rspec/rules/S6413/azureresourcemanager/rule.adoc

include::../description.adoc[]

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

For https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview[Azure Firewall Policy]:

[source,json,diff-id=1,diff-type=noncompliant]
----
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Network/firewallPolicies",
      "apiVersion": "2022-07-01",
      "properties": {
        "insights": {
          "isEnabled": true,
          "retentionDays": 7
        }
      }
    }
  ]
}
----

Raise issue when `retentionDays` is smaller than `14`, but not `0` (zero), or if `isEnabled` is `false` or the `insights` block is missing.

For https://learn.microsoft.com/en-us/azure/templates/microsoft.network/networkwatchers/flowlogs[Microsoft Network Network Watchers Flow Logs]:

[source,json,diff-id=3,diff-type=noncompliant]
----
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Network/networkWatchers/flowLogs",
      "apiVersion": "2022-07-01",
      "properties": {
        "retentionPolicy": {
          "days": 7,
          "enabled": true
        }
      }
    }
  ]
}
----

Raise issue when `days` is smaller than `14`, but not `0` (zero), or if `enabled` is set to `false` or `retentionPolicy` is missing.

For https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/2021-11-01/servers/auditingsettings[Microsoft SQL Servers Auditing Settings]:

[source,json,diff-id=5,diff-type=noncompliant]
----
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Sql/servers/auditingSettings",
      "apiVersion": "2021-11-01",
      "properties": {
        "retentionDays": 7
      }
    }
  ]
}
----

Raise issue when retentionDays is smaller than `14`, but not `0` (zero).

The same case applies to other types (when `type` field is set to one of following):

* `Microsoft.DBforMariaDB/servers/securityAlertPolicies` - for https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/2018-06-01/servers/securityalertpolicies[Microsoft DB for MariaDB Servers Security Alert Policies]
* `Microsoft.Sql/servers/databases/securityAlertPolicies` - for https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/servers/databases/securityalertpolicies[Microsoft Sql Servers Databases Security Alert Policies]
* `Microsoft.Sql/servers/auditingPolicies` - for https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/servers/auditingpolicies[Microsoft Sql Servers Auditing Policies]
* `Microsoft.Synapse/workspaces/auditingSettings` - for https://learn.microsoft.com/en-us/azure/templates/microsoft.synapse/2021-06-01/workspaces/auditingsettings[Microsoft Synapse Workspaces Auditing Settings]
* `Microsoft.Synapse/workspaces/sqlPools/securityAlertPolicies` - for https://learn.microsoft.com/en-us/azure/templates/microsoft.synapse/workspaces/sqlpools/securityalertpolicies?pivots=deployment-language-bicep[Microsoft Synapse Workspaces Sql Pools Security Alert Policies]

== Compliant Solution

For https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview[Azure Firewall Policy]:

[source,json,diff-id=1,diff-type=compliant]
----
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Network/firewallPolicies",
      "apiVersion": "2022-07-01",
      "properties": {
        "insights": {
          "isEnabled": true,
          "retentionDays": 30
        }
      }
    }
  ]
}
----


For https://learn.microsoft.com/en-us/azure/templates/microsoft.network/networkwatchers/flowlogs[Microsoft Network Network Watchers Flow Logs]:

[source,json,diff-id=3,diff-type=compliant]
----
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Network/networkWatchers/flowLogs",
      "apiVersion": "2022-07-01",
      "properties": {
        "retentionPolicy": {
          "days": 30,
          "enabled": true
        }
      }
    }
  ]
}
----

For https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/2021-11-01/servers/auditingsettings[Microsoft SQL Servers Auditing Settings]:

[source,json,diff-id=5,diff-type=compliant]
----
{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "resources": [
    {
      "type": "Microsoft.Sql/servers/auditingSettings",
      "apiVersion": "2021-11-01",
      "properties": {
        "retentionDays": 30
      }
    }
  ]
}
----

Above code also applies to other types defined in previous paragraph.

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../highlighting.adoc[]

endif::env-github,rspecator-view[]
SONARIAC-758 Rule S6413 add ARM Defining a short log retention duration is security-sensitive (#1840) 2023-05-11 16:30:02 +02:00			`include::../description.adoc[]`

			`include::../ask-yourself.adoc[]`

			`include::../recommended.adoc[]`

			`== Sensitive Code Example`

			`For https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview[Azure Firewall Policy]:`

			`[source,json,diff-id=1,diff-type=noncompliant]`
			`----`
			`{`
			`"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",`
			`"contentVersion": "1.0.0.0",`
			`"resources": [`
			`{`
			`"type": "Microsoft.Network/firewallPolicies",`
			`"apiVersion": "2022-07-01",`
			`"properties": {`
			`"insights": {`
			`"isEnabled": true,`
			`"retentionDays": 7`
			`}`
			`}`
			`}`
			`]`
			`}`
			`----`

			Raise issue when `retentionDays` is smaller than `14`, but not `0` (zero), or if `isEnabled` is `false` or the `insights` block is missing.

			`For https://learn.microsoft.com/en-us/azure/templates/microsoft.network/networkwatchers/flowlogs[Microsoft Network Network Watchers Flow Logs]:`

			`[source,json,diff-id=3,diff-type=noncompliant]`
			`----`
			`{`
			`"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",`
			`"contentVersion": "1.0.0.0",`
			`"resources": [`
			`{`
			`"type": "Microsoft.Network/networkWatchers/flowLogs",`
			`"apiVersion": "2022-07-01",`
			`"properties": {`
			`"retentionPolicy": {`
			`"days": 7,`
			`"enabled": true`
			`}`
			`}`
			`}`
			`]`
			`}`
			`----`

			Raise issue when `days` is smaller than `14`, but not `0` (zero), or if `enabled` is set to `false` or `retentionPolicy` is missing.

			`For https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/2021-11-01/servers/auditingsettings[Microsoft SQL Servers Auditing Settings]:`

			`[source,json,diff-id=5,diff-type=noncompliant]`
			`----`
			`{`
			`"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",`
			`"contentVersion": "1.0.0.0",`
			`"resources": [`
			`{`
			`"type": "Microsoft.Sql/servers/auditingSettings",`
			`"apiVersion": "2021-11-01",`
			`"properties": {`
			`"retentionDays": 7`
			`}`
			`}`
			`]`
			`}`
			`----`

			Raise issue when retentionDays is smaller than `14`, but not `0` (zero).

			The same case applies to other types (when `type` field is set to one of following):

			* `Microsoft.DBforMariaDB/servers/securityAlertPolicies` - for https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/2018-06-01/servers/securityalertpolicies[Microsoft DB for MariaDB Servers Security Alert Policies]
			* `Microsoft.Sql/servers/databases/securityAlertPolicies` - for https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/servers/databases/securityalertpolicies[Microsoft Sql Servers Databases Security Alert Policies]
			* `Microsoft.Sql/servers/auditingPolicies` - for https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/servers/auditingpolicies[Microsoft Sql Servers Auditing Policies]
			* `Microsoft.Synapse/workspaces/auditingSettings` - for https://learn.microsoft.com/en-us/azure/templates/microsoft.synapse/2021-06-01/workspaces/auditingsettings[Microsoft Synapse Workspaces Auditing Settings]
			* `Microsoft.Synapse/workspaces/sqlPools/securityAlertPolicies` - for https://learn.microsoft.com/en-us/azure/templates/microsoft.synapse/workspaces/sqlpools/securityalertpolicies?pivots=deployment-language-bicep[Microsoft Synapse Workspaces Sql Pools Security Alert Policies]

			`== Compliant Solution`

			`For https://docs.microsoft.com/en-us/azure/firewall-manager/policy-overview[Azure Firewall Policy]:`

			`[source,json,diff-id=1,diff-type=compliant]`
			`----`
			`{`
			`"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",`
			`"contentVersion": "1.0.0.0",`
			`"resources": [`
			`{`
			`"type": "Microsoft.Network/firewallPolicies",`
			`"apiVersion": "2022-07-01",`
			`"properties": {`
			`"insights": {`
			`"isEnabled": true,`
			`"retentionDays": 30`
			`}`
			`}`
			`}`
			`]`
			`}`
			`----`


			`For https://learn.microsoft.com/en-us/azure/templates/microsoft.network/networkwatchers/flowlogs[Microsoft Network Network Watchers Flow Logs]:`

			`[source,json,diff-id=3,diff-type=compliant]`
			`----`
			`{`
			`"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",`
			`"contentVersion": "1.0.0.0",`
			`"resources": [`
			`{`
			`"type": "Microsoft.Network/networkWatchers/flowLogs",`
			`"apiVersion": "2022-07-01",`
			`"properties": {`
			`"retentionPolicy": {`
			`"days": 30,`
			`"enabled": true`
			`}`
			`}`
			`}`
			`]`
			`}`
			`----`

			`For https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/2021-11-01/servers/auditingsettings[Microsoft SQL Servers Auditing Settings]:`

			`[source,json,diff-id=5,diff-type=compliant]`
			`----`
			`{`
			`"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",`
			`"contentVersion": "1.0.0.0",`
			`"resources": [`
			`{`
			`"type": "Microsoft.Sql/servers/auditingSettings",`
			`"apiVersion": "2021-11-01",`
			`"properties": {`
			`"retentionDays": 30`
			`}`
			`}`
			`]`
			`}`
			`----`

			`Above code also applies to other types defined in previous paragraph.`

			`ifdef::env-github,rspecator-view[]`

			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::../message.adoc[]`

			`include::../highlighting.adoc[]`

			`endif::env-github,rspecator-view[]`