SQLServer Ingress From Any IP
- Query id: f4e9ff70-0f3b-4c50-a713-26cbe7ec4039
- Query name: SQLServer Ingress From Any IP
- Platform: Ansible
- Severity: Critical
- Category: Networking and Firewall
- CWE: 285
- URL: Github
Description¶
Check if all IPs are allowed, check from start 0.0.0.0 to end 255.255.255.255.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: Create (or update) Firewall Rule
azure.azcollection.azure_rm_sqlfirewallrule:
resource_group: myResourceGroup
server_name: firewallrulecrudtest-6285
name: firewallrulecrudtest-5370
start_ip_address: 0.0.0.0
end_ip_address: 255.255.255.255
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
- name: Create (or update) Firewall Rule
azure.azcollection.azure_rm_sqlfirewallrule:
resource_group: myResourceGroup
server_name: firewallrulecrudtest-6285
name: firewallrulecrudtest-5370
start_ip_address: 172.28.10.136
end_ip_address: 172.28.10.138
- name: Create (or update) Firewall Rule2
azure.azcollection.azure_rm_sqlfirewallrule:
resource_group: myResourceGroup
server_name: firewallrulecrudtest-6285
name: firewallrulecrudtest-5370
start_ip_address: 0.0.0.0
end_ip_address: 0.0.0.3
- name: Create (or update) Firewall Rule3
azure.azcollection.azure_rm_sqlfirewallrule:
resource_group: myResourceGroup
server_name: firewallrulecrudtest-6285
name: firewallrulecrudtest-5370
start_ip_address: 255.255.255.250
end_ip_address: 255.255.255.255