Beta - Disk Encryption Disabled

• Query id: 1ee0f202-31da-49ba-bbce-04a989912e4b
• Query name: Beta - Disk Encryption Disabled
• Platform: Terraform
• Severity: Medium
• Category: Encryption
• CWE: 311
• URL: Github

Description

Disks should have encryption enabled
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "tencentcloud_cbs_storage" "encrytion_positive1" {
  storage_name      = "cbs-test"
  storage_type      = "CLOUD_SSD"
  storage_size      = 100
  availability_zone = "ap-guangzhou-3"

  tags = {
    test = "tf"
  }
}

Positive test num. 2 - tf file

resource "tencentcloud_cbs_storage" "encrytion_positive2" {
  storage_name      = "cbs-test"
  storage_type      = "CLOUD_SSD"
  storage_size      = 100
  availability_zone = "ap-guangzhou-3"
  encrypt           = false

  tags = {
    test = "tf"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "tencentcloud_cbs_storage" "encrytion_negative1" {
  storage_name      = "cbs-test"
  storage_type      = "CLOUD_SSD"
  storage_size      = 100
  availability_zone = "ap-guangzhou-3"
  encrypt           = true

  tags = {
    test = "tf"
  }
}