Disable local_infile setting in MySQL
Default Severity: high
Explanation
Arbitrary files can be read from the system using LOAD_DATA unless this setting is disabled.
Possible Impact
Arbitrary files read by attackers when combined with a SQL injection vulnerability.
Suggested Resolution
Disable the local infile setting
Insecure Example
The following example will fail the google-sql-mysql-no-local-infile check.
resource "google_sql_database_instance" "db" {
name = "db"
database_version = "MYSQL_5_6"
region = "us-central1"
settings {
database_flags {
name = "local_infile"
value = "on"
}
}
}
Secure Example
The following example will pass the google-sql-mysql-no-local-infile check.
resource "google_sql_database_instance" "db" {
name = "db"
database_version = "MYSQL_5_6"
region = "us-central1"
settings {
database_flags {
name = "local_infile"
value = "off"
}
}
}