Merge branch 'master' into fix_workflows

Checkmarx · Aug 17, 2023 · 581d910 · 581d910
2 parents 10c600b + 685fd53
commit 581d910
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 2 deletions.
diff --git a/...s/queries/terraform/azure/function_app_not_using_latest_tls_encryption_version/query.rego b/...s/queries/terraform/azure/function_app_not_using_latest_tls_encryption_version/query.rego
@@ -6,7 +6,7 @@ import data.generic.terraform as tf_lib
 CxPolicy[result] {
 	app := input.document[i].resource.azurerm_function_app[name]
 
-	app.site_config.min_tls_version != 1.2
+	to_number(app.site_config.min_tls_version) != 1.2
 
 	result := {
 		"documentId": input.document[i].id,
@@ -18,7 +18,7 @@ CxPolicy[result] {
 		"keyActualValue": sprintf("'azurerm_function_app[%s].site_config.min_tls_version' is not set to '1.2'", [name]),
 		"searchLine": common_lib.build_search_line(["resource", "azurerm_function_app", name, "site_config", "min_tls_version"], []),
 		"remediation": json.marshal({
-			"before": sprintf("%.1f", [app.site_config.min_tls_version]),
+			"before": sprintf("%.1f", [to_number(app.site_config.min_tls_version)]),
 			"after": "1.2"
 		}),
 		"remediationType": "replacement",

diff --git a/...es/terraform/azure/function_app_not_using_latest_tls_encryption_version/test/negative4.tf b/...es/terraform/azure/function_app_not_using_latest_tls_encryption_version/test/negative4.tf
@@ -0,0 +1,14 @@
+resource "azurerm_function_app" "negative4" {
+  name                       = "test-azure-functions"
+  location                   = azurerm_resource_group.example.location
+  resource_group_name        = azurerm_resource_group.example.name
+  app_service_plan_id        = azurerm_app_service_plan.example.id
+  storage_account_name       = azurerm_storage_account.example.name
+  storage_account_access_key = azurerm_storage_account.example.primary_access_key
+
+  site_config {
+    dotnet_framework_version = "v4.0"
+    scm_type                 = "LocalGit"
+    min_tls_version = "1.2"
+  }
+}
diff --git a/...es/terraform/azure/function_app_not_using_latest_tls_encryption_version/test/positive2.tf b/...es/terraform/azure/function_app_not_using_latest_tls_encryption_version/test/positive2.tf
@@ -0,0 +1,14 @@
+resource "azurerm_function_app" "positive2" {
+  name                       = "test-azure-functions"
+  location                   = azurerm_resource_group.example.location
+  resource_group_name        = azurerm_resource_group.example.name
+  app_service_plan_id        = azurerm_app_service_plan.example.id
+  storage_account_name       = azurerm_storage_account.example.name
+  storage_account_access_key = azurerm_storage_account.example.primary_access_key
+
+  site_config {
+    dotnet_framework_version = "v4.0"
+    scm_type                 = "LocalGit"
+    min_tls_version = "1.1"
+  }
+}
diff --git a/...e/function_app_not_using_latest_tls_encryption_version/test/positive_expected_result.json b/...e/function_app_not_using_latest_tls_encryption_version/test/positive_expected_result.json
@@ -4,5 +4,11 @@
     "severity": "HIGH",
     "line": 12,
     "fileName": "positive1.tf"
+  },
+  {
+    "queryName": "Function App Not Using Latest TLS Encryption Version",
+    "severity": "HIGH",
+    "line": 12,
+    "fileName": "positive2.tf"
   }
 ]