SQLServer Ingress From Any IP

  • Query id: 25c0ea09-f1c5-4380-b055-3b83863f2bb8
  • Query name: SQLServer Ingress From Any IP
  • Platform: Terraform
  • Severity: Critical
  • Category: Networking and Firewall
  • CWE: 668
  • URL: Github

Description

Check if all IPs are allowed, check from start 0.0.0.0 to end 255.255.255.255.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "azurerm_sql_firewall_rule" "positive1" {
  name                = "FirewallRule1"
  resource_group_name = azurerm_resource_group.example.name
  server_name         = azurerm_sql_server.example.name
  start_ip_address    = "0.0.0.0"
  end_ip_address      = "255.255.255.255"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "azurerm_sql_firewall_rule" "negative1" {
  name                = "FirewallRule1"
  resource_group_name = azurerm_resource_group.example.name
  server_name         = azurerm_sql_server.example.name
  start_ip_address    = "10.0.17.62"
  end_ip_address      = "10.0.17.62"
}