github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/network/disable_rdp_from_internet.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/network/disable_rdp_from_internet.tf.go (about)

     1  package network
     2  
     3  var terraformDisableRdpFromInternetGoodExamples = []string{
     4  	`
     5   resource "azurerm_network_security_rule" "good_example" {
     6        name                        = "good_example_security_rule"
     7        direction                   = "Inbound"
     8        access                      = "Allow"
     9        protocol                    = "TCP"
    10        source_port_range           = "*"
    11        destination_port_ranges     = ["3389"]
    12        source_address_prefix       = "4.53.160.75"
    13        destination_address_prefix  = "*"
    14   }
    15   
    16   resource "azurerm_network_security_group" "example" {
    17     name                = "tf-appsecuritygroup"
    18     location            = azurerm_resource_group.example.location
    19     resource_group_name = azurerm_resource_group.example.name
    20     
    21     security_rule {
    22   	 source_port_range           = "any"
    23        destination_port_ranges     = ["3389"]
    24        source_address_prefix       = "4.53.160.75"
    25        destination_address_prefix  = "*"
    26     }
    27   }
    28   `,
    29  }
    30  
    31  var terraformDisableRdpFromInternetBadExamples = []string{
    32  	`
    33   resource "azurerm_network_security_rule" "bad_example" {
    34        name                        = "bad_example_security_rule"
    35        direction                   = "Inbound"
    36        access                      = "Allow"
    37        protocol                    = "TCP"
    38        source_port_range           = "*"
    39        destination_port_ranges     = ["3389"]
    40        source_address_prefix       = "*"
    41        destination_address_prefix  = "*"
    42   }
    43   
    44   resource "azurerm_network_security_group" "example" {
    45     name                = "tf-appsecuritygroup"
    46     location            = azurerm_resource_group.example.location
    47     resource_group_name = azurerm_resource_group.example.name
    48     
    49     security_rule {
    50   	 source_port_range           = "any"
    51        destination_port_ranges     = ["3389"]
    52        source_address_prefix       = "*"
    53        destination_address_prefix  = "*"
    54     }
    55   }
    56   `,
    57  }
    58  
    59  var terraformDisableRdpFromInternetLinks = []string{
    60  	`https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/network_security_group#security_rule`, `https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule#source_port_ranges`,
    61  }
    62  
    63  var terraformDisableRdpFromInternetRemediationMarkdown = ``