Redis Cache Allows Non SSL Connections
- Query id: 49e30ac8-f58e-4222-b488-3dcb90158ec1
- Query name: Redis Cache Allows Non SSL Connections
- Platform: Pulumi
- Severity: Medium
- Category: Insecure Configurations
- CWE: 284
- URL: Github
Description¶
Redis Cache resource should not allow non-SSL connections.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
name: azure-aks
runtime: yaml
description: An Aks cluster
resources:
redis:
type: azure-native:cache:Redis
properties:
enableNonSslPort: true
location: West US
minimumTlsVersion: 1.2
name: cache1
redisConfiguration:
maxmemoryPolicy: allkeys-lru
replicasPerMaster: 2
resourceGroupName: rg1
shardCount: 2
sku:
capacity: 1
family: P
name: Premium
staticIP: 192.168.0.5
subnetId: /subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/virtualNetworks/network1/subnets/subnet1
zones:
- 1
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
name: azure-aks
runtime: yaml
description: An Aks cluster
resources:
redis:
type: azure-native:cache:Redis
properties:
enableNonSslPort: false
location: West US
minimumTlsVersion: 1.2
name: cache1
redisConfiguration:
maxmemoryPolicy: allkeys-lru
replicasPerMaster: 2
resourceGroupName: rg1
shardCount: 2
sku:
capacity: 1
family: P
name: Premium
staticIP: 192.168.0.5
subnetId: /subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/virtualNetworks/network1/subnets/subnet1
zones:
- 1