Is Too Permissive
- Platform: Ansible
- Severity: High
- Category: Access Control
- CWE: 285
- URL: Github
Description¶
Make sure that your Azure Storage Account access is limited to those who require it.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: create an account
azure.azcollection.azure_rm_storageaccount:
resource_group: myResourceGroup
name: clh0002
type: Standard_RAGRS
tags:
testing: testing
delete: on-exit
public_network_access: Enabled
Positive test num. 2 - yaml file
---
- name: create an account
azure.azcollection.azure_rm_storageaccount:
resource_group: myResourceGroup
name: clh0002
type: Standard_RAGRS
tags:
testing: testing
delete: on-exit
Positive test num. 3 - yaml file
---
- name: create an account
azure.azcollection.azure_rm_storageaccount:
resource_group: myResourceGroup
name: clh0002
type: Standard_RAGRS
tags:
testing: testing
delete: on-exit
network_acls:
default_action: Allow