CosmosDB Account IP Range Filter Not Set

• Query id: c2a3efb6-8a58-481c-82f2-bfddf34bb4b7
• Query name: CosmosDB Account IP Range Filter Not Set
• Platform: Terraform
• Severity: Critical
• Category: Networking and Firewall
• CWE: 285
• URL: Github

Description

The IP range filter should be defined to secure the data stored
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "azurerm_cosmosdb_account" "positive1" {
  name                  = "example" 
  is_virtual_network_filter_enabled = true


}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "azurerm_cosmosdb_account" "negative1" {
  name                  = "example" 

  ip_range_filter       = "104.42.195.92"
  is_virtual_network_filter_enabled = true


}