CosmosDB Account IP Range Filter Not Set
- Query id: e8c80448-31d8-4755-85fc-6dbab69c2717
- Query name: CosmosDB Account IP Range Filter Not Set
- Platform: Ansible
- Severity: Critical
- Category: Networking and Firewall
- CWE: 285
- URL: Github
Description¶
The IP range filter should be defined to secure the data stored
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
- name: Create Cosmos DB Account - max
azure_rm_cosmosdbaccount:
resource_group: myResourceGroup
name: myDatabaseAccount
location: westus
kind: mongo_db
geo_rep_locations:
- name: southcentralus
failover_priority: 0
database_account_offer_type: Standard
enable_multiple_write_locations: yes
virtual_network_rules:
- subnet: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVi
rtualNetwork/subnets/mySubnet"
consistency_policy:
default_consistency_level: bounded_staleness
max_staleness_prefix: 10
max_interval_in_seconds: 1000
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Create Cosmos DB Account - max
azure_rm_cosmosdbaccount:
resource_group: myResourceGroup
name: myDatabaseAccount
location: westus
kind: mongo_db
geo_rep_locations:
- name: southcentralus
failover_priority: 0
database_account_offer_type: Standard
ip_range_filter: 10.10.10.10
enable_multiple_write_locations: yes
virtual_network_rules:
- subnet: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVi
rtualNetwork/subnets/mySubnet
consistency_policy:
default_consistency_level: bounded_staleness
max_staleness_prefix: 10
max_interval_in_seconds: 1000