Nifcloud Computing Has Public Ingress Security Group Rule

Query id: b2ea2367-8dc9-4231-a035-d0b28bfa3dde
Query name: Nifcloud Computing Has Public Ingress Security Group Rule
Platform: Terraform
Severity: High
Category: Networking and Firewall
CWE: 668
URL: Github

Description¶

An ingress security group rule allows traffic from /0
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - tf file

resource "nifcloud_security_group_rule" "positive" {
  security_group_names = ["http"]
  type                 = "IN"
  description          = "HTTP from VPC"
  from_port            = 80
  to_port              = 80
  protocol             = "TCP"
  cidr_ip              = "0.0.0.0/0"
}

Code samples without security vulnerabilities¶

Negative test num. 1 - tf file

resource "nifcloud_security_group_rule" "negative" {
  security_group_names = ["http"]
  type                 = "IN"
  description          = "HTTP from VPC"
  from_port            = 80
  to_port              = 80
  protocol             = "TCP"
  cidr_ip              = "10.0.0.0/16"
}