Skip to content

Ensure 'CLR Enabled' Server Configuration Option is set to '0'

Description

The clr enabled option specifies whether user assemblies can be run by SQL Server.

Rationale

Enabling use of CLR assemblies widens the attack surface of SQL Server and puts it at risk from both inadvertent and malicious assemblies.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const { checkServerSetting } = module
/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if 'clr enabled' is set to 0
 */
function validate(databaseSettings) {
    const success = checkServerSetting(databaseSettings, 'clr enabled', "0")

    return {
        success,
    }
}

validate(databaseSettings)