SQLServer Ingress From Any IP

  • Query id: f4e9ff70-0f3b-4c50-a713-26cbe7ec4039
  • Query name: SQLServer Ingress From Any IP
  • Platform: Ansible
  • Severity: Critical
  • Category: Networking and Firewall
  • CWE: 285
  • URL: Github

Description

Check if all IPs are allowed, check from start 0.0.0.0 to end 255.255.255.255.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
---
- name: Create (or update) Firewall Rule
  azure.azcollection.azure_rm_sqlfirewallrule:
    resource_group: myResourceGroup
    server_name: firewallrulecrudtest-6285
    name: firewallrulecrudtest-5370
    start_ip_address: 0.0.0.0
    end_ip_address: 255.255.255.255

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Create (or update) Firewall Rule
  azure.azcollection.azure_rm_sqlfirewallrule:
    resource_group: myResourceGroup
    server_name: firewallrulecrudtest-6285
    name: firewallrulecrudtest-5370
    start_ip_address: 172.28.10.136
    end_ip_address: 172.28.10.138
- name: Create (or update) Firewall Rule2
  azure.azcollection.azure_rm_sqlfirewallrule:
    resource_group: myResourceGroup
    server_name: firewallrulecrudtest-6285
    name: firewallrulecrudtest-5370
    start_ip_address: 0.0.0.0
    end_ip_address: 0.0.0.3
- name: Create (or update) Firewall Rule3
  azure.azcollection.azure_rm_sqlfirewallrule:
    resource_group: myResourceGroup
    server_name: firewallrulecrudtest-6285
    name: firewallrulecrudtest-5370
    start_ip_address: 255.255.255.250
    end_ip_address: 255.255.255.255