Skip to content

Remove Sample Databases

Description

Sample Databases contain default users, and may have weak passwords. Access to a sample database could provide initial access to a server and be leveraged to gain further access or disclose sensitive information.

Rationale

Sample databases create an increased attack surface, and should be removed.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine sqlserver

Default Rule

const {isEmptyArray} = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if none of the databases are sample
 */
function validate(databaseSettings) {

    const sampleDbs = [
        'WideWorldImporters',
        'AdventureWorks',
        'AdventureWorks2019',
        'AdventureWorks2017',
        'AdventureWorks2016',
        'AdventureWorks2016_EXT',
        'AdventureWorks2014',
        'AdventureWorks2012',
        'AdventureWorks2008R2']

    const success =
            isEmptyArray(databaseSettings.databases) ||
            databaseSettings.databases.every(
                db => !sampleDbs.includes(db.sqlserver.name))

    return {
        success
    }
}

validate(databaseSettings)