Redis Cache Allows Non SSL Connections

• Query id: e29a75e6-aba3-4896-b42d-b87818c16b58
• Query name: Redis Cache Allows Non SSL Connections
• Platform: Terraform
• Severity: Medium
• Category: Insecure Configurations
• CWE: 319
• URL: Github

Description

Redis Cache resources should not allow non-SSL connections
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "azurerm_redis_cache" "positive1" {
  name                = "example-cache"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  capacity            = 2
  family              = "C"
  sku_name            = "Standard"
  enable_non_ssl_port = true
  minimum_tls_version = "1.2"

  redis_configuration {
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "azurerm_redis_cache" "negative1" {
  name                = "example-cache"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  capacity            = 2
  family              = "C"
  sku_name            = "Standard"
  enable_non_ssl_port = false
  minimum_tls_version = "1.2"

  redis_configuration {
  }
}

resource "azurerm_redis_cache" "negative2" {
  name                = "example-cache"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  capacity            = 2
  family              = "C"
  sku_name            = "Standard"

  minimum_tls_version = "1.2"

  redis_configuration {
  }
}