Nifcloud NAS Has Public Ingress NAS Security Group Rule

  • Query id: 8d7758a7-d9cd-499a-a83e-c9bdcbff728d
  • Query name: Nifcloud NAS Has Public Ingress NAS Security Group Rule
  • Platform: Terraform
  • Severity: High
  • Category: Networking and Firewall
  • CWE: 285
  • URL: Github

Description

An ingress NAS security group rule allows traffic from /0
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "nifcloud_nas_security_group" "positive" {
  group_name        = "nasgroup001"
  availability_zone = "east-11"

  rule {
    cidr_ip = "0.0.0.0/0"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "nifcloud_nas_security_group" "negative" {
  group_name        = "nasgroup001"
  availability_zone = "east-11"

  rule {
    cidr_ip = "10.0.0.0/16"
  }
}