Nifcloud RDB Has Public DB Ingress Security Group Rule

Query id: a0b846e8-815f-4f15-b660-bc4ab9fa1e1a
Query name: Nifcloud RDB Has Public DB Ingress Security Group Rule
Platform: Terraform
Severity: High
Category: Networking and Firewall
CWE: 284
URL: Github

Description¶

A DB ingress security group rule allows traffic from /0
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - tf file

resource "nifcloud_db_security_group" "positive" {
  group_name        = "example"
  availability_zone = "east-11"
  rule {
    cidr_ip = "0.0.0.0/0"
  }
}

Code samples without security vulnerabilities¶

Negative test num. 1 - tf file

resource "nifcloud_db_security_group" "negative" {
  group_name        = "example"
  availability_zone = "east-11"
  rule {
    cidr_ip = "10.0.0.0/16"
  }
}