github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/network/no_public_ingress.tf.go

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/network/no_public_ingress.tf.go (about)

     1  package network
     2  
     3  var terraformNoPublicIngressGoodExamples = []string{
     4  	`
     5   resource "azurerm_network_security_rule" "good_example" {
     6   	direction = "Inbound"
     7   	destination_address_prefix = "10.0.0.0/16"
     8   	access = "Allow"
     9   }`, `
    10  resource "azurerm_network_security_rule" "allow_lb_prober" {
    11    direction                                  = "Inbound"
    12    access                                     = "Allow"
    13    protocol                                   = "Tcp" # Probes are always TCP
    14    source_port_range                          = "*"
    15    destination_port_ranges                    = "443"
    16    source_address_prefix                      = "168.63.129.16" // single public IP (Azure well known)
    17  }`,
    18  }
    19  
    20  var terraformNoPublicIngressBadExamples = []string{
    21  	`
    22   resource "azurerm_network_security_rule" "bad_example" {
    23   	direction = "Inbound"
    24   	source_address_prefix = "0.0.0.0/0"
    25   	access = "Allow"
    26   }`,
    27  }
    28  
    29  var terraformNoPublicIngressLinks = []string{
    30  	`https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule`,
    31  }
    32  
    33  var terraformNoPublicIngressRemediationMarkdown = ``