DB Security Group Open To Large Scope

Query id: 4f615f3e-fb9c-4fad-8b70-2e9f781806ce
Query name: DB Security Group Open To Large Scope
Platform: Terraform
Severity: High
Category: Networking and Firewall
CWE: <a href="https://cwe.mitre.org/data/definitions/200.html" onclick="newWindowOpenerSafe(event, 'https://cwe.mitre.org/data/definitions/200.html')">200
URL: <a href="https://github.com/Checkmarx/kics/tree/master/assets/queries/terraform/aws/db_security_group_open_to_large_scope">Github

The IP address in a DB Security Group must not have more than 256 hosts.
Documentation

Positive test num. 1 - tf file

resource "aws_db_security_group" "positive1" {
  name = "rds_sg"

  ingress {
    cidr = "10.0.0.0/24"
  }
}

Negative test num. 1 - tf file

resource "aws_db_security_group" "negative1" {
  name = "rds_sg"

  ingress {
    cidr = "10.0.0.0/25"
  }
}