Skip to content

bug(terraform): sensitive port Is exposed to small public network is too broad #8032

Description

@david-mnz

Sensitive Port Is Exposed To Small Public Network
Query id: e35c16a2-d54e-419d-8546-a804d8e024d0
Query name: Sensitive Port Is Exposed To Small Public Network
Platform: Terraform

  • The kics.io rule does not differentiate between known private networks and is too broad
  • The isSmallPublicNetwork() function only checks the subnet size, not whether the IP range is actually public or private
  • Small public subnets might be legitimate in some scenarios.

Expected Behavior

There should be a check for Private Network ranges

Actual Behavior

It checks small networks irrespective if public or private

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingcommunityCommunity contribution

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions