github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/appservice/use_secure_tls_policy.go (about) 1 package appservice 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckUseSecureTlsPolicy = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-AZU-0006", 14 Provider: providers.AzureProvider, 15 Service: "appservice", 16 ShortCode: "use-secure-tls-policy", 17 Summary: "Web App uses latest TLS version", 18 Impact: "The minimum TLS version for apps should be TLS1_2", 19 Resolution: "The TLS version being outdated and has known vulnerabilities", 20 Explanation: `Use a more recent TLS/SSL policy for the App Service`, 21 Links: []string{}, 22 Terraform: &scan.EngineMetadata{ 23 GoodExamples: terraformUseSecureTlsPolicyGoodExamples, 24 BadExamples: terraformUseSecureTlsPolicyBadExamples, 25 Links: terraformUseSecureTlsPolicyLinks, 26 RemediationMarkdown: terraformUseSecureTlsPolicyRemediationMarkdown, 27 }, 28 Severity: severity.High, 29 }, 30 func(s *state.State) (results scan.Results) { 31 for _, service := range s.Azure.AppService.Services { 32 if service.Metadata.IsUnmanaged() { 33 continue 34 } 35 if service.Site.MinimumTLSVersion.NotEqualTo("1.2") { 36 results.Add( 37 "App service does not require a secure TLS version.", 38 service.Site.MinimumTLSVersion, 39 ) 40 } else { 41 results.AddPassed(&service) 42 } 43 } 44 return 45 }, 46 )