Azure Cognitive Search Public Network Access Enabled

  • Query id: 4a9e0f00-0765-4f72-a0d4-d31110b78279
  • Query name: Azure Cognitive Search Public Network Access Enabled
  • Platform: Terraform
  • Severity: Medium
  • Category: Networking and Firewall
  • CWE: 732
  • URL: Github

Description

Public Network Access should be disabled for Azure Cognitive Search
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "azurerm_search_service" "positive1" {
  name                = "example-search-service"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  sku                 = "standard"
  public_network_access_enabled = true
}
Positive test num. 2 - tf file
resource "azurerm_search_service" "positive2" {
  name                = "example-search-service"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  sku                 = "standard"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "azurerm_search_service" "example" {
  name                = "example-search-service"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  sku                 = "standard"
  public_network_access_enabled = false
}