SQL DB Instance With SSL Disabled

  • Query id: 660360d3-9ca7-46d1-b147-3acc4002953f
  • Query name: SQL DB Instance With SSL Disabled
  • Platform: GoogleDeploymentManager
  • Severity: High
  • Category: Encryption
  • CWE: 319
  • URL: Github

Description

Cloud SQL Database Instance should have SSL enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
resources:
  - name: sql-instance
    type: sqladmin.v1beta4.instance
    properties:
      settings:
        tier: db-custom-1-3840
Positive test num. 2 - yaml file
resources:
  - name: sql-instance
    type: sqladmin.v1beta4.instance
    properties:
      settings:
        tier: db-custom-1-3840
        ipConfiguration:
          ipv4Enabled: true
Positive test num. 3 - yaml file
resources:
  - name: sql-instance
    type: sqladmin.v1beta4.instance
    properties:
      settings:
        tier: db-custom-1-3840
        ipConfiguration:
          ipv4Enabled: true
          requireSsl: false

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
resources:
  - name: sql-instance
    type: sqladmin.v1beta4.instance
    properties:
      settings:
        tier: db-custom-1-3840
        ipConfiguration:
          requireSsl: true