Updates to Code #2
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -7,7 +7,7 @@ | |||
| public class DataAccess | |||
| { | |||
| private Dictionary<string, string> _users = new Dictionary<string, string>(); | |||
| private const string SqlConnectionString = "Server=localhost;Database=SecurityDb;User Id=sa;Password=MyP@ssw0rd!;"; | |||
| private const string SqlConnectionString = "Server=localhost;Database=SecurityDb;User Id=sa;Password=MyP@ssw0rd!2;"; | |||
Check failure
Code scanning / CodeQL
Hard-coded connection string with credentials
| resource "azurerm_function_app" "bad_example" { | ||
| name = "example-function-app" | ||
| location = azurerm_resource_group.example.location | ||
| resource_group_name = azurerm_resource_group.example.name | ||
| app_service_plan_id = azurerm_app_service_plan.example.id | ||
| } |
Check failure
Code scanning / defsec
Ensure the Function App can only be accessed via HTTPS. The default is false.
| resource "azurerm_app_service" "bad_example" { | ||
| name = "example-app-service" | ||
| location = azurerm_resource_group.example.location | ||
| resource_group_name = azurerm_resource_group.example.name | ||
| app_service_plan_id = azurerm_app_service_plan.example.id | ||
| } |
Check warning
Code scanning / defsec
App Service authentication is activated
| resource "azurerm_app_service" "bad_example" { | ||
| name = "example-app-service" | ||
| location = azurerm_resource_group.example.location | ||
| resource_group_name = azurerm_resource_group.example.name | ||
| app_service_plan_id = azurerm_app_service_plan.example.id | ||
| } |
Check notice
Code scanning / defsec
Web App has registration with AD enabled
| resource "azurerm_app_service" "bad_example" { | ||
| name = "example-app-service" | ||
| location = azurerm_resource_group.example.location | ||
| resource_group_name = azurerm_resource_group.example.name | ||
| app_service_plan_id = azurerm_app_service_plan.example.id | ||
| } |
Check notice
Code scanning / defsec
Web App uses the latest HTTP version
| resource "azurerm_app_service" "bad_example" { | ||
| name = "example-app-service" | ||
| location = azurerm_resource_group.example.location | ||
| resource_group_name = azurerm_resource_group.example.name | ||
| app_service_plan_id = azurerm_app_service_plan.example.id | ||
| } |
Check notice
Code scanning / defsec
Web App accepts incoming client certificate
| resource "azurerm_key_vault_secret" "example" { | ||
| name = "secret_password" | ||
| value = var.another_password | ||
| key_vault_id = azurerm_key_vault.bad_example.id | ||
| } |
Check notice
Code scanning / defsec
Key vault Secret should have a content type set
| resource "azurerm_key_vault_secret" "example" { | ||
| name = "secret_password" | ||
| value = var.another_password | ||
| key_vault_id = azurerm_key_vault.bad_example.id | ||
| } |
Check notice
Code scanning / defsec
Key Vault Secret should have an expiration date set
No description provided.