Beta - CLB Listener Using Insecure Protocols

• Query id: fe08b81c-12e9-4b5e-9006-4218fca750fd
• Query name: Beta - CLB Listener Using Insecure Protocols
• Platform: Terraform
• Severity: High
• Category: Encryption
• CWE: Ongoing
• URL: Github

Description

CLB Listener protocol must not use insecure protocols
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "tencentcloud_clb_listener" "listener" {
  clb_id        = "lb-0lh5au7v"
  listener_name = "test_listener"
  protocol      = "HTTP"
  port          = 80
}

Positive test num. 2 - tf file

resource "tencentcloud_clb_listener" "listener" {
  clb_id        = "lb-0lh5au7v"
  listener_name = "test_listener"
  protocol      = "TCP"
  port          = 8080
}

Positive test num. 3 - tf file

resource "tencentcloud_clb_listener" "listener" {
  clb_id        = "lb-0lh5au7v"
  listener_name = "test_listener"
  protocol      = "UDP"
  port          = 8090
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "tencentcloud_clb_listener" "listener" {
  clb_id        = "lb-0lh5au7v"
  listener_name = "test_listener"
  protocol      = "HTTPS"
  port          = 443
}