DB Security Group Has Public Interface

Query id: f0d8781f-99bf-4958-9917-d39283b168a0
Query name: DB Security Group Has Public Interface
Platform: Terraform
Severity: High
Category: Insecure Configurations
URL: <a href="https://github.com/Checkmarx/kics/tree/master/assets/queries/terraform/aws/db_security_group_has_public_interface">Github

The CIDR IP should not be a public interface
Documentation

Positive test num. 1 - tf file

resource "aws_db_security_group" "positive1" {
  name = "rds_sg"

  ingress {
    cidr = "0.0.0.0/0"
  }
}

Positive test num. 2 - tf file

resource "aws_db_security_group" "positive1" {
  name = "rds_sg"

  ingress {
    cidr = "10.0.0.0/8"
  }

  ingress {
    cidr = "0.0.0.0/0"
  }
}

Negative test num. 1 - tf file

resource "aws_db_security_group" "negative1" {
  name = "rds_sg"

  ingress {
    cidr = "10.0.0.0/8"
  }
}