Azure Cognitive Search Public Network Access Enabled

Query id: 4a9e0f00-0765-4f72-a0d4-d31110b78279
Query name: Azure Cognitive Search Public Network Access Enabled
Platform: Terraform
Severity: Medium
Category: Networking and Firewall
CWE: 732
URL: Github

Description¶

Public Network Access should be disabled for Azure Cognitive Search
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - tf file

resource "azurerm_search_service" "positive1" {
  name                = "example-search-service"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  sku                 = "standard"
  public_network_access_enabled = true
}

Positive test num. 2 - tf file

resource "azurerm_search_service" "positive2" {
  name                = "example-search-service"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  sku                 = "standard"
}

Code samples without security vulnerabilities¶

Negative test num. 1 - tf file

resource "azurerm_search_service" "example" {
  name                = "example-search-service"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  sku                 = "standard"
  public_network_access_enabled = false
}