github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/rules/cloud/policies/azure/storage/enforce_https.go (about) 1 package storage 2 3 import ( 4 "github.com/khulnasoft-lab/defsec/internal/rules" 5 "github.com/khulnasoft-lab/defsec/pkg/providers" 6 "github.com/khulnasoft-lab/defsec/pkg/scan" 7 "github.com/khulnasoft-lab/defsec/pkg/severity" 8 "github.com/khulnasoft-lab/defsec/pkg/state" 9 ) 10 11 var CheckEnforceHttps = rules.Register( 12 scan.Rule{ 13 AVDID: "AVD-AZU-0008", 14 Provider: providers.AzureProvider, 15 Service: "storage", 16 ShortCode: "enforce-https", 17 Summary: "Storage accounts should be configured to only accept transfers that are over secure connections", 18 Impact: "Insecure transfer of data into secure accounts could be read if intercepted", 19 Resolution: "Only allow secure connection for transferring data into storage accounts", 20 Explanation: `You can configure your storage account to accept requests from secure connections only by setting the Secure transfer required property for the storage account. 21 22 When you require secure transfer, any requests originating from an insecure connection are rejected. 23 24 Microsoft recommends that you always require secure transfer for all of your storage accounts.`, 25 Links: []string{ 26 "https://docs.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer", 27 }, 28 Terraform: &scan.EngineMetadata{ 29 GoodExamples: terraformEnforceHttpsGoodExamples, 30 BadExamples: terraformEnforceHttpsBadExamples, 31 Links: terraformEnforceHttpsLinks, 32 RemediationMarkdown: terraformEnforceHttpsRemediationMarkdown, 33 }, 34 Severity: severity.High, 35 }, 36 func(s *state.State) (results scan.Results) { 37 for _, account := range s.Azure.Storage.Accounts { 38 if account.Metadata.IsUnmanaged() { 39 continue 40 } 41 if account.EnforceHTTPS.IsFalse() { 42 results.Add( 43 "Account does not enforce HTTPS.", 44 account.EnforceHTTPS, 45 ) 46 } else { 47 results.AddPassed(&account) 48 } 49 } 50 return 51 }, 52 )