ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S4423/azureresourcemanager/rule.adoc

109 lines
3.1 KiB
Plaintext
Raw Normal View History

Create rule S4423: add language AzureResourceManager (#1835) [Specification ticket](https://sonarsource.atlassian.net/browse/SONARIAC-755) [Implementation ticket](https://sonarsource.atlassian.net/browse/SONARIAC-781) [RSPEC Preview](https://sonarsource.github.io/rspec/#/rspec/S4423/azureresourcemanager) Bicep PR for S4423: #1879
2023-05-11 17:14:01 +02:00
== Why is this an issue?
include::../description.adoc[]
=== Noncompliant code example
For https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts[Azure Storage accounts], TLS 1.0 and 1.1 are accepted by default.
[source,json,diff-id=2,diff-type=noncompliant]
----
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2022-09-01",
"name": "example",
"properties": {
"minimumTlsVersion": "TLS1_0"
}
}
]
}
----
For https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformysql/servers[Azure Database for MySQL servers], https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers[Azure Database for PostgreSQL servers], and https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/servers[Azure Database for MariaDB servers], there is no minimal TLS version enforced by default.
[source,json,diff-id=4,diff-type=noncompliant]
----
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.DBforMySQL/servers",
"apiVersion": "2017-12-01",
"name": "example",
"properties": {
"minimalTlsVersion": "TLS1_0"
}
}
]
}
----
== Compliant Solution
For https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/storageaccounts[Azure Storage accounts]:
[source,json,diff-id=2,diff-type=compliant]
----
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2022-09-01",
"name": "example",
"properties": {
"minimumTlsVersion": "TLS1_2"
}
}
]
}
----
For https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformysql/servers[Azure Database for MySQL servers], https://learn.microsoft.com/en-us/azure/templates/microsoft.dbforpostgresql/servers[Azure Database for PostgreSQL servers], and https://learn.microsoft.com/en-us/azure/templates/microsoft.dbformariadb/servers[Azure Database for MariaDB servers]:
[source,json,diff-id=4,diff-type=compliant]
----
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"type": "Microsoft.DBforMySQL/servers",
"apiVersion": "2017-12-01",
"name": "example",
"properties": {
"minimalTlsVersion": "TLS1_2"
}
}
]
}
----
include::../see.adoc[]
* https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-settings#minimal-tls-version[Microsoft Learn] - Azure SQL - Minimal TLS version
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::message.adoc[]
include::highlighting.adoc[]
'''
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue Copy Permalink