NIFCLOUD RDB has public DB ingress security group rule

Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > NIFCLOUD RDB has public DB ingress security group rule

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

Id: terraform-nifcloud-db-security-group-has-public-ingress-sgr

Cloud Provider: Nifcloud

Platform: Terraform

Severity: High

Category: Networking and Firewall

Learn More

Provider Reference

Description

A nifcloud_db_security_group ingress security group rule allows traffic from /0. The rule parses rule[].cidr_ip, splitting on / and converting the suffix to a number; it flags when that numeric mask is less than 1, indicating a CIDR of /0. This represents an overly permissive cidr range that allows traffic from any IP address.

Compliant Code Examples

resource "nifcloud_db_security_group" "negative" {
  group_name        = "example"
  availability_zone = "east-11"
  rule {
    cidr_ip = "10.0.0.0/16"
  }
}

Non-Compliant Code Examples

resource "nifcloud_db_security_group" "positive" {
  group_name        = "example"
  availability_zone = "east-11"
  rule {
    cidr_ip = "0.0.0.0/0"
  }
}