Sensitive Port Is Exposed To Small Public Network
Query id: e35c16a2-d54e-419d-8546-a804d8e024d0
Query name: Sensitive Port Is Exposed To Small Public Network
Platform: Terraform
- The kics.io rule does not differentiate between known private networks and is too broad
- The isSmallPublicNetwork() function only checks the subnet size, not whether the IP range is actually public or private
- Small public subnets might be legitimate in some scenarios.
Expected Behavior
There should be a check for Private Network ranges
Actual Behavior
It checks small networks irrespective if public or private
Sensitive Port Is Exposed To Small Public Network
Query id: e35c16a2-d54e-419d-8546-a804d8e024d0
Query name: Sensitive Port Is Exposed To Small Public Network
Platform: Terraform
Expected Behavior
There should be a check for Private Network ranges
Actual Behavior
It checks small networks irrespective if public or private