Redis Publicly Accessible
- Query id: 5089d055-53ff-421b-9482-a5267bdce629
- Query name: Redis Publicly Accessible
- Platform: Terraform
- Severity: Critical
- Category: Networking and Firewall
- CWE: 285
- URL: Github
Description¶
Firewall rule allowing unrestricted access to Redis from other Azure sources
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_redis_cache" "positive1" {
name = "redis${random_id.server.hex}"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
capacity = 1
family = "P"
sku_name = "Premium"
enable_non_ssl_port = false
redis_configuration {
maxclients = 256
maxmemory_reserved = 2
maxmemory_delta = 2
maxmemory_policy = "allkeys-lru"
}
}
resource "azurerm_redis_firewall_rule" "positive2" {
name = "someIPrange"
redis_cache_name = azurerm_redis_cache.example.name
resource_group_name = azurerm_resource_group.example.name
start_ip = "1.2.3.4"
end_ip = "2.3.4.5"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_redis_cache" "negative1" {
name = "redis${random_id.server.hex}"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
capacity = 1
family = "P"
sku_name = "Premium"
enable_non_ssl_port = false
redis_configuration {
maxclients = 256
maxmemory_reserved = 2
maxmemory_delta = 2
maxmemory_policy = "allkeys-lru"
}
}
resource "azurerm_redis_firewall_rule" "negative2" {
name = "someIPrange"
redis_cache_name = azurerm_redis_cache.example.name
resource_group_name = azurerm_resource_group.example.name
start_ip = "10.2.3.4"
end_ip = "10.3.4.5"
}