Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(terraform): Ensure the default IP Restriction action for SCM is set to "Deny" #6115

Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

feat(terraform): Ensure the default IP Restriction action for SCM is set to "Deny" #6115

wants to merge 11 commits into from

Conversation

tdefise
Copy link
Contributor

@tdefise tdefise commented Mar 22, 2024
edited by baz-reviewer bot
Loading

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

Fixes #6114

New/Edited policies (Delete if not relevant)

Description

Check that ensure that the default IP Restriction action for SCM is set to "Deny"

Fix

Set "scm_ip_restriction_default_action" to "Deny"

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

Generated description

Dear maintainer, below is a concise technical summary of the changes proposed in this PR:

Implement a new check AppServiceIPResctrictionDefaultActionSCMDeny to ensure that the default IP restriction action for SCM in Azure App Services is set to 'Deny'. This check is integrated into the Checkov framework and applies to both azurerm_linux_web_app and azurerm_windows_web_app resources. The check inspects the site_config block for the scm_ip_restriction_default_action key. Additionally, test cases are added to verify the functionality of this check, ensuring it correctly identifies compliant and non-compliant configurations.

TopicDetails
SCM IP Restriction Implement a new check AppServiceIPResctrictionDefaultActionSCMDeny to ensure the default IP restriction action for SCM is set to 'Deny'.
Modified files (1)
  • checkov/terraform/checks/resource/azure/AppServiceIPResctrictionDefaultActionSCMDeny.py
Latest Contributors(0)
EmailCommitDate
Testing SCM Restriction Add test cases to verify the new check AppServiceIPResctrictionDefaultActionSCMDeny for Azure App Services.
Modified files (2)
  • tests/terraform/checks/resource/azure/test_AppServiceIPResctrictionDefaultActionSCMDeny.py
  • tests/terraform/checks/resource/azure/example_AppServiceIPResctrictionDefaultActionSCMDeny/main.tf
Latest Contributors(0)
EmailCommitDate
This pull request is reviewed by Baz. Join @tdefise and the rest of your team on (Baz).

@tdefise
Copy link
Contributor Author

tdefise commented Jun 13, 2024

Dear Checkov Team,

Would it be possible to have a status on this PR please?

Kind Regards,
Thomas

@achiar99
Copy link
Contributor

@tdefise Thanks for you contribution
Please fix the lint errors

@MaryArmaly
Copy link
Contributor

Hey @tdefise,
Is this PR still relevant? If yes, could you please fix the lint errors so we can proceed with it? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@achiar99 achiar99 achiar99 approved these changes

@itai1357 itai1357 itai1357 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Azure App Services - Ensure the default IP Restriction action for SCM is set to 'Deny'
4 participants
@tdefise @achiar99 @MaryArmaly @itai1357