Last active
March 1, 2022 07:35
-
-
Save youssef-chtourou/76f4ebc0a167fb9b3b635607f79e02df to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Result #1 MEDIUM App service does not have authentication enabled. | |
| ──────────────────────────────────────────────────────────────────────────────── | |
| main.tf Lines 21-27 | |
| ───────┬──────────────────────────────────────────────────────────────────────── | |
| 21 │ resource "azurerm_app_service" "webapp" { | |
| 22 │ name = var.website_name | |
| 23 │ location = data.azurerm_resource_group.rg.location | |
| 24 │ resource_group_name = data.azurerm_resource_group.rg.name | |
| 25 │ app_service_plan_id = azurerm_app_service_plan.appserviceplan.id | |
| 26 │ tags = var.tags | |
| 27 │ } | |
| ───────┴──────────────────────────────────────────────────────────────────────── | |
| ID azure-appservice-authentication-enabled | |
| Impact Anonymous HTTP requests will be accepted | |
| Resolution Enable authentication to prevent anonymous request being accepted | |
| More Information | |
| - https://aquasecurity.github.io/tfsec/v1.4.2/checks/azure/appservice/authentication-enabled/ | |
| - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#enabled | |
| ──────────────────────────────────────────────────────────────────────────────── | |
| Result #2 LOW App service does not have client certificates enabled. | |
| ──────────────────────────────────────────────────────────────────────────────── | |
| main.tf Lines 21-27 | |
| ───────┬──────────────────────────────────────────────────────────────────────── | |
| 21 │ resource "azurerm_app_service" "webapp" { | |
| 22 │ name = var.website_name | |
| 23 │ location = data.azurerm_resource_group.rg.location | |
| 24 │ resource_group_name = data.azurerm_resource_group.rg.name | |
| 25 │ app_service_plan_id = azurerm_app_service_plan.appserviceplan.id | |
| 26 │ tags = var.tags | |
| 27 │ } | |
| ───────┴──────────────────────────────────────────────────────────────────────── | |
| ID azure-appservice-require-client-cert | |
| Impact Mutual TLS is not being used | |
| Resolution Enable incoming certificates for clients | |
| More Information | |
| - https://aquasecurity.github.io/tfsec/v1.4.2/checks/azure/appservice/require-client-cert/ | |
| - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#client_cert_enabled | |
| ──────────────────────────────────────────────────────────────────────────────── | |
| Result #3 LOW App service does not have an identity type. | |
| ──────────────────────────────────────────────────────────────────────────────── | |
| main.tf Lines 21-27 | |
| ───────┬──────────────────────────────────────────────────────────────────────── | |
| 21 │ resource "azurerm_app_service" "webapp" { | |
| 22 │ name = var.website_name | |
| 23 │ location = data.azurerm_resource_group.rg.location | |
| 24 │ resource_group_name = data.azurerm_resource_group.rg.name | |
| 25 │ app_service_plan_id = azurerm_app_service_plan.appserviceplan.id | |
| 26 │ tags = var.tags | |
| 27 │ } | |
| ───────┴──────────────────────────────────────────────────────────────────────── | |
| ID azure-appservice-account-identity-registered | |
| Impact Interaction between services can't easily be achieved without username/password | |
| Resolution Register the app identity with AD | |
| More Information | |
| - https://aquasecurity.github.io/tfsec/v1.4.2/checks/azure/appservice/account-identity-registered/ | |
| - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#identity | |
| ──────────────────────────────────────────────────────────────────────────────── | |
| Result #4 LOW App service does not have HTTP/2 enabled. | |
| ──────────────────────────────────────────────────────────────────────────────── | |
| main.tf Lines 21-27 | |
| ───────┬──────────────────────────────────────────────────────────────────────── | |
| 21 │ resource "azurerm_app_service" "webapp" { | |
| 22 │ name = var.website_name | |
| 23 │ location = data.azurerm_resource_group.rg.location | |
| 24 │ resource_group_name = data.azurerm_resource_group.rg.name | |
| 25 │ app_service_plan_id = azurerm_app_service_plan.appserviceplan.id | |
| 26 │ tags = var.tags | |
| 27 │ } | |
| ───────┴──────────────────────────────────────────────────────────────────────── | |
| ID azure-appservice-enable-http2 | |
| Impact Outdated versions of HTTP has security vulnerabilities | |
| Resolution Use the latest version of HTTP | |
| More Information | |
| - https://aquasecurity.github.io/tfsec/v1.4.2/checks/azure/appservice/enable-http2/ | |
| - https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#http2_enabled | |
| ──────────────────────────────────────────────────────────────────────────────── | |
| results | |
| ────────────────────────────────────────── | |
| ignored 0 | |
| excluded 0 | |
| critical 0 | |
| high 0 | |
| medium 1 | |
| low 3 | |
| 4 potential problem(s) detected. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment