Skip to content

Sample Databases Were Not Removed

Description

Sample databases create an increased attack surface, and should be removed.

Rationale

Sample Databases contain default users, and may have weak passwords. Access to a sample database could provide initial access to a server and be leveraged to gain further access or disclose sensitive information.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const {isEmptyArray} = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if none of the databases are sample
 */
function validate(databaseSettings) {

    const sampleDbs = [
        'WideWorldImporters',
        'AdventureWorks',
        'AdventureWorks2019',
        'AdventureWorks2017',
        'AdventureWorks2016',
        'AdventureWorks2016_EXT',
        'AdventureWorks2014',
        'AdventureWorks2012',
        'AdventureWorks2008R2']

    const success =
            isEmptyArray(databaseSettings.databases) ||
            databaseSettings.databases.every(
                db => !sampleDbs.includes(db.sqlserver.name))

    return {
        success
    }
}

validate(databaseSettings)