Redis Cache Allows Non SSL Connections

  • Query id: 49e30ac8-f58e-4222-b488-3dcb90158ec1
  • Query name: Redis Cache Allows Non SSL Connections
  • Platform: Pulumi
  • Severity: Medium
  • Category: Insecure Configurations
  • CWE: 284
  • URL: Github

Description

Redis Cache resource should not allow non-SSL connections.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
name: azure-aks
runtime: yaml
description: An Aks cluster
resources:
  redis:
    type: azure-native:cache:Redis
    properties:
      enableNonSslPort: true
      location: West US
      minimumTlsVersion: 1.2
      name: cache1
      redisConfiguration:
        maxmemoryPolicy: allkeys-lru
      replicasPerMaster: 2
      resourceGroupName: rg1
      shardCount: 2
      sku:
        capacity: 1
        family: P
        name: Premium
      staticIP: 192.168.0.5
      subnetId: /subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/virtualNetworks/network1/subnets/subnet1
      zones:
        - 1

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
name: azure-aks
runtime: yaml
description: An Aks cluster
resources:
  redis:
    type: azure-native:cache:Redis
    properties:
      enableNonSslPort: false
      location: West US
      minimumTlsVersion: 1.2
      name: cache1
      redisConfiguration:
        maxmemoryPolicy: allkeys-lru
      replicasPerMaster: 2
      resourceGroupName: rg1
      shardCount: 2
      sku:
        capacity: 1
        family: P
        name: Premium
      staticIP: 192.168.0.5
      subnetId: /subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/virtualNetworks/network1/subnets/subnet1
      zones:
        - 1