HTTPS url not used with Ansible uri
Description
This policy detects whether HTTPS URLs are used in the Ansible uri module to ensure secure communication. Using HTTPS instead of HTTP encrypts the data transmitted, providing confidentiality and integrity. It verifies that the tasks interact with URLs over a secure channel.
Code Example
yaml
- name: Verify tests
hosts: all
gather_facts: False
tasks:
- name: https
uri:
- url: http://www.example.com
+ url: https://www.example.com
...Remediation
Ansible
- Module: uri
- Attribute: url
To mitigate this risk, ensure that all Ansible tasks using the uri module specify URLs that begin with "https://". This guarantees that the data transmitted in these tasks is encrypted and secure.
Source Code Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0048 |
| Severity | MEDIUM |
| IaC Type | Ansible |
| Frameworks | Ansible |
| Checkov ID | CKV2_ANSIBLE_1 |