ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S6382/terraform/rule.adoc
Egon Okerman a3a2e69a45
Modify Rule S6382: Fix outdated properties (APPSEC-773) (#2514) 
* Fix outdated property

* Swap Web Apps for Containers and App Service
2024-09-11 10:37:08 +02:00

131 lines
3.2 KiB
Plaintext
Raw Permalink Blame History

include::../common/description.adoc[]
include::../common/ask-yourself.adoc[]
include::../common/recommended.adoc[]
== Sensitive Code Example
For https://azure.microsoft.com/en-us/services/app-service/containers/[Linux and Windows Web Apps]:
[source,terraform,diff-id=1,diff-type=noncompliant]
----
resource "azurerm_linux_web_app" "example" {
client_cert_enabled = false # Sensitive
}
resource "azurerm_linux_web_app" "example2" {
client_certificate_enabled = true
client_certificate_mode = "Optional" # Sensitive
}
----
For https://azure.microsoft.com/en-us/services/logic-apps/[Logic App Standards] and https://azure.microsoft.com/en-us/services/functions/[Function Apps]:
[source,terraform,diff-id=2,diff-type=noncompliant]
----
resource "azurerm_function_app" "example" {
client_cert_mode = "Optional" # Sensitive
}
----
For https://azure.microsoft.com/en-us/services/data-factory/[Data Factory Linked Services]:
[source,terraform,diff-id=3,diff-type=noncompliant]
----
resource "azurerm_data_factory_linked_service_web" "example" {
authentication_type = "Basic" # Sensitive
}
----
For https://azure.microsoft.com/en-us/services/api-management/[API Management]:
[source,terraform,diff-id=4,diff-type=noncompliant]
----
resource "azurerm_api_management" "example" {
sku_name = "Consumption_1"
client_certificate_mode = "Optional" # Sensitive
}
----
For https://azure.microsoft.com/en-us/services/app-service/[App Service]:
[source,terraform,diff-id=5,diff-type=noncompliant]
----
resource "azurerm_app_service" "example" {
client_cert_enabled = false # Sensitive
}
----
== Compliant Solution
For https://azure.microsoft.com/en-us/services/app-service/containers/[Linux and Windows Web Apps]:
[source,terraform,diff-id=1,diff-type=compliant]
----
resource "azurerm_linux_web_app" "example" {
client_certificate_enabled = true
client_certificate_mode = "Required"
}
----
For https://azure.microsoft.com/en-us/services/logic-apps/[Logic App Standards] and https://azure.microsoft.com/en-us/services/functions/[Function Apps]:
[source,terraform,diff-id=2,diff-type=compliant]
----
resource "azurerm_function_app" "example" {
client_cert_mode = "Required"
}
----
For https://azure.microsoft.com/en-us/services/data-factory/[Data Factory Linked Services]:
[source,terraform,diff-id=3,diff-type=compliant]
----
resource "azurerm_data_factory_linked_service_web" "example" {
authentication_type = "ClientCertificate"
}
----
For https://azure.microsoft.com/en-us/services/api-management/[API Management]:
[source,terraform,diff-id=4,diff-type=compliant]
----
resource "azurerm_api_management" "example" {
sku_name = "Consumption_1"
client_certificate_mode = "Required"
}
----
For https://azure.microsoft.com/en-us/services/app-service/[App Service]:
[source,terraform,diff-id=5,diff-type=compliant]
----
resource "azurerm_app_service" "example" {
client_cert_enabled = true
}
----
== See
include::../common/resources/docs.adoc[]
include::../common/resources/articles.adoc[]
include::../common/resources/presentations.adoc[]
include::../common/resources/standards.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::message.adoc[]
include::highlighting.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink